Need Immediate Answers? Check out our SUPPORT CENTER or CONTACT OUR SUPPORT TEAM

General Data Protection Regulation (GDPR)

I have posted a suggestion for development of Zenfolio to comply with the requirements of the EU's GDPR to the user voice forum today.
Based on my reading, this regulation will have a significant effect on anybody located in the EU who wishes to send marketing communications to customers. Not complying with the consent for marketing rules could lead to Zenfolio users breaking the law. I don't think Zenfolio as configured at the moment will facilitate compliance.
I wonder if anybody located in the UK or European Union, or selling into the EU has looked into the requirements of this regulation, and what conclusions you have reached about complying with it.

Comments

  • StephenZenStephenZen Posts: 609Administrator
    Thank you for posting this topic here on our user forums.

    The new EU regulations known as General Data Protection Regulation (GDPR) will go into effect on May 26, 2018.

    Zenfolio will be fully compliant before that deadline, both regarding your information (as a Zenfolio customer) and your clients’ information.

    We will be updating your site’s User Agreement, adding an opt-in when clients create an account on your site, and offering you a way to address any requests from your customers regarding their data.

    An email will be going out shortly detailing this as well as a follow-up email after that containing additional information, including a detailed FAQ outlining all the upcoming changes and policies.

    In the meantime, we welcome everyone's feedback, questions, and suggestions regarding GDPR on this forum thread.
  • Ive not been asked anything regarding GDPR by any customer yet, and tbh, with the customer base that I have, im not really expecting many, if any, questions. However obviously with the Facebook and Cambridge Analyitica issues, it may come up. Zenfolio has 2 sets if clientele, those who use it to host website eg myself, and those who buy from those sites. The former can, relatively easily, find out how Zenfolio are dealing with the requirements of GDPR, however it seems to me that our customers may struggle to find information easily. Is there a simple page host by Zenfolio that we can direct our customers too, that explains simply how Zenfolio is dealing with GDPR, and how it treats our customers data?

    Thanks
  • But, as I know, we need a veritable contract, which we conclude with each other. A mere change of the terms and conditions will probably not be enough. Many users in Germany and the EU are probably waiting for Zenfolio to provide a so-called ADV contract.

    German photographers in particular are now discussing whether we should soon have to look for a new provider. Of course we do not want that because we all like Zenfolio.

    I would be more than happy if Zenfolio would soon also provide an ADV contract.
  • Shooting-StarsShooting-Stars Posts: 3Member
    Will appreciate if Zenfolio can tell us what measures will be in place to comply with GDPR!!/???
  • Hi Zenfolio,
    unfortunately I have to agree with the post of Sabine...
    I am very (!) concerned to be forced to find another place for my images due to the GDPR.
    Being a loyal customer for many years...

    We would need a gdpr data processing agreement (in German: ADV) with Zenfolio, as Zenfolio is (at least) handling the ip-addresses of our visitors (at least during their session) and ip addresses are considered as personal data. So we have authorise Zenfolio to handle these personal information for us. This could be perfectly legal as long as Zenfolio is based inside the EU or submitted itself to the EU privacy shield. http://privacyshield.gov/list
    This handling by a third party (Zenfolio) must be declared in a privacy agreement on our websites!

    @Zenfolio: Do you offer this data processing agreement and the privacy statement?

    As far as I know the gdpr requires SSL encryption (as state of the art protection) for any login or contact form, where our clients entering personal information.

    @Zenfolio: Do you offer SSL protection for us using our own domains for your service?

    (I could be absolutely wrong - please contact the lawyer for detailed legal information!)

    Regards,
    Chris


  • I too am interested in this. I sent a note to Zenfolio support to be told that you will be compliant. I await news of a processor agreement.

    I also wonder about those processing images for us (i.e. the labs) and whether we have to have additional processor agreements with them as they are handling client data to fulfil orders on our behalf, via you. Are you doing anything on our behalfs for those suppliers to make this happen or are we going to have to sort that with them?
  • PeterZenPeterZen Posts: 59Member
    Thanks for your questions and feedback!

    We have now published a Help Guide article that outlines general policies and procedure regarding GDPR. Please find the link here: http://www.zenfolio.com/us/z/help/support-center#/customer/en/portal/articles/2928622-gdpr Note that we will be updating this article as often as needed to provide answers to the most commonly asked questions.

    As far as any agreement or ADV contract needed - that remains between the photographer and the client. Zenfolio does not interfere with Photographer/Client relationships.

    As far as security, certain areas of your site have always been protected by HTTPS (shopping cart checkout, client account creation page) and by July 2018, all pages will transition to HTTPS.

    We are updating the Photographer Terms of Use and the client-facing User Agreement. Both include updates to the Privacy Policy. These will go into effect on May 25, 2018.

    These are the key changes we are making to the Photographer Privacy Policy and the Privacy Policy section of the client facing User Agreement:

    - Updated information about exactly what personal information is collected, how to update that personal information, and how to request deletion of it

    - Additional details about your responsibilities when using social media sharing tools

    - New information regarding data retention, deletion, and disclosure

    - New information that outlines the Zenfolio policy towards links to other sites

    Zenfolio will send all account holders an email regarding the Terms of Use update. Zenfolio will also send an email (on photographers behalf) to all clients who have created accounts in order to inform them about the changes to their User Agreement.
    Peter
    Zenfolio Support



  • We will be updating your site’s User Agreement, adding an opt-in when clients create an account on your site, and offering you a way to address any requests from your customers regarding their data.

    Existing customer also need to opt in
  • Could you also create an opt-in form that we could send to other email contacts/customers who haven't set up an account so that we can continue to send emails?
  • AllisonZenAllisonZen Posts: 238Administrator
    Hi Sarah,

    Thanks for the suggestion! We will certainly consider adding this as an enhancement.

    As always, please continue to let us know about any questions you have regarding these upcoming changes
  • The support article on GDPR is very helpful but one area does not seem to be covered - what information is shared with the labs when placing an order? Also, we need to know the organisation that is actually fulfilling the Zenfolio Europe Lab orders and any links to what that organisation is doing about GDPR. I'd like to refer to this in my statement of how I am complying with the regulations.
  • Wedding MemoriesWedding Memories Posts: 1Member
    Data Processing Agreement (ADV contract) is a MUST and has nothing to do with interfering photographer/client relationships. If you don't provide such a contract you will loose a lot of customers.
  • edited May 2018
    As a commercial photographer, I need an ADV contract from you.

    I manage personal data on Zenfolio servers.

    This type of service requires a contract according DSGVO

    The BayLDA clarifies:

    "If a service provider is not ready for such a contract, it can not be used in the business domain in compliance with data protection."

    Please send me an ADV contract immediately.
  • There are only 3 (THREE!!!) days left until the GDPR will go into effect and we are still waiting for a proper solution for a ADV contract.
  • Martin ClarkMartin Clark Posts: 3Member
    Hi,
    When are Zenfolio sending out an email to all my clients that have created an account through my Zenfolio site?

    I got an email on 26th April telling me that "Zenfolio will send an email on your behalf to all clients who have created accounts through your Zenfolio site in order to inform them about the changes to the User Agreement. Also, any new visitor to your website is now required to accept the User Agreement in order to create a Client Account. "

    Thanks
  • Johannes LeistnerJohannes Leistner Posts: 1Member
    now, there are only a few hours left and nothing new from Zenfolio :-( all I got from the support was an email which showed me, that Zenfolio has no clue what their commercial photographers in the EU need. This is really sad. It would be so easy to check other cloud-service like dropbox and learn from them, how they deal with the GDPR...
  • AllisonZenAllisonZen Posts: 238Administrator
    Thanks for everyone’s feedback and patience.

    I encourage you all to reach out to our Support Team regarding specific questions about Data Processing Agreements. Our team will be working closely with our legal department to give concise and accurate information about the changes in regards to GDPR.

    We have also been working closely with all our fulfillment labs to ensure and document their GDPR compliance.

    We know there will additional questions and concerns regarding all of these impending changes and our team will be ready to assist with your specific questions.
  • Cecil Paul StudiosCecil Paul Studios Posts: 2Member
    From the link provided above it would appear, to me, that you have made it the Photographers responsibility to individually contact each and every client regarding GDPR. Am I correct?

    Why can't Zenfolio simply send out an opt in/out email that we have all been bombarded with, by other companies, over the last few weeks in Europe? Seems a somewhat lazy attitude to the whole issue.

    All I want to know is my Zenfolio account / website GDPR compliant or do I have to move to another provider who is? The farce of individually contacting each and every customer and then contacting Zenfolio to delete any customer who wishes it seems ridiculously convoluted. A simple all encompassing opt in/out email from yourselves would have been far easier & simpler.
  • Dear Zenfolio Team,
    as you probably know, the General Data Protection Regulation (GDPR) in Germany take effect TODAY and there is still no possibility to get a signed contract Processing of personal data from you!!!
    EVERY company with German customers has to do it and they do, even someone at Google (!!!) headquarters sends everyone a huge signed document per real snail mail (on real paper!!!).
    But you are still sleeping and it seems you would like to lose all you German customers instead of providing a proper contract.
    It even can be automatically signed electronic document, but at least we need one.
    So PLEASE, wake up!!!
  • This should help you. This document was written by bitkom to help companies like yours.
    https://www.bitkom.org/noindex/Publikationen/2017/Leitfaden/170918-Mustervertragsanlage-ENG-online-final-2.pdf
  • Rob SRob S Posts: 10Member
    Hey Zenfolio, I don't think the email format the gallery sends out is compliant - I believe we need to have an unsubscribe button somewhere on every email that we send out.

    Please could you get this sorted ASAP? It's now after GDPR deadline.
  • I've just received an email to my Test account, that appears to come from my photography business but is actually from Zenfolio about my new privacy policy and it's not GDPR compliant! There's no unsubscribe option and there should be. What are you playing at??
  • It seems, we won't get an answer any more and they just DON'T WANT to work on this important issue :neutral:
    German customers seem not to be of any interest for zenfolio :(
    Beside the still missing Data Processing Agreement (DPA), there is still no SSL integrated in our gallery...why???
  • Deeply concerned that my website is NOT GDPR COMPLIANT and there is no way (as I can see it) that I can change this, as an individual.

    I've written my concerns to Zenfolio as well as provided them with the report showing specific details of non-compliance and await their response.

    I wish to include a comprehensive privacy policy, but what's the point if you know you're not actually working within the legal framework of GDPR and/or other similar privacy laws?

    In the meantime I won't be uploading any further work, nor put anything up for sale until this is rectified. I won't be renewing either.

    Come on Zenfolio - please get with it.
Sign In or Register to comment.