Privacy policy

Last Updated: 8th November 2025

1. Introduction

Welcome to FotoNEX. Your privacy is of the utmost importance to us. This Privacy Policy explains how FotoNEX Global, S.L. ("FotoNEX", "we", "us", "our") collects, uses, shares, and protects your personal data when you use our platform and services (the "Platform").

By creating an account on our Platform, you acknowledge that you have read and understood the practices described in this Privacy Policy, as well as in our Terms and Conditions and Cookie Policy.

This policy has been drafted in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, or "GDPR") and Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights ("LOPDGDD").

2. Data Controller

The entity responsible for processing your personal data is:

Company Name: FotoNEX Global, S.L.

Tax ID (NIF): B75720409

Registered Office: C/ Roger de Flor 275, 2º 1ª, 08025 Barcelona, Spain.

For any queries or requests regarding your personal data, you can contact us as described in Section 12.

3. What Personal Data Do We Collect?

We collect personal data to provide and improve our services. The types of data we process are:

a) Data you provide directly to us:

  • Account Information: When you register as a Client or Photographer, we collect your name, email address, password, and telephone number. Photographers also provide details about their portfolio, professional experience, and location.
  • Profile Information: You may choose to add additional information to your profile, such as a photo, a biography, or links to your social media profiles.
  • Payment and Transaction Information: To process payments, we collect billing data, transaction history, and payment information (e.g., credit card or bank account details), which are managed securely by our payment service providers.
  • Communications: We collect data from your communications with us (e.g., support tickets, emails) and with other users through the Platform's messaging system.

b) Special Categories of Personal Data:

In specific circumstances, and only with your explicit consent, we may process special categories of data (sensitive data) that are strictly necessary for the provision of a service. For example, information about allergies or accessibility needs for a specific photoshoot, to ensure your safety and comfort.

c) Data we collect automatically:

  • Usage Data: Information on how you interact with our Platform, such as the pages you visit, features you use, searches you conduct, and your booking history.
  • Log Data and Device Information: We automatically collect log data, including your IP address, browser type, operating system, access times, and device information (such as unique identifiers and hardware and software characteristics).

d) Data from Third Parties:

We may receive information from other sources, such as social media platforms if you link your FotoNEX account, or from third-party payment services that confirm a transaction to us.

4. How and Why We Use Your Data (Purposes and Legal Basis)

We process your data for the following purposes, based on the corresponding legal grounds:

Purpose

Legal Basis for Processing

  • To create and manage your user account.
  • Performance of a contract
  • To facilitate bookings and connect Clients with Photographers.
  • Performance of a contract
  • To process payments and service fees.
  • Performance of a contract
  • To provide customer support and resolve disputes.
  • Performance of a contract; Legitimate interest
  • To send administrative communications (e.g., booking confirmations).
  • Performance of a contract
  • To ensure the security and integrity of our Platform.
  • Legitimate interest; Legal obligation
  • To comply with legal obligations (e.g., tax and accounting regulations).
  • Legal obligation
  • To send marketing communications (with your prior consent).
  • Consent
  • To analyse and improve our services and user experience.
  • Legitimate interest

Note on Legitimate Interest: Where we process your data based on our legitimate interest, we have conducted a balancing test to ensure that our interests do not override your rights and freedoms. You have the right to object to this processing at any time, as detailed in Section 8.

5. How Long Do We Keep Your Data?

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected. We apply the following retention periods:

  • Account Data: We retain your account data as long as your account remains active. If you delete your account, your data will be blocked from regular processing and retained for a period of 6 years to comply with potential legal obligations (commercial and tax), after which it will be securely deleted.
  • Transaction Data: Financial and transaction data will be retained for a period of 6 years, as required by Spanish commercial and tax regulations.
  • Communications Data: Support messages and communications will be retained for 24 months from the date of the last interaction to facilitate the resolution of potential disputes.

6. Who Do We Share Your Data With?

We do not sell your personal data. We only share it under the following circumstances:

  • Between Users: To facilitate a booking, we share the necessary information between the Client and the Photographer (e.g., names, contact details, and session requirements).
  • Service Providers: We share data with trusted third-party service providers who assist us, such as payment gateways, cloud hosting providers, and support tools. These providers are contractually obliged to protect your data. Some of our main providers are:
    • Stripe: We use Stripe as our payment gateway. We do not store or have access to your bank or credit card details, as Stripe is the data controller for such data. We recommend that you review their privacy policy.
    • Google: We use Google Maps to manage location data and Google Analytics to analyse website usage (subject to your consent via our cookie manager).
  • Legal Compliance: We may disclose your data to public authorities or law enforcement bodies if required to do so by law or to protect our legal rights.

7. International Data Transfers

As a global platform, your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this happens, we ensure that appropriate safeguards are in place to protect your data.

For example, our Platform may be hosted on servers provided by [State provider, e.g., Amazon Web Services (AWS)] located in the United States. Such transfers are safeguarded through the use of Standard Contractual Clauses (SCCs), which the European Commission approves. You have the right to request a copy of these safeguards by contacting us.

8. Your Data Protection Rights

Under the GDPR, you have the following rights over your personal data:

  • Right of Access: To request a copy of the personal data we hold about you.
  • Right to Rectification: To request the correction of inaccurate or incomplete data.
  • Right to Erasure ('Right to be Forgotten'): To request the deletion of your data when, among other reasons, it is no longer necessary for the purposes for which it was collected.
  • Right to Restriction of Processing: To request the suspension of the processing of your data in certain circumstances.
  • Right to Data Portability: To receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object: To object to the processing of your data, especially when it is based on our legitimate interest (e.g., for direct marketing purposes).
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time.
  • Right not to be subject to Automated Decision-Making: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise these rights, please contact us at the email address provided in Section 12. You also have the right to complain to a supervisory authority, which in Spain is the Spanish Data Protection Agency (AEPD).

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and personalise our Platform. Our Cookie Policy, available on our website, provides detailed information on the types of cookies we use, their purpose, and how you can manage your preferences.

For advertising and targeting cookies, we may collaborate with third-party networks such as [List advertising partners, e.g., Google Ads, Meta Ads].

10. Security of Your Data

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, and unauthorised disclosure or access.

11. Changes to This Privacy Policy

We reserve the right to amend this policy to reflect new legislation or changes to our services. We will notify you of any significant changes via the Platform or by email.

12. How to Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us via our dedicated privacy email address:

Email: privacy@fotonex.net