GPDR

19 July, 2023

Catch Photo as a ‘Data Controller’

If you are located in the United Kingdom (UK) or European Union (EU), the UK or European version of the General Data Protection Regulation (GDPR) provides you (if we process your personal data as a Controller) with the additional rights listed below.

Right of Access. You have the right to know what information we hold about you, including:

• • The specific pieces of personal information we have collected about you;
• • The categories of personal information we have collected about you;
• • The categories of sources from which the personal information is collected;
• • The business or commercial purpose for collecting your personal information;
• • The categories of third parties with whom we have shared your personal information;
• • The anticipated period of time for which your personal data will be stored; and
• • The existence of automated decision-making, including profiling.

Right to Correct. If you find out that your personal data is inaccurate or incomplete, you can request that we correct it. Right to Restrict. You have the right to suspend our processing of your personal data if:

• • The accuracy of the personal data is contested;
• • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
• • We no longer need the personal data for the purposes of processing but is required to keep it for the establishment, exercise, or defence of legal claims; or
• • You have objected to processing pursuant to Article 21(1) of the GDPR, pending the verification of whether the legitimate grounds of the data controller override those of the data subject.

Right to report. You have the right to complain to a supervisory authority if you believe your privacy rights are being violated.

Other Rights. In certain instances, you may have the right to data portability (if our processing is based on consent and automated means), withdraw consent at any time (if processing is based on consent), object to processing (if processing is based on legitimate interests), object to processing of personal data for direct marketing purposes, and erasure of your personal data from our system (“right to be forgotten”) if certain grounds are met.

Response Timing and Format. We aim to respond to a request for access, correction, restriction, or deletion within one month of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.

To make a request under the GDPR, contact us via email at legal@catchphoto.ai. Please include your full name and email address along with why you are writing so that we can process your request in a timely manner. We may require you to provide some evidence of your identity.

Catch Photo as a Data Processor

Most personal data processing that Catch Photo undertakes is as a Processor on behalf of its customers.

Catch Photo is committed to meeting its obligations under the GDPR and enters into a Data Processing Agreement with all customers.

UK/ European RepresentativesAs Catch Photo processes the personal data of individuals who are in the UK or EU it has appointed representatives in those areas. If you reside in these areas and have any concerns with how Catch Photo processes your personal data please contact them through legal@catchphoto.ai