Need Immediate Answers? Check out our SUPPORT CENTER or CONTACT OUR SUPPORT TEAM
General Data Protection Regulation (GDPR)
Fotocraft Images
Posts: 4Member
I have posted a suggestion for development of Zenfolio to comply with the requirements of the EU's GDPR to the user voice forum today.
Based on my reading, this regulation will have a significant effect on anybody located in the EU who wishes to send marketing communications to customers. Not complying with the consent for marketing rules could lead to Zenfolio users breaking the law. I don't think Zenfolio as configured at the moment will facilitate compliance.
I wonder if anybody located in the UK or European Union, or selling into the EU has looked into the requirements of this regulation, and what conclusions you have reached about complying with it.
Based on my reading, this regulation will have a significant effect on anybody located in the EU who wishes to send marketing communications to customers. Not complying with the consent for marketing rules could lead to Zenfolio users breaking the law. I don't think Zenfolio as configured at the moment will facilitate compliance.
I wonder if anybody located in the UK or European Union, or selling into the EU has looked into the requirements of this regulation, and what conclusions you have reached about complying with it.
Comments
The new EU regulations known as General Data Protection Regulation (GDPR) will go into effect on May 26, 2018.
Zenfolio will be fully compliant before that deadline, both regarding your information (as a Zenfolio customer) and your clients’ information.
We will be updating your site’s User Agreement, adding an opt-in when clients create an account on your site, and offering you a way to address any requests from your customers regarding their data.
An email will be going out shortly detailing this as well as a follow-up email after that containing additional information, including a detailed FAQ outlining all the upcoming changes and policies.
In the meantime, we welcome everyone's feedback, questions, and suggestions regarding GDPR on this forum thread.
Thanks
German photographers in particular are now discussing whether we should soon have to look for a new provider. Of course we do not want that because we all like Zenfolio.
I would be more than happy if Zenfolio would soon also provide an ADV contract.
unfortunately I have to agree with the post of Sabine...
I am very (!) concerned to be forced to find another place for my images due to the GDPR.
Being a loyal customer for many years...
We would need a gdpr data processing agreement (in German: ADV) with Zenfolio, as Zenfolio is (at least) handling the ip-addresses of our visitors (at least during their session) and ip addresses are considered as personal data. So we have authorise Zenfolio to handle these personal information for us. This could be perfectly legal as long as Zenfolio is based inside the EU or submitted itself to the EU privacy shield. http://privacyshield.gov/list
This handling by a third party (Zenfolio) must be declared in a privacy agreement on our websites!
@Zenfolio: Do you offer this data processing agreement and the privacy statement?
As far as I know the gdpr requires SSL encryption (as state of the art protection) for any login or contact form, where our clients entering personal information.
@Zenfolio: Do you offer SSL protection for us using our own domains for your service?
(I could be absolutely wrong - please contact the lawyer for detailed legal information!)
Regards,
Chris
I also wonder about those processing images for us (i.e. the labs) and whether we have to have additional processor agreements with them as they are handling client data to fulfil orders on our behalf, via you. Are you doing anything on our behalfs for those suppliers to make this happen or are we going to have to sort that with them?
We have now published a Help Guide article that outlines general policies and procedure regarding GDPR. Please find the link here: http://www.zenfolio.com/us/z/help/support-center#/customer/en/portal/articles/2928622-gdpr Note that we will be updating this article as often as needed to provide answers to the most commonly asked questions.
As far as any agreement or ADV contract needed - that remains between the photographer and the client. Zenfolio does not interfere with Photographer/Client relationships.
As far as security, certain areas of your site have always been protected by HTTPS (shopping cart checkout, client account creation page) and by July 2018, all pages will transition to HTTPS.
We are updating the Photographer Terms of Use and the client-facing User Agreement. Both include updates to the Privacy Policy. These will go into effect on May 25, 2018.
These are the key changes we are making to the Photographer Privacy Policy and the Privacy Policy section of the client facing User Agreement:
- Updated information about exactly what personal information is collected, how to update that personal information, and how to request deletion of it
- Additional details about your responsibilities when using social media sharing tools
- New information regarding data retention, deletion, and disclosure
- New information that outlines the Zenfolio policy towards links to other sites
Zenfolio will send all account holders an email regarding the Terms of Use update. Zenfolio will also send an email (on photographers behalf) to all clients who have created accounts in order to inform them about the changes to their User Agreement.
Zenfolio Support
Thanks for the suggestion! We will certainly consider adding this as an enhancement.
As always, please continue to let us know about any questions you have regarding these upcoming changes
I manage personal data on Zenfolio servers.
This type of service requires a contract according DSGVO
The BayLDA clarifies:
"If a service provider is not ready for such a contract, it can not be used in the business domain in compliance with data protection."
Please send me an ADV contract immediately.
When are Zenfolio sending out an email to all my clients that have created an account through my Zenfolio site?
I got an email on 26th April telling me that "Zenfolio will send an email on your behalf to all clients who have created accounts through your Zenfolio site in order to inform them about the changes to the User Agreement. Also, any new visitor to your website is now required to accept the User Agreement in order to create a Client Account. "
Thanks
I encourage you all to reach out to our Support Team regarding specific questions about Data Processing Agreements. Our team will be working closely with our legal department to give concise and accurate information about the changes in regards to GDPR.
We have also been working closely with all our fulfillment labs to ensure and document their GDPR compliance.
We know there will additional questions and concerns regarding all of these impending changes and our team will be ready to assist with your specific questions.
Why can't Zenfolio simply send out an opt in/out email that we have all been bombarded with, by other companies, over the last few weeks in Europe? Seems a somewhat lazy attitude to the whole issue.
All I want to know is my Zenfolio account / website GDPR compliant or do I have to move to another provider who is? The farce of individually contacting each and every customer and then contacting Zenfolio to delete any customer who wishes it seems ridiculously convoluted. A simple all encompassing opt in/out email from yourselves would have been far easier & simpler.
as you probably know, the General Data Protection Regulation (GDPR) in Germany take effect TODAY and there is still no possibility to get a signed contract Processing of personal data from you!!!
EVERY company with German customers has to do it and they do, even someone at Google (!!!) headquarters sends everyone a huge signed document per real snail mail (on real paper!!!).
But you are still sleeping and it seems you would like to lose all you German customers instead of providing a proper contract.
It even can be automatically signed electronic document, but at least we need one.
So PLEASE, wake up!!!
https://www.bitkom.org/noindex/Publikationen/2017/Leitfaden/170918-Mustervertragsanlage-ENG-online-final-2.pdf
Please could you get this sorted ASAP? It's now after GDPR deadline.
German customers seem not to be of any interest for zenfolio
Beside the still missing Data Processing Agreement (DPA), there is still no SSL integrated in our gallery...why???
https://www.heise.de/newsticker/meldung/DSGVO-8500-Euro-Schadensersatz-fuer-fehlende-SSL-Schluesselung-Die-Hintergruende-4094585.html
I've written my concerns to Zenfolio as well as provided them with the report showing specific details of non-compliance and await their response.
I wish to include a comprehensive privacy policy, but what's the point if you know you're not actually working within the legal framework of GDPR and/or other similar privacy laws?
In the meantime I won't be uploading any further work, nor put anything up for sale until this is rectified. I won't be renewing either.
Come on Zenfolio - please get with it.