America’s Favorite Photos
Rekindling America’s Appreciation of Photography
GDPR
Socialmark, LLC and America's Favorite Photos™ (referred to as "the Company") operates in the United States and is committed to protecting the privacy and personal data of those individuals in the European Union and United Kingdom ("Data Subjects") in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy outlines the procedures and practices implemented by the Company to ensure compliance with the GDPR when collecting, processing, storing, and transferring personal data.

DATA COLLECTION AND PROCESSING

1.1. Lawful Basis: The Company will only collect and process personal data when there is a lawful basis for doing so, such as the necessity to fulfill a contract, compliance with legal obligations, legitimate interests pursued by the Company, or obtaining explicit consent from the Data Subject.

1.2. Data Minimization: The Company will only collect and process personal data that is necessary for the specified purpose and will ensure that the data collected is relevant, adequate, and limited to what is necessary.

1.3. Data Accuracy: The Company will take reasonable steps to ensure that personal data is accurate, complete, and up-to-date. Data Subjects have the right to request the rectification of their personal data if it is inaccurate or incomplete.

1.4. Consent: When relying on consent as a lawful basis for processing personal data, the Company will obtain explicit and freely given consent from the Data Subject, and the purpose and scope of data processing will be clearly communicated.

RIGHTS OF DATA SUBJECTS

2.1. Right to Information: The Company will provide Data Subjects with clear and transparent information regarding the processing of their personal data, including the purposes of processing, the legal basis, data retention periods, and their rights under the GDPR.

2.2. Right to Access: Data Subjects have the right to request access to their personal data held by the Company. The Company will respond to such requests within the timeframe specified by the GDPR and provide the requested information in a structured, commonly used, and machine-readable format.

2.3. Right to Rectification: Data Subjects have the right to request the rectification of their personal data if it is inaccurate or incomplete. The Company will promptly process such requests and ensure the accuracy of the data.

2.4. Right to Erasure: Data Subjects have the right to request the erasure of their personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or if the data processing is based on consent and the Data Subject withdraws their consent.

2.5. Right to Restriction of Processing: Data Subjects have the right to request the restriction of processing of their personal data in specific situations, as outlined in the GDPR. The Company will respect and implement such restrictions as required.

2.6. Right to Data Portability: If the processing of personal data is based on consent or the performance of a contract, Data Subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and transmit it to another data controller.

2.7. Right to Object: Data Subjects have the right to object to the processing of their personal data in certain circumstances, including direct marketing activities. The Company will cease processing personal data unless there are compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the Data Subject.

2.8. Automated Decision-Making: The Company will not make decisions based solely on automated processing, including profiling, that significantly affects Data Subjects unless it is necessary for entering into or performing a contract, authorized by law, or based on the explicit consent of the Data Subject.

DATA SECURITY AND RETENTION

3.1. Data Security: The Company will implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures will be regularly reviewed and updated to ensure the ongoing security of personal data.

3.2. Data Retention: Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law. The Company will establish and adhere to data retention policies to ensure compliance with the GDPR's principles.

DATA TRANSFERS

4.1. International Transfers: If personal data is transferred outside the European Economic Area (EEA), the Company will ensure that adequate safeguards are in place, such as using standard contractual clauses, obtaining Data Subjects' explicit consent, or relying on other lawful transfer mechanisms as recognized by the GDPR.

DATA BREACH NOTIFICATION

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of Data Subjects, the Company will promptly assess the breach, take appropriate actions to mitigate the impact, and, if required by the GDPR, notify the relevant supervisory authority and affected Data Subjects.

COMPLIANCE AND ACCOUNTABILITY

The Company will maintain records of its data processing activities and implement appropriate policies, procedures, and documentation to demonstrate compliance with the GDPR. The Company will regularly review and update this policy to ensure ongoing compliance with applicable data protection laws.

If you have any questions or concerns regarding this GDPR Policy, please contact [email protected].

By using the Company's services or providing personal data to the Company, you acknowledge that you have read, understood, and agreed to comply with this GDPR Policy. The Company reserves the right to modify or update this policy at any time without prior notice. It is your responsibility to review this policy periodically for any changes.

Updated February 20, 2023