EU Data Protection Compliance

When you use our service you entrust us with your valuable information.We have made it a priority to protect your data and to provide you with choices about controlling it.We understand that there are particular concerns from companies in the EU about how we use and protect yourdata, so we put this page together as a guide to answer some of the most common questions you may have.

Security and Privacy at PhotoGov.net

Commitment to Data Protection

At PhotoGov.net, safeguarding your privacy and securing your personal data is our top priority.We are committed to implementing robust security measures and maintainingtransparency in our data processing practices.

Our Security Measures

We employ a comprehensive array of security technologies and procedures to help protect yourpersonal information from unauthorized access, use, or disclosure. This includes:

Data Encryption: We use strong encryption for data transmission and storage to ensure that your personal information is protected.
Access Control: Access to personal data is strictly limited to authorized personnel who are required to keep the information confidential.
Regular Audits: Our security systems and processes are regularly reviewed and updated to tackle evolving threats and vulnerabilities.
Incident Response: We have established procedures for responding to security incidents, ensuring timely and appropriate action.

EU General Data Protection Regulation (GDPR)

Understanding GDPR

The General Data Protection Regulation (GDPR), enacted by the European Commission in 2016,represents a significant overhaul of data protection regulations across the EU. This regulation,which replaced the previous Data Protection Directive and member state laws, has been enforceable since May 25, 2018.

The Significance of GDPR

GDPR introduces stringent new requirements for how organizations must handle individuals' data.It emphasizes transparency, security, and accountability by organizations, while also providing individualswith significant rights over their personal data. The regulation enhances the penalties for non-compliance,making it imperative for companies to adhere to its standards.

PhotoGov.net's Approach to GDPR Compliance

Commitment to Data Privacy and Security At PhotoGov.net, we take our responsibility to protect your data seriously.Our teams dedicated to compliance, data protection, and information security have been working diligently to ensurethat our services are fully aligned with GDPR requirements. As a Data Processor, we handle your customer and end-userinformation according to the strict guidelines set out by GDPR.

Here are the steps we have taken to ensure compliance:

Data Processing Agreement (DPA): We offer a GDPR-compliant DPA that outlines how we process and protect your data.
Technical and Organizational Measures: We have implemented comprehensive security measures to safeguard your data. Details of these measures can be found in our security documentation.
Sub-processor Transparency: We maintain a list of our sub-processors and provide you with the opportunity to object to new ones.
Employee Confidentiality: We ensure that all our employees are committed to maintaining the confidentiality and security of your information.
Data Subject Requests: We have established procedures to help you respond to requests from your customers or end users for access, amendment, or deletion of their personal data.
Data Breach Notification: In the unlikely event of a data breach, we are prepared to inform you without undue delay.
Data Retention and Deletion: Upon the termination of our services, we will delete your customer/end-user information upon your request.

Data Processing Addendum

International Data Transfers

In compliance with GDPR's provisions on international data transfers, we have developed astandard DPA that includes the updated Standard Contractual Clauses (SCCs) for data transfers outside the EU.This ensures that your data remains protected according to EU standards, regardless of where it is processed.

DPA Standard Terms and Conditions

To ensure consistency and GDPR compliance, PhotoGov.net strictly adheres to our standard DPAterms and conditions, which reflect the requirements of the GDPR and include updated StandardContractual Clauses (SCC). We cannot accept custom DPAs or agree to any inconsistent or additional termsbeyond what is reflected in our standard DPAs.

List of sub-processors

Specific Sub-processors and Their Security Levels

HETZNER: Our sub-processor Hetzner is certified according to DIN ISO/IEC 27001, ensuring top-level information security. Their data centers are equipped with video-monitored high-security perimeter fencing, electronic access control terminals, and comprehensive security measures to protect data integrity and confidentiality. More about Hetzner's Certification.
DIGITAL OCEAN: Digital Ocean provides a secure hosting environment, implementing robust security measures to protect customer data and ensure compliance with industry standards. Their data centers offer high levels of security for data and applications, with features designed to ensure the safety and privacy of user information. More about Digital Ocean's Security.

Cross-Border Data Transfers

We ensure all cross-border data transfers comply with GDPR and other applicable laws,using approved mechanisms such as Standard Contractual Clauses (SCCs).

Your Rights and Choices

We respect your data rights, offering mechanisms to access, correct, or delete your personal data and manage consent.

Contact Us

For any inquiries regarding our data protection practices, please contact our Data Protection Officer at info@photogov.com.