Photomyne is committed to and compliant with the EU GDPR

Below we detail Photomyne’s updated compliance with the 2018 EU GDPR regulations regarding data privacy

🇺🇸 English drop_down

The basis on which any personal data we collect from you (as a EU resident), or that you provide to us, will be processed by us on a lawful basis set forth in this GDPR Information Page, our Privacy Policy https://photomyne.com/privacy-policy-full, and in our Terms of Use (https://photomyne.com/terms-of-use).

Please read the following carefully to understand our views and practices regarding your personal data and how we will collect and use it.

IMPORTANT: BY USING THE SERVICES, YOU GIVE YOUR CONSENT THAT ALL PERSONALLY IDENTIFIABLE INFORMATION ("PERSONAL DATA") THAT YOU SUBMIT OR THAT IS COLLECTED THROUGH THE SERVICES, INCLUDING ANY PERSONAL DATA RELATING TO YOUR CHILDREN, MAY BE PROCESSED BY THE COMPANY IN THE MANNER AND FOR THE PURPOSES DESCRIBED IN THIS GDPR INFORMATION PAGE AND IN THE PRIVACY POLICY.

IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS SET FORTH HEREIN, PLEASE DO NOT USE THE SERVICES.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new and important EU legislation designed to make data protection laws clearer and more accessible to all individuals within the European Union. This new regulation was approved and adopted in 2016 and is enforceable as of May 25, 2018.

The main goal of the GDPR is to standardize and regulate the handling of Personal Data about individuals in the EU, including its collection, storage, transfer or use by companies and third parties. Under the GDPR, “Personal Data” refers to any information relating to an identified or identifiable individual (“data subject”), including, name, address, phone number, email address, government-issued identifier, credit card information, unique identifier, biometric information, photos, videos, location information, device ID or IP address, or any other combination of these.

The GDPR gives individuals (legally titled “data subjects”) more rights and control over their Personal Data on one hand, and considerably increases the legal obligations of companies processing such data, on the other hand. Under the GDPR, “processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Photomyne is committed to the new GDPR laws. Below we explain in plain language what information we collect about our users, how this information is used and what are your rights.

Please note: The content of this page may change from time to time. We encourage you to revisit this page periodically to stay updated with the most recent adjustments to Photomyne’s GDPR compliance.

More data subject rights

Data subjects now have the right to receive “fair and transparent” information about the processing of their Personal Data. Additionally, data subjects now have the right to be forgotten (Data Erasure), the right to request that any complete or correct data (Data Rectification) and the right to request a copy of any Personal Data stored in their regard (Data Portability). See below the explanation on your Rights with regard to your use of Photomyne.

One of the fundamental aspects of the GDPR is stricter consent requirements meaning that companies and organizations must obtain data subject’s specific and "active" consent to distinct purposes.

In any event of violation of data subject’s rights, he or she has the right to lodge a complaint with a supervise authority. If you're based in the European Economic Area and think that we haven't complied with the GDPR, you have a right to lodge a complaint with the Data Protection Commission with your local supervisory authority.

Data breach security and notification

Under GDPR, companies must report data breaches to data protection authorities within 72 hours of “first having become aware of the breach.” Companies classified as Data Processors will be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.

GDPR compliance requirements

The GDPR requires companies and organizations to implement relevant policies and security protocols, including codes of conduct, perform privacy impact evaluations, have and maintain detailed records on data activities, and enter into written agreements with vendors or any third party that comes in contact with Personal Data.

Profiling and monitoring requirements (new)

Under the GDPR legislation, companies and organizations must meet additional requirements if they are involved in profiling or monitoring behavior of EU individuals. Data subjects have the right not to be subject to a decision-based solely on automated processing, including profiling.

Greater enforcement and liability

The GDPR allows authorities to fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, depending on the gravity of the breach and damages incurred.

What if you’re not a resident of the EU?

This is still information you should be aware of and understand. The new GDPR legislation applies to any organization that collects and/or uses Personal Data of individuals in the European Union. This includes tracking individuals’ online activities regardless of whether the organization has a physical presence in the EU.

Data transfer outside the EU

The GDPR requires that transfer of Personal Data outside the EU should not undermine the level of protection of data subjects’ rights. Therefore, controllers and processors must comply with GDPR terms and conditions while doing so, including by making data transfers on a lawful mechanism of data transfer or to an adequate jurisdiction as determined by the EU competent authorities.

For more information on these new changes and what they include, please visit the EU GDPR official page.

Transfers of Your Personal Data to Other Countries

Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers, of which the main ones are listed below.

Please be aware that your Personal Data will be transferred to, processed, and stored in the United States. Data protection laws in the U.S. may be different from those in your country of residence.

By using our Apps and Services, you consent to your Personal Data being transferred to the U.S. or other countries (as detailed below), including countries that have different data protection rules than your country. If you do not agree to such transfer please stop using our Apps and Services and follow the actions described under the “Steps to exercise your Right to be Forgotten by Photomyne” Section below. If you have any questions please contact us in accordance with the “Contact us” Section below.

Third parties associated with the Photomyne Service

The following is a list of third party providers Photomyne uses to make it possible to offer you our product and the Services. The table mentions whether each third party has a Data Protection Agreement (DPA) with Photomyne.

Third Party Company Has DPA with Photomyne? Third Party GDPR Information Transfer to US/Other Countries Outside EEA
Google (BigQuery / Firebase / Google Analytics / Google Ads) Yes Link Yes
Amazon AWS (servers and photo backup) Yes Link Yes
AppsFlyer (Mobile marketing Yes Link Yes
Facebook Has GDPR compliant representation Link Yes
Datorama- Salesforce Yes Link Yes
BlueSnap Yes Link Yes
Intercom Yes Link Yes
Calendly Yes Link Yes
Zoom Yes Link Yes
Typeform Yes Link Yes
ByteDance / TIKTOK PTE. LTD. Yes Link Yes

Right to be Forgotten

According to Art. 17 of the GDPR, data subjects in the EU have a right to erasure (‘right to be forgotten’). This means you have the right to obtain from the controller (in this case Photomyne is the controller) the prompt erasure of your associated Personal Data. Should you decide to exercise this right with regard to your use of Photomyne, we will be obligated to erase your Personal Data without undue delay.

Please keep in mind that once you request to exercise your Right to be Forgotten with regard to your use of Photomyne, any deleted content and/or information will not be retrievable.

Steps to exercise your Right to be Forgotten by Photomyne:

  1. Contact us using the Photomyne app: Open the app’s side-menu and select Help & Support. Next, select Contact us for support.
  2. In your message, please mention “Right to be Forgotten” in the message’s subject field.
  3. We will then confirm the receipt of your message, and may ask follow-up questions for verification.
  4. Photomyne will delete ALL of your information, content and data, internally.
  5. We will then make a formal request from our associated third party providers to delete and confirm the deletion of the relevant information.
  6. We will update you on the progress of Step #5.
  7. We will confirm via email that your data has been successfully deleted by Photomyne AND by our third party providers.
  8. We will ask you to delete the Photomyne app from any or all devices, in order to complete the erasure.

Right to Rectification

According to Art. 16 of the GDPR, EU data subjects have the right to rectification of any inaccurate Personal Data. This means you may request to correct, amend or delete information we hold about you.

Steps to exercise your right to update, complete or amend your Personal Data (Data Rectification):

  1. Contact us using the Photomyne app: Open the app’s side-menu and select Help & Support. Next, select Contact us for support.
  2. In your message, please mention “Right to amend my Data” in the message’s subject field.
  3. We will then confirm the receipt of your message and may ask follow-up questions for verification.
  4. Photomyne will amend or alter your information according to your request and instructions.
  5. We will then make a formal request from our associated third-party providers to do so as well and to amend or alter your information accordingly.
  6. We will update you on the progress of Steps #4 and #5.
  7. We will confirm via email that your data has been successfully amended by Photomyne AND by our third party providers.

Right to Data Portability

According to Art. 20 of the GDPR, EU data subjects have the Right to Data Portability. This means you have the right to request a copy of any Personal Data stored in your regard by Photomyne. This is assuming you haven’t yet exercised your Right to be Forgotten. See below the steps to achieve that.

Steps to exercise your right to get a copy of your Personal Data (Data Portability):

  1. Contact us using the Photomyne app: Open the app’s side-menu and select Help & Support. Next, select Contact us for support.
  2. In your message, please mention “Right to a Copy of My Data” in the message’s subject field.
  3. We will then confirm the receipt of your message, and may ask follow-up questions for verification.
  4. Photomyne will assemble ALL of your information, content and data, internally.
  5. We will then make a formal request from our associated third party providers to send us or allow us to view your relevant information.
  6. We will update you on the progress of Step #5.
  7. We will confirm via email that your data has been successfully gathered by Photomyne AND by our third party providers, and we will then send you your files via email.

Contact us

If you have any questions or concerns regarding how we use your information, please contact us at support@photomyne.com and mention “GDPR” in your message’s subject line.

Last updated on August 10, 2020
Asset 24
by Photomyne
Download
Asset 83
daily nostalgia bits logo

Step into our time machine

Fill your future with a vintage look at the past. Get the daily email on everything old-school.
See a live example here

* Currently offered only in English