CUSTOMER POLICY B2C/B2B

Updated on February 18, 2026

 

Information regarding the processing of personal data

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

on the protection of natural persons with regard to the processing of personal data (hereinafter “GDPR”)

 

PhotoSì S.p.A Unipersonale (hereinafter “PhotoSì”), represented by its legal representative pro-tempore, in its capacity as Data Controller of the personal data collected directly from the data subject, considers privacy and the protection of personal data as fundamental and invites its users to read this Policy carefully, which contains important information on Data Processing (hereinafter “Policy”).

 

In any event, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be safeguarded by implementing all necessary technical and organisational measures to ensure their security.

This Policy:

- applies to the sites https://www.photosi.com and https://www.albumepoca.com (hereinafter “Site”);
- is understood to be provided for the mobile Application called “PhotoSì” (hereinafter “App”);
- applies to all PhotoSì software, including applications for over-the-counter orders (POS, PRS, EasyPrint) or in-store orders with retail accounts (PhotoSì Retail Solution, EasyPrint and PhotoSì Order Station);
- constitutes an integral part of the Site, App and services provided by PhotoSì;
- is provided in accordance with the General Conditions of Sale and Terms of Use;
- is provided pursuant to Article 13 of the Regulation, to those who interact with the web services of the Site, App and Data Controller, both simply during browsing and during the use of specific services made available by means of the Site and App.

 

A) Data Controller’s identity and contact details

PhotoSì S.p.A

Registered office at via Carpegna n. 22,

Riccione (47838 - RN)

Tax Code and VAT No 03550860401

Tel. +39 (0)541/609903 – privacy@photosi.com.

The Data Protection Officer (DPO) can be reached at the following email address: dpo@photosi.com.

 

B) What data we collect and how

Data provided voluntarily by the data subject

During your use of the Site and App, we may ask you to provide us with certain personal data or personal information that can be used to identify you, for example, through an e-mail or online form, through the support function built into the App and our Services or through another form of request.

This information may include your first name, surname, address, e-mail and telephone number, or also for services dedicated to professionals, type of client (e.g. Photographer, Shop), type of services offered, company name, e-mail and telephone number. In addition, we will process the data you provide for the execution of product orders (e.g. images, any text inserted into the product, references to photos, product options).

Specific summary information may be made available on pages of the Site or App, prepared for particular services upon request.

Data collected automatically

For the purpose of making the services offered work, the Application and the Software mentioned above, when used normally, will automatically collect some data regarding the user, that is to say data that is transmitted implicitly when using Internet communication protocols and mobile networks (log files), data relating to the operating system and IT environment (IP addresses or domain names, URI - Uniform Resource Identifier), technical data relating to requests (time, method, size, status, outcome, etc.).

Some information is necessary for the provision of services linked to the Site and App and failure to collect it may mean we will be unable to provide the aforementioned services, or may result in the Site and App working only partially. Optional information does not affect how services work and the user is free to manage it.

Please refer to the specific information available online about data collected automatically by means of systems that memorise text and information files, Cookies or SDKs (Software Development Kits), for example.

Geolocation data

Subject to your explicit consent, the App may collect data on your geographical location (geolocation data) on a non-continuous basis in order to provide the services you have requested. You can enable or disable the collection of such data at any time via the settings on your mobile device.

 

C) Use of the Photo Editor and Remote Data Management

Data processed by the Editor

Primarily, in providing the photo editing service, the application uses advanced storage technology on servers provided by the Data Controller.

This data includes, but is not limited to: the images uploaded by the user, the textual content entered, the graphic processing and modifications carried out, the layouts selected, the product settings and options chosen, as well as any other element that contributes to realising the requested print or creative project.

If the user chooses to save a photographic project, the Data Controller will process all the data that make up the project.

Processing purpose

The processing of the aforementioned data is aimed at producing the requested product, enabling the user to save the projects being edited, to suspend and resume editing activities at later times on the same work environment, and to store the projects for possible subsequent modification, reprinting or re-use, according to the functionalities provided by the service.

Legal basis

The processing is necessary for the performance of a service explicitly requested by the user within the framework of the pre-contractual or contractual relationship in place. The legal basis is therefore the performance of a contract to which the data subject is a party or the performance of pre-contractual measures taken at the request of the data subject, pursuant to Article 6 (1)(b) GDPR.

Storage period

Data relating to photo services is stored according to the editor used by the systems for a variable period of minimum 14 days and maximum 400 days from the acquisition or last saving by the user, in accordance with the retention time table.

After this period has elapsed, or in the event of a request for early deletion by the user, the data will be irreversibly deleted or anonymised, in accordance with the principle of limitation of storage under Article 5 (1)(e) GDPR.

 

Security and Rights

Saved projects are protected by appropriate technical and organisational security measures to ensure their confidentiality and integrity. Users retain full control over their projects and can view, edit or delete them at any time via their personal account.

 

D) Using the photo editor and handling anonymous projects and technical IDs (GUID)

When using the Editor for photo and design personalisation, projects can initially be worked on anonymously and the user does not need to log in. During this phase, when navigating and interacting with the Editor, no kind of personal identifier is saved on our systems or on the user’s browser. The globally unique identifier (GUID) is saved when the user clicks on “Add to cart”.

Data processed without logging in

The GUID is an anonymous technical identifier that is automatically generated and saved in a functional cookie. The user cannot be directly identified by this ID, nor does it contain any personal data.

Processing purpose

Using the GUID identification system makes it possible to temporarily link an anonymous project to a user’s browser to allow the project to be recovered and then relinked to the user’s account if they log in within 7 days.

Legal basis

Use of a GUID is justified as it is necessary to provide the service the user has requested (Article 6 (1)(b) GDPR) and does not require specific consent as it involves a technical activity.

Security and limitations

The system is valid for 7 days, expires automatically or can be deleted by the user. Anonymous projects and the related files are definitively deleted at the end of this period in accordance with the principle of minimisation.

The cookie containing the GUID is valid for 7 days and it expires automatically at the end of this period or can be manually deleted by the user. The process implemented in relation to expired GUIDs ensures that all data related to the anonymous session is definitively deleted, including projects and files.

User rights

The user can manually delete the cookie at any time, giving up the option of recovering the project in doing so. The possibility of exercising the rights of access, deletion and restriction as laid down in the GDPR remain unaffected, where applicable.

For further information on browser-side technologies and the protection of personal data, contact the DPO at dpo@photosi.com.

 

E) Use of Artificial Intelligence tools

E.1) Production of photo books

We may process your data to suggest the creation of digital Photo Books (hereinafter 'PhotoBook') in an automated manner.

Data processed

The data processed consists exclusively of the images in the photo gallery of the user's device. Processing is carried out by means of artificial intelligence tools integrated into the user's device (known as 'on-device') and configured according to system settings. The images are not copied, transferred or transmitted to external servers or third parties and are not stored beyond what is already on the device.

Only the cover image generated by Artificial Intelligence systems is extracted, processed by the internal systems and made available to the user for viewing, editing and completing the order and used to personalise communications directed to you, in accordance with your chosen communication preferences. The sole purpose of this processing is to facilitate and improve the experience of creating and purchasing the product.

Processing purpose

Processing is exclusively aimed at the automated creation and organisation of Photo Books, based on user-defined criteria or device settings, in order to improve the user experience and facilitate the management of personal media content.

Legal basis

The legal basis for the processing is the legitimate interest of the Data Controller pursuant to Article 6 (1)(f) GDPR. This interest consists in providing the user with an advanced and innovative functionality, which enriches the service offered by improving the experience of browsing and managing photographic content, reducing creative effort and offering a personalised experience.

The feature, although enabled by default to ensure an optimal user experience, can be disabled at any time by the user. The data subject retains full control over their data and suggested products, being able to freely decide whether to edit, purchase or ignore them, and can exercise their right to object to processing in a simple and accessible manner, as described below.

Logic used, importance and expected consequences

Logic used: data is processed for the sole purpose of enabling the automatic creation of Photo Books, using artificial intelligence features and automated processing algorithms. These systems work by analysing the content uploaded or made available by the user (such as images, associated metadata, date and place of acquisition), as well as any information generated by artificial intelligence settings on the user's device, in order to automatically select photographs, organise them into coherent sequences and suggest a personalised album structure (e.g. order of images, subdivision by events or moments, suggested layouts, identification of customary areas, qualitative selection criteria to discard duplicates or low quality or irrelevant images).

This sharing occurs when the User allows the App to access the image gallery according to the chosen options.

Localisation processing is based solely on metadata already present in the images (e.g. EXIF) without any tracking enabled.

The processing is exclusively aimed at helping the user to create the Photo Book and does not involve the profiling, segmentation or evaluation of the user's preferences for further purposes.

Significance and expected consequences: the main consequence of the processing is that the user will be able to obtain an automatically generated Photo Book suggestion, which will reduce the time and effort needed to manually select and organise images. In any case, the user retains control over the final result, being able to edit, supplement or reject the suggested album. The processing does not produce legal effects nor does it significantly affect the user, limiting itself to providing technical and functional support for the creation of the requested product.

Security and limitations

Data is processed exclusively in the local environment (on-device), in compliance with the principles of data minimisation and data protection. There is no transfer of data outside the device (with the exception of the cover image only). The data is not subject to dissemination or automated decision-making processes beyond the purpose described above. Your data is not used for training new AI models.

Storage period

Data on Photo Books produced by means of AI are kept for a maximum period of 7 days after generation, in accordance with the retention time table.

After this period has elapsed, or in the event of a request for early deletion by the user, the data will be irreversibly deleted or anonymised, in accordance with the principle of limitation of storage under Article 5 (1)(e) GDPR.

User rights

The user retains full control over their data and can disable the functionality at any time, immediately stopping any further processing by artificial intelligence.

Opposition can be exercised simply and immediately by disabling the functionality via the appropriate option in the personal area of the account or in the configuration settings of the App. Disabling the functionality will terminate with immediate effect any further processing of data for this purpose. If you disable the functionality (opt-out), you will be offered the possibility of also deleting all draft projects previously generated automatically, guaranteeing full control over the experience and data of the data subject.

In any case, the rights provided for in Articles 15 et seq. GDPR, such as the right of access, cancellation, restriction of processing and withdrawal of consent, can still be exercised within the limits applicable.

For more information on the processing of personal data and the use of on-device artificial intelligence technologies, you can contact the Data Controller or the DPO at dpo@photosi.com.

 

E.2) Advanced Profiling

Subject to your express and specific consent (Article 6 (1)(a) GDPR), we may process your data to analyse or predict aspects of your personal preferences, interests and buying habits.

Data used for profiling

The profiling activity is carried out by analysing data such as: personal and contact data, purchase history (completed orders, type of products, frequency, average spend), products viewed, products added to the shopping cart (even if not purchased), interaction with our marketing communications (e.g. opening of newsletters, clicks on offers), navigation data on the Site and App.

Logic used, importance and expected consequences

Logic used: Data for advanced profiling purposes are processed with the help of artificial intelligence systems and machine learning algorithms. Such systems identify correlations and recurring patterns in user behaviour. For instance, the algorithm can identify sets of users with similar interests, e.g. for 'travel photobooks' or 'canvas prints'. This segmentation allows us to better understand your preferences and to predict which products, services and offers may be of interest to you.

Significance and expected consequences for the data subject: The main consequence for you is the receipt of marketing communications and the display of content (e.g. advertising banners, product suggestions on the Site/App) that is personalised and more in line with your interests. For example, you might receive a discount on a product you have frequently viewed or suggestions for creating an album after a trip. Another consequence is the exclusion from promotional campaigns considered irrelevant to you, thus avoiding irrelevant communications.

Exclusion from the application of Article 22 GDPR: Please note that this profiling activity is exclusively aimed at personalising marketing communications and the user experience. It is not based solely on an automated decision-making process that produces legal effects (e.g. whether or not you enter into a contract) or similarly significantly affects you as an individual (e.g. resulting in price discrimination or exclusion from essential services) within the meaning of Article 22 GDPR. All offers and services remain accessible to all users under standard conditions. You have the right to withdraw your consent to profiling at any time, without this affecting your ability to use our services.

Processing purpose

The processing of personal data is aimed at carrying out advanced profiling activities through the use of artificial intelligence systems and machine learning algorithms, aimed at analysing the behaviour, preferences and interactions of the data subject. This analysis allows the creation of individual or group profiles, functional for personalising the services offered, suggesting targeted content and promotional initiatives, and preparing products and functionalities that better meet the customer's needs and interests.

Legal basis

The legal basis for the processing is the consent of the data subject pursuant to Article 6 (1)(a) GDPR.

The data subject retains full control of their personal data at all times and may freely decide not to give consent or to revoke it at a later date, without prejudice to the lawfulness of the processing carried out before revocation.

Giving consent to advanced profiling allows you to benefit from a personalised experience and services more in line with your preferences, improving overall the quality and relevance of the suggestions received.

Security and limitations

Processing is carried out in accordance with the principles of Data Protection by Design and by Default.

AI models are trained on previously anonymised datasets. Your data is not used for training new models.

User rights

The user retains full control over their data and can withdraw their consent at any time, immediately stopping any further processing by artificial intelligence.

Opposition can be exercised simply and immediately by disabling the functionality via the appropriate option in the personal area of the account or in the configuration settings of the App. Disabling the functionality will terminate with immediate effect any further processing of data for this purpose.

In any case, the rights provided for in Articles 15 et seq. GDPR, such as the right of access, cancellation, restriction of processing and withdrawal of consent, can still be exercised within the limits applicable.

For more information on the processing of personal data and the use of artificial intelligence technologies, you can contact the Data Controller or the DPO at dpo@photosi.com.

 

F) Customer Service and Integrated Artificial Intelligence

To improve the efficiency and quality of our customer service, PhotoSì uses artificial intelligence (AI) systems integrated into its communication channels, such as live chat (chatbots) and request management systems (help desk).

Data processed

The personal data processed includes:

- Identification and contact data (e.g. first name, last name, e-mail address) provided by you or already associated with your account.
- Content of communications: the text of your requests sent via e-mail, chat or other contact forms, and the history of previous interactions.
- Data relating to the context of the request: information on orders, products purchased or viewed, and technical navigation data, necessary to understand and resolve your request.

You are expressly requested not to share any personal data through these channels that is not necessary to handle your request.

Processing purpose

The processing of the above-mentioned data is aimed at:

1. Optimising and automating support: Providing automatic and immediate answers to frequently asked questions (FAQ) 24/7 via chatbots.
2. Assessing and routing requests: Analysing the content of your request to understand the subject matter and urgency, and automatically directing it to the most competent human operator or department for resolution.
3. Supporting operators: Assisting our customer service staff by suggesting relevant answers, knowledge base articles or solutions to known problems in order to speed up response times and improve service consistency.
4. Improving the service: Analysing, in aggregated and anonymised form, recurring themes and issues arising from interactions to identify areas for improvement in our products and services, in compliance with the principle of minimisation.

Legal basis

The legal bases for the processing described above are as follows:

- For the purposes referred to in points 1, 2 and 3, the processing is necessary for the performance of a contract to which you are party or for the performance of pre-contractual measures taken at your request (Article 6 (1)(b) GDPR). The provision of effective customer service is indeed an integral part of the service offered.
- For the purpose referred to in point 4, processing is based on the legitimate interest of the Data Controller (Article 6 (1)(f) GDPR) in improving the quality of its services and the overall customer experience. We consider that this interest is balanced against your rights and freedoms, as the processing is carried out on aggregated and anonymised data and has no direct impact on your person. You still have the right to object to such processing in the manner provided.

Logic used, importance and expected consequences

Logic used: AI systems analyse the text of your communications using Natural Language Processing (NLP) technologies. These algorithms are trained to recognise the main topic, the intent (e.g. requesting information, reporting a problem) and the tone (sentiment) of your request.

Significance and expected consequences: the main consequence for you is the possibility of receiving faster and more efficient support. The system can instantly resolve common doubts or ensure that your request reaches the right person faster. It should be noted that the AI system acts as a support and evaluation tool. Decisions that may produce legal effects or similarly significantly affect you (e.g. handling a complex complaint, deciding on a refund) are not solely based on an automated process and always involve review and validation by a human operator, in accordance with Article 22 GDPR. You are in any case entitled to request human intervention, express your opinion and contest any preliminary assessment made by the algorithm.

Security and limitations

Processing is carried out in accordance with the principles of Data Protection by Design and by Default.

- AI models are trained on previously anonymised datasets. Your conversations are not used for training new models.
- Access to the contents of conversations by authorised personnel is restricted to the sole purpose of supporting and resolving your specific request.

 

G) Purpose and legal basis for the processing of personal data

Your personal data will be processed:

(i) without requiring consent, for the following purposes:

- to follow up on your request and to be able to contact you using the contact details provided in the form, also by the retail network of agents;

- to follow up on your request to join specific promotional campaigns (e.g. acquisition of contacts, Lead Generation by filling in a form on social networks or dedicated pages), to collect your contact details and send you the promised discount code or other benefit by e-mail;

- to register your online account on the PhotoSì site, to join as a member of the PhotoSì Community and PhotoSì / Album Epoca App, to manage orders, purchases, sales and product deliveries and monitoring, to provide customer service through the help desk and live chat, to manage payments, returns and repairs, customer contact, vouchers and discounts;

- to manage administrative-accounting issues and related obligations (issuance of receipts, invoices, preparation of payments, any protection of credit positions and legal defence);

- to handle internal statistics, business analysis and management, to send service communications relating to abandoned shopping carts, in the event that a purchase has been initiated by adding products to the cart without completing the order, as well as, in relation to the contact data provided during the contract, to send advertising for similar products with the option of immediate cancellation upon request.

The above processing modes comply with the following legal bases respectively:

- fulfilment of a data subject's request — condition of lawfulness Article 6(b) GDPR — and the legitimate interest in promoting awareness of the Company - condition of lawfulness Article 6(f) GDPR;

- performance of a contract or pre-contractual measures, fulfilment of a request by the data subject - condition of lawfulness Article 6(b) GDPR;

- legal obligation to which the Data Controller is subject — condition of lawfulness Article 6(c) GDPR — or for the establishment, exercise or defence of a legal claim;

- pursuit of the Data Controller's legitimate interest — condition of lawfulness of Article 6(f) GDPR — regarding the improvement of company operation and market surveys, improvement of services provided to own customers, finalisation and facilitation of a transaction initiated and not concluded aimed at not losing the user's product selection effort, direct marketing and customer loyalty.

The provision of data, marked with (*), for the purposes indicated in section (i) above, is mandatory and any withholding of data and/or any express refusal to consent to their processing will make it impossible for the Data Controller to carry out the request received, the contract or the precontractual measures, to fulfil its obligations with any non-compliance and liability on the part of the data subject including with respect to statutory penalties (e.g. for the application of tax regulations or fraud prevention checks)

 

(ii) with your consent (Article 7 GDPR), for the following purposes:

- marketing activities of various kinds, including the promotion of products and services, the sending of promo codes, the distribution of posters and material of an informative and promotional nature, the invitation to conclude the purchase of a saved project, abandoned in the shopping cart or realised by means of AI tools, the sending of newsletters and commercial communications by e-mail, sms, push notifications in the App;

- profiling activities of various kinds, including behavioural analysis for promotional purposes, the creation of lists for promotional purposes, commercial communication and the sending of newsletters, the creation of profiles for the provision of services that are targeted to and personalised for the customer’s requirements.

- shop locator service: to locate, at your request, the nearest affiliated shops to your current location for delivery or collection of products. Such processing is based on your explicit consent pursuant to Article 6 (1)(a) GDPR and Article 9 of Directive 2002/58/EC. The provision of such data is optional and failure to give consent does not affect the use of the other features of the Site and the App.

The provision of data for the purposes set out in section (ii) above is optional, with the consequence that you may decide not to provide your consent or to withdraw it at any time.

 

H) Categories of recipients of personal data

For the purposes set out in the previous paragraph, the personal data you provided may be communicated or made accessible to:

- employees and collaborators of the Data Controller, in their capacity as persons authorised to process data, including the network of agents and salespeople for managing professional and retail contacts;
- third parties performing outsourced activities on behalf of the Data Controller, in their capacity as Data Processors, including: suppliers for the development and maintenance of the Sites, the Application, the Software and the respective tools (e.g. SDK OneSignal, SDK Social Networks, Zendesk, FIT PRS etc.), third party cookie managers, contractual partners of PhotoSì, who process the data provided by the users, service providers for the management of the information system and telecommunications networks and the company in charge of the management for e-commerce, service providers for the management of the archiving of paper and/or computerised documentation, service providers for the management of customer assistance activities, also through Internet sites (e.g. call centre, help desk, etc.), service providers for the management of marketing communication activities;
- freelancers, firms or companies involved in support and consultancy relationships, including for company organisational management control;
- banks and credit and insurance institutions for the performance of business (payments/collections) and insurance activities;
- parties that control, audit and certify the activities carried out by PhotoSì S.p.A. also in the interest of customers;
- judicial or supervisory authorities, administrations, public bodies and authorities (both national and foreign).

The full and updated list of Data Processors can be obtained by submitting a written request to privacy@photosi.com.

 

I) Storage and transfer of personal data abroad

Personal data are managed and stored in the cloud and on servers located both inside and outside the European Union owned by and/or at the disposal of the Data Controller and/or appointed third-party companies, duly appointed as Data Processors.

The transfer of data abroad to non-EU countries takes place exclusively within the framework of the management of information systems for requirements strictly related to the performance of company activities and, in any case, in accordance with the provisions of Chapter V, GDPR.

In the event of any transfer of personal data outside the European Economic Area, we adopt the following approach:

1. Destination Verification: First, we check whether the destination country benefits from an adequacy decision by the European Commission (under Article 45 GDPR), as in the case of transfers to US organisations certified under the 'EU-US Data Privacy Framework'.
2. Adoption of Appropriate Safeguards: in the absence of an adequacy decision, the transfer is based on appropriate safeguards within the meaning of Article 46 GDPR, mainly through the conclusion of Standard Contractual Clauses (SCCs) with the importing party.
3. Impact Assessment and Supplementary Measures: in accordance with the case law of the EU Court of Justice, every transfer based on SCCs is preceded by a transfer impact assessment (TIA) to verify that the third country's legislation does not prevent the importer from fulfilling its contractual obligations. If necessary, additional technical, contractual and organisational measures are implemented to ensure a level of protection that is substantially equivalent to the European level.

 

In any case, your personal data will not be disseminated.

 

L) Retention period of personal data

The personal data collected for the purposes indicated in paragraph C above will be kept and processed for the time strictly necessary to achieve the purposes for which they were collected and will be automatically deleted at the end of this period.

Specifically, the data retention period from the first session/visit to the Site or App, or from registration of the User Account, or the granting of specific consent, where requested, is as follows:

* The exact period varies depending on the software editor used, in order to allow for reprints and changes.

 

Renewal of retention: for 'Saved projects' and 'Ordered and completed projects', the user has the option of requesting a renewal of the retention period prior to expiry in order to maintain access to their work for future changes or reprints.

After this retention period has expired, the data will be destroyed or rendered anonymous irreversibly, in accordance with the technical procedures adopted.

 

M) Security measures

PhotoSì has implemented appropriate technical and organisational measures to ensure the logical and physical security of data and prevent any unauthorised processing.

In particular, the following technical and organisational measures are adopted, inter alia, to ensure the security (confidentiality, integrity and availability) of personal data:

- All communications between the data subject’s device browser and our site servers are carried out using secure communication protocols (HTTPS and TLS) with encryption techniques
- A personnel access control policy is implemented using secure authentication procedures (MFA – Multi-Factor Authentication)
- Specific procedures are adopted for managing incidents and data breaches, and in the event of a confirmed breach, we will promptly notify the data subject and/or the Data Protection Authority, in compliance with current legislation
- Systems and processes are developed and managed in compliance with the data processing principles and security requirements of the GDPR.

 

N) Exercisable rights

In accordance with the provisions of Chapter III, Section I GDPR, you may exercise your rights set out therein, and in particular:

- Right of access - To obtain confirmation as to whether or not personal data relating to you are being processed and, if so, to receive information relating, in particular, to: the purposes of the processing, the categories of personal data concerned and the retention period, and the recipients or categories of recipient to whom the personal data have been or will be disclosed (Article 15 GDPR);
- Right to rectification - To obtain, without undue delay, the rectification of inaccurate personal data concerning you and the completion of incomplete personal data (Article 16 GDPR);
- Right to erasure - To obtain, without undue delay, the erasure of personal data concerning you in the cases provided for by the GDPR (Article 17 GDPR);
- Right to restriction of processing - To obtain restriction of processing, in the cases provided for by the GDPR (Article 18 GDPR)
- Right to data portability - To receive, in a structured, commonly used and machine-readable format, personal data concerning you, and to ensure that it be transmitted to another data controller without restriction, in the cases provided for by the GDPR (Article 20 GDPR);
- Right to object - To object to processing of personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing (Article 21 GDPR);
- Right to lodge a complaint with the supervisory authority - To lodge a complaint with the Italian Data Protection Authority, Piazza Venezia no. 11, Rome - https://www.garanteprivacy.it/.

 

You may exercise these rights easily through the dedicated section on the Site or the App.

Specifically, to proceed with requesting the deletion of data, click here.

For any further request, please write to privacy@photosi.com