[Last Updated: January 26, 2025]

This Privacy Policy describes how DANIEL TAM ART GALLERY LIMITED (“we”, “us”, or “our”) collects, uses, discloses, and otherwise processes information, including personal data, and the choices you can make about that information. It applies to visitors to our website (“Visitors”), professional photographers using our platform (“Photographers”), and photographers’ clients and end users who access galleries (“Clients”). Visitors, Photographers, and Clients are together “you”.

Key Disclosures

• Scope of Services: We operate an online SaaS platform (the “Platform”) enabling Photographers to upload and store photos, videos, and other digital files; create online galleries; offer merchandise; customize portfolio pages; and use marketing tools (collectively, the “Services”).

• Commercial Use of Content (Notice): By using the Platform, you acknowledge and agree that all photos you upload, as well as any media and content produced, generated, edited, adapted, derived, or otherwise created through or in connection with the Platform or Services (together, “Content”), may be used by us for any form of commercial use, worldwide, in any media now known or later developed, subject to applicable law and the permissions and representations set out below.

• Roles: For account data and site operations, we are a controller. For Photographs and related Content uploaded by Photographers for their Clients, we typically act as a processor on behalf of the Photographer (controller), except where this Policy expressly states we act as controller for our own commercial uses permitted herein.

1. Changes to this Policy
   We may update this Policy from time to time. We will post the updated date above and provide additional notice if required by law. Changes take effect 30 days after posting unless a different effective date is stated or required.

2. Contact
   We provide channels for privacy, general, and support inquiries. Where required, we appoint representatives or provide additional contact channels in certain jurisdictions. Details will be provided through our available channels.

3. Information We Process and Purposes
   a) Non-Personal Data: Device/browser data, operating system, language, anonymized or aggregated analytics and performance data. Used for operation, security, analytics, and improvements.
   b) Personal Data: Information that identifies or is reasonably linkable to you, including:

• Online identifiers and usage data: IP, device IDs, cookies, logs, page views, clicks, session info. Purposes: operation, security, analytics, marketing (where consented).

• Contact information: Name, email, phone, any message content. Purposes: responding to inquiries, support, records.

• Location data: Approximate location based on IP or device settings. Purposes: security, fraud prevention, customization.

• Registration and account data (Photographers/Clients): Name, email, username, password, phone, tax ID (if applicable). Purposes: set up and manage accounts, authenticate users, provide Services. Legal basis: contract.

• Payment and transaction data: Billing name, address, phone, payment instrument metadata (processed via third-party processors), purchase history. Purposes: billing, tax/recordkeeping. Legal basis: contract, legal obligations.

• Support communications: Correspondence and troubleshooting artifacts. Purposes: support, quality assurance, records.

• Usage analytics (Photographers/Clients): Features used, time in-app, error/crash logs, performance metrics. Purposes: maintain, improve, and secure the Services. Legal basis: legitimate interests.

• Photographs and Content (including potentially sensitive data): Photos, videos, GIFs, derived or edited outputs, galleries, metadata, and any annotations. Purposes: host, deliver, display, sell, fulfill orders, enable marketing tools, slideshows, blogs, vendor sharing, and—per the Commercial Use section below—enable our commercial uses.

• Face data (if features enabled): Facial landmarks and embeddings used for grouping/search. Purposes: gallery search and grouping; security controls apply; opt-out available where required.

Special Categories and Biometric Data: Where content includes sensitive or biometric information (e.g., face embeddings), we implement enhanced safeguards and limit use to stated purposes and lawful bases. We do not sell such data.

1. Commercial Use of Photos, Media, and Produced Content
   Grant: You grant DANIEL TAM ART GALLERY LIMITED a worldwide, perpetual, irrevocable, royalty-free, sublicensable, and transferable license to use, reproduce, modify, adapt, edit, translate, publish, publicly display, publicly perform, distribute, sell, license, commercialize, create derivative works from, and otherwise exploit, for any commercial purpose and in any media now known or later developed, all photos you upload and all media and content produced, generated, edited, adapted, derived, or otherwise created through or in connection with the Platform or the Services (collectively, “Content”).
   Representations: You represent and warrant you have obtained all necessary rights, consents, and permissions (including model/subject and property releases, and rights of publicity, privacy, and intellectual property) to grant this license without infringing any third-party rights, and that Content complies with applicable law.
   Indemnity: You agree to indemnify and hold us harmless from claims, losses, or expenses arising from or related to our exercise of the rights granted in this section.
   Opt-Out: If you do not wish to grant the above license, do not upload Content to the Platform.
   Note: This Commercial Use clause is intentionally included in the Privacy Policy as a clear notice of how we may use Content, in addition to corresponding provisions in our Terms of Service.

2. How We Collect Information
   Automatically: Through cookies, SDKs, logs, and similar technologies when you visit or use the Services.
   Directly from you: When you register, upload Content, make purchases, or contact us.
   From third parties: For example, Photographers may provide Client details for gallery access; payment processors provide transaction confirmations; vendors provide fulfillment statuses.

Cookies and Similar Technologies
We use strictly necessary cookies for operation and may use analytics/advertising cookies subject to your consent and local law. You can manage preferences via tools we provide and your browser settings.

1. Sharing of Personal Data
   Service providers (processors): Hosting, storage, analytics, customer communications, security, support, and operations.
   Print labs, merchandise partners, fulfillment: Photographs/Content (as needed), shipping details, and order data to produce and deliver goods.
   Business transfers: In a merger, sale, or similar transaction, data may be transferred to the acquirer consistent with this Policy.
   Legal and safety: To competent authorities or third parties as required by law or to protect rights, safety, or security, to the extent necessary.
   We prohibit service providers from using Personal Data for purposes other than providing services to us and require appropriate safeguards.

2. Your Rights
   Depending on your location, you may have rights to access, correction, deletion, portability, restriction, objection, and to withdraw consent (including marketing/cookies). Where US state laws apply, you may have rights to opt out of “sale”/“sharing,” targeted advertising, or certain profiling. We will verify requests as required and respond within applicable timeframes. Self-service options include account settings, unsubscribe links, and cookie preference tools.

3. Data Retention
   We retain Personal Data as long as necessary for the purposes described, to comply with law, for legitimate business needs (e.g., records, fraud prevention, security), and to establish or defend legal claims. We may delete or de-identify data when it is no longer needed.

4. Security
   We implement administrative, technical, and physical safeguards appropriate to the risks, including encryption in transit, access controls, data minimization, and monitoring. No system is fully secure; if we become aware of a security incident, we will act promptly and notify affected individuals and authorities where legally required.

5. International Transfers
   We may process and store data in, and access data from, multiple jurisdictions. Where required, we implement appropriate transfer mechanisms (e.g., Standard Contractual Clauses) and safeguards to protect Personal Data transferred across borders.

6. Children’s Privacy
   Our Services are not intended for children as defined by applicable law, and we do not knowingly process children’s personal data. If we learn a child has provided data, we will delete it.

7. Jurisdiction-Specific Notices and Governance
   GDPR (EEA/UK): Where applicable, we identify lawful bases (contract, legitimate interests, consent, legal obligation) and provide cross-border transfer details and rights as described above.
   US State Laws: We provide disclosures about categories collected, purposes, sharing, and “sale”/“sharing” where applicable, and honor opt-out signals where required.
   Final Decision Right: In the event of any dispute, discrepancy, or uncertainty relating to this Privacy Policy, the Platform, the Services, or the interpretation, performance, applicability, amendment, or termination thereof, DANIEL TAM ART GALLERY LIMITED reserves the final and binding right of decision, except to the extent mandatory law requires otherwise.