1. Scope
This DPA supplements the PhotoSelect Terms of Service and applies when a customer uses PhotoSelect to process personal data related to event albums, guests, and recipients.
2. Roles
For customer-managed event and guest data, customer is the primary fiduciary/controller and PhotoSelect acts as processor under customer instructions.
For account administration, billing, fraud prevention, and platform security, PhotoSelect may act as an independent fiduciary/controller as required by law.
3. Processing Instructions
PhotoSelect processes personal data only to provide contracted services, maintain security and reliability, and comply with applicable legal obligations.
4. Security Measures
PhotoSelect maintains technical and organizational measures including access controls, short-lived signed URLs for protected delivery paths, encryption in transit, rate limiting, and audit-oriented logging.
5. Subprocessors
Customer authorizes PhotoSelect to engage subprocessors required for service delivery. Current subprocessors are listed at /subprocessors.
6. Assistance and Rights Requests
PhotoSelect provides reasonable assistance for verified data subject rights requests, incident handling, and compliance inquiries related to customer data processed in the service.
7. Deletion and Return
Upon account closure or valid customer instruction, PhotoSelect will delete or return customer personal data where feasible, subject to legal retention and security obligations.
8. Contact
For DPA and privacy operations: privacy@photoselect.space and legal@photoselect.space.