At Digital Photo Gallery we are committed to our users’ rights to privacy and work hard to protect your personal information. We do not sell your data or use it for advertising. With your consent, we use your personal information primarily in order to provide you with our services.
Last updated: 25th May 2018.
This policy may be updated in the future and you are advised to consult this page regularly. In the event that this policy changes in a way that significantly alters your rights or our responsibilities, we will make reasonable efforts to notify you of this change via email or notification when you log in to your account.
“DPG”, “the service”, “we”, “us” and “our” refers to Digital Photo Gallery Limited and the services we provide at digitalphotogallery.com.
“User” refers to registered customers of our service, both free and paid.
“Visitor” refers to non-registered visitors to the public areas of our sites.
How do we collect information?
For the purpose of this policy, personal information means any information relating to an identifiable individual.
We collect personal information when you create your account, when you update your account settings, while you use our service and when you interact with us directly via email or Slack support.
We also automatically collect user and visitor data from our sites to help us improve our service, troubleshoot bugs, implement new features and optimise our user experience.
What information do we collect?
We collect several different types of information from users and visitors of DPG.
Personal Information provided by you
Name and contact data
When you express an interest in DPG by signing up for an invite, in order to get in touch with you we collect your contact details and optional comments about your potential use of the service.
When you create an account with DPG you are asked to provide information and contact details such as your name, address and email. We securely store an encrypted hash of your password for account access and authorisation.
When you upgrade your account to a paid one or purchase any additional services from DPG we collect information relating to your payments such as your PayPal email, invoicing details and tax numbers.
Automatically collected data
When you log in to the DPG Admin we collect certain technical information from your device such as the type of device, operating system, platform, browser version, screen resolution and IP address.
We log actions you take while you are using the service, such as pages visited within DPG, dates and times and actions performed.
Data relating to users-of-our-users
We store some data collected by our users in the process of running their sites using our service. This includes logins for password protected sites, information submitted via contact forms and ecommerce data.
A DPG user may collect, store or upload data of their own users or visitors into our service. Each user is responsible for providing their own notice of terms regarding how this data is used.
How do we use your personal information?
On signing up to Digital Photo Gallery, we ask for information such as your name and contact information. We use this information to create your account and provide you with our services.
When you contact DPG support, we use your personal information in the process of helping with any enquiries, debugging and troubleshooting.
We will contact you about essential information regarding your account or important updates to our services. This includes notifications of your account limits, urgent security issues, payment problems, known bugs or errors which may affect your account or your use of the service.
We may also contact you regarding intellectual property infringement or any other violations relating to your use of the service or uploaded data.
DPG does not collect, store, or share your information for the purposes of marketing and promotion without your explicit consent via an opt-in subscription to promotional communications.
We use aggregated and anonymised data including usage trends and analytics to improve our service and develop new features, services and functionalities.
Compliance with laws and law enforcement
We may disclose any information about you if it is deemed necessary in order to comply with reasonable requests by government, law enforcement officials or court order.
How do we protect your information?
We use appropriate tools available to us to keep your personal data secure and protect it from misuse and unauthorised access. Your data is only accessible to DPG staff who need access to the information in order to fulfil their duties in running the service or providing customer support. DPG follows industry standard security measures such as SSL across the service, encryption where possible and the option to use two-factor authentication on your account. We use a number of popular security tools to audit our code and subscribe to a regular security patch schedule for all software.
Unfortunately, no information transmitted via the internet is without a risk. We remind you to always keep your login credential safe, always use a strong unique password which you keep confidential and consider using two factor authentication wherever possible.
We will do everything in our power to prevent unauthorised access to your account but we can not guarantee the security of your data and the use of the service is at your own risk.
In the case of breaches of security, we will inform you of this within 72 hours of us becoming aware of the incident.
Third-party service providers
In the everyday running of our service, we use a number of separate outside companies and services as sub-processors. These have their own Terms and Privacy Policies with which you can familiarise yourself on their sites.
- Cloudflare (CDN)
- Linode (CDN)
- Amazon Web Services (CDN)
- Stripe (Payments)
- PayPal (Payments)
- Skylight (Debugging)
- Sentry (Debugging)
- Enchant (Support/Communications)
- Slack (Support/Communications)
- Google Analytics (Analytics)
- Xero (Accounting)
- Bainbridge Lewis (Accounting)
International transfers of data
To provide the best and most optimised service to our users, DPG uses a variety of servers worldwide. The means that in some cases the personal data we collect from you might be transferred outside the European Economic Area ("EEA”), including to the United States or other countries worldwide. These countries may not have the same data protection laws as those within the EEA, however we are obliged to protect your data to the standards described in this policy.
All data transmitted to the US is certified as compliant to the EU-US Privacy Shield as set forth by the U.S. Department of Commerce.
We retain your personal data for the duration of the time you have an account open with DPG. We will retain financial data such as invoices for at least 7 years from the date of issue to comply with our tax, accounting and financial reporting obligations.
The Service is not directed at and does not knowingly collect personal information from children under 16. If you are a parent or guardian of a child that has been found to be using our service, please contact us and we will remove their information from our records.
You have the rights over your personal information.
If you would like to review the data that we have collected for you please contact us at firstname.lastname@example.org.
You have the right to withdraw your consent to the use of your personal information by requesting that we delete all of your data.
As some of the data is essential in order for us to be able to fulfil our services, if you do not provide the required information, we may not be able to provide the service to you.
If you have any questions or concerns regarding this policy or how we handle your data please contact us using this address: email@example.com