Privacy policy
(Brandlift Inc. Updated: 01.07.2021)1. Data controller and the controller’s contact details
Brandlift Inc.Registered seat: 5967 W. 3RD STR. # 201., Los Angeles, CA 90036, USA E-mail address:
[email protected]Electronic submission form: (hereinafter Brandlift)
2. Collected personal data
2.1
While browsing the website https://www.picroc.com (“Website”), the following data are recorded by the webserver:- the IP address of the visitor's computer
- the domain name used by the visitor to access while browsing
- the screen resolution applied by the visitor
- the pages visited
- start and end dates of the visit
- browser language
- in some cases, depending on the settings of the visitor's computer, the type of browser and the operating system
This information is automatically logged by our system. The purpose of data management: compile anonymous visit statistics.
Without recording the above data, the website cannot be visited.
2.2
Further information you have to provide when submitting an order:- your address
- your phone number (which can be disclosed to the shipping company for delivery notifications; shipping company depends on your location)
Legal basis for data management: creation, modification and termination of the contract The purpose of data management: creation, modification and termination of the contract, to identify the person entitled to receive the photo books and to contact him/her regarding the fulfilment of the service, notifying you about changes to our terms or privacy policy.
2.3
Images uploaded by the user to order a photo book.You must upload a photo to make a photo book. Your photos will be disclosed to Peecho printing company for the purpose of the fulfilment of the contract. Legal basis for data management: fulfilment of the contract The purpose of data management: to deliver the completed photo books. The data manager makes changes to the uploaded images only with the image enhancement function used by the user.
2.4
Payment and delivery:- your payment details, such as your billing information
- delivery address
- based on your consent, we may store your location data, which we use to estimate delivery times
Legal basis for data management: fulfilment of the contract and our legitimate interests (to recover debts due to us).
The purpose of data management:
- to invoice the service fee, control on payment of the service fee and other related costs (e.g. delivery cost)
- to keep you informed on the progress of your order and dispatch information
- to identify the person entitled to receive the photo books and to contact him/her regarding the fulfilment of the service and delivery of the photo book
We do not store your full credit card information.
2.5.
Complaint handling- email address
Legal basis for data management: fulfilment of the contract.
The purpose of data management: performance of the contract, legitimate interest of the data controller.
The purpose of data management: informing customers, handling complaints, using them as evidence in case of legal disputes.
3. How long will Brandlift store my personal data?
Your personal data and image files will be stored only as long as necessary to fulfil the purposes we collected it for and specified in this privacy policy, including for the purposes of satisfying any legal, accounting, or reporting requirements.
You have the option to upload the Images from various internet services, such as Dropbox, Google Photos, Facebook, Instagram. When you upload images from any of these services, Brandlift does not receive any login data associated with these services or access to any other data you have uploaded in the service.
Our software has access only to data and images you have shared or that which you have posted in your public profile. We ask you to read the privacy policies of the services you use.
Your image files will be automatically removed from our system within the following period:
- in case of images uploaded from Dropbox: 8 weeks after last edit
- in case of images uploaded from Google Photos: 8 weeks after last edit
- in case of images uploaded from Facebook: 8 weeks after last edit
- in case of images uploaded from Instagram: 8 weeks after last edit
- in case of images uploaded from a device (e.g. camera, phone or computer): 7 months after last edit
- multiple sources, excluding photos uploaded from a device: deleted 8 weeks after last edit
- multiple sources, including photos uploaded from a device: deleted 7 months after last edit
However, we may store some of your data for a longer period of time to fulfil certain statutory obligations (such as documents supporting the accounting) and to demonstrate that we have appropriately fulfilled our obligations. Data that is included in purchased orders are kept indefinitely to be able to maintain the Service in case of re-orders. All users are entitled to request the deletion of their data any time by sending such a request to
[email protected].
4. Your data protection rights
You have rights under data protection law (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR) in relation to your personal data:
- right to information and data processed (right of access by the data subject, Article 15 GDPR)
- right for rectification of inaccurate data or to supplement incomplete data (right to rectification, Article 16 GDPR)
- right to request the erasure of personal data or, where personal data have been disclosed, the right to inform other controllers of the request for erasure (right of erasure - “right to be forgotten”, Article 17 GDPR)
- right to request a restriction on data processing (right to restrict data processing, Article 18 GDPR)
- right of the data subject to receive personal data concerning him or her in a structured, commonly used machine-readable format and to request that such data be transmit to another controller (right to data portability, Article 20 GDPR)
- right to object to the processing in order to stop the processing (right to object, Article 21 GDPR)
- right to revoke your consent at any time in order to stop the processing of data with your consent. Withdrawal of consent does not affect the lawfulness of data processing prior to withdrawal (right to withdraw consent, Article 7 GDPR)
If you wish to exercise your rights under the GDPR, you may contact Brandlift as Data Controller at any time at the contact details above. Please notify us, in writing, that you wish to prohibit us from continuing to process your personal data, with the reservation that we will retain the right to process personal data to the extent necessary (e.g. for invoicing purposes). You will not have to pay a fee to access your personal data.
5. Disclosures of your personal data
Brandlift’s internal staff will have access to your personal data but our staff is trained as it is required by the data protection law. We may have to transmit your personal data with third parties set out below for the purposes set out in this privacy policy. These third parties are contractually bound to the requirements specified in the applicable data protection laws.
External Third Parties such as the following:
- printing company: we share your images to the assigned printing company for the purpose of the fulfilment of the contract
- delivery service provider: we transfer relevant data to assigned shipping company for the purpose of delivery of the Product
- service providers acting as processors based in the EU/US who provide IT and system administration services
- professional advisers acting as processors or joint controllers including lawyers and auditors who provide consultancy, legal and accounting services
- companies to provide customer and marketing services on our behalf
- our electronic payment process is handled by a certified payment service provider, Stripe.com. Your payment details are transmitted directly to this company, which will store your personal data for a short period of time for processing your payment and any reimbursement you might require
We will ensure an adequate level of protection by following the instructions specified in the applicable law and by concluding GDPR-compliant agreements with our suppliers. We require all third parties to respect the security of your personal data and to treat it in accordance with the applicable law. We do not allow our third-party service providers to use your personal data for their own purposes.
6. Data security measures
We store your personal data on dedicated servers installed in a server room in the EU/EEA. Brandlift as data manager uses encryption, password protection, firewalls for data security. The Data Controller may waive this if it can prove that the incident is not likely to be a risk to the data subject to data management.
7. Change of the privacy policy
We reserve the right to revise this privacy policy. We will notify you of any material changes to our privacy policy whenever we update their terms and conditions. This privacy policy supersedes our previous Privacy Policy.
8. Contact data
If you have any questions about this privacy policy, please contact us via e-mail, address:
[email protected]or mail, address:
Brandlift Inc.Registered seat: 5967 W. 3RD STR. # 201., Los Angeles, CA 90036, USA
E-mail address:
[email protected]