Data Controller and Scope
This General Data Protection Regulation (GDPR) Notice explains how Photomadic Markets processes personal data in connection with its services offered in the United States of America and, where applicable, to individuals in the European Economic Area (EEA), the United Kingdom, and Switzerland. Photomadic Markets is owned and operated by Van Elazinsu and serves investors and traders by providing market dashboards, charts, analysis, and related features.
Data Controller: Photomadic Markets, operated by Van Elazinsu, 7600 Kingston Pike, Knoxville, TN 37919, United States. Contact: [email protected].
While this notice is tailored to meet GDPR standards, it also aligns with applicable United States federal and state privacy laws.
Categories of Personal Data We Process
- Account and Profile Data: name, email address, username, password (hashed), preferences, watchlists or saved portfolios, notification settings.
- Transactional and Subscription Data: plan details, purchase history, limited billing metadata; full payment card data is handled by our payment processor and not stored by us.
- Technical and Usage Data: IP address, device identifiers, browser type, operating system, language, referring pages, timestamps, pages viewed, clickstream, session duration, performance and crash logs.
- Cookies and Tracking Data: identifiers stored in cookies or similar technologies for authentication, preferences, analytics, and advertising subject to your choices.
- Communications Data: inquiries, support tickets, survey responses, and marketing consents.
- User-Generated Content and Derived Data: saved comparisons, notes, and analytic insights derived from your interactions.
- Sensitive Data: we do not intentionally collect sensitive personal information (e.g., health, biometric, or precise geolocation) and request that you do not submit such data.
Purposes of Processing and Legal Bases
We process personal data for the following purposes and, where GDPR applies, under the following lawful bases:
- Provide and maintain services (including accounts, dashboards, and core functionality): performance of a contract; legitimate interests to operate and improve services.
- Personalize content and features (e.g., saved watchlists, preferences): performance of a contract; legitimate interests.
- Analytics and service improvement (usage measurement, debugging, forecasting capacity): legitimate interests.
- Marketing communications (where permitted): consent where required; legitimate interests for similar products/services, with opt-out rights.
- Security and fraud prevention (monitoring, incident response): legitimate interests; legal obligations.
- Compliance with law and enforcement requests: legal obligations; legitimate interests to protect rights.
- Advertising and cross-context behavioral advertising (if enabled): consent where required by law; otherwise legitimate interests subject to opt-out rights.
Cookies and Similar Technologies
We use first- and third-party cookies, pixels, and SDKs to support essential site functions, remember preferences, measure performance, and, where enabled, offer interest-based advertising. You can manage cookie preferences via your browser settings and any on-site controls we provide. Where required, non-essential cookies are used only with your consent.
Sharing and Disclosures
We disclose personal data to:
- Service Providers and Processors: hosting, cloud storage, analytics, customer support, security, and payment processing providers acting on our instructions.
- Advertising and Measurement Partners: if you have permitted cookies or opted in to targeted advertising, we may share limited identifiers and usage data for ad delivery and measurement.
- Business Transfers: in a merger, acquisition, or asset sale, data may be transferred consistent with this notice.
- Legal and Safety: to comply with legal obligations, enforce terms, or protect rights, property, and safety of users and the public.
We do not sell personal information for money. We may “share” personal information (as defined under certain U.S. state laws) for cross-context behavioral advertising only where permitted by law and your preferences, and you have the right to opt out.
International Data Transfers
We primarily process data in the United States. If data are transferred from the EEA/UK/Switzerland to the U.S. or other countries lacking an adequacy decision, we implement appropriate safeguards such as Standard Contractual Clauses and supplementary measures where necessary.
Data Retention
We retain personal data for as long as needed to provide services, fulfill the purposes described, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods depend on the type of data, the nature of our relationship, and statutory requirements. We routinely review and de-identify or delete data that are no longer necessary.
Security Measures
We apply administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, or alteration, including encryption in transit, access controls, least-privilege practices, monitoring, and regular reviews. No method of transmission or storage is completely secure; we encourage you to use strong, unique passwords and enable available security controls.
Your Rights Under GDPR
If GDPR applies to you, you have the following rights, subject to limitations under applicable law:
- Access: obtain confirmation and a copy of your personal data.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion of personal data in certain circumstances.
- Restriction: request restriction of processing in certain circumstances.
- Portability: receive personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
- Objection: object to processing based on legitimate interests, including profiling, and to direct marketing at any time.
- Withdraw Consent: withdraw consent at any time where processing is based on consent.
To exercise your rights, contact us at [email protected]. We will verify your identity and respond without undue delay and within one month, extendable where permitted. You may lodge a complaint with your local data protection authority if you believe our processing infringes applicable law.
U.S. State Privacy Rights
Residents of certain U.S. states (including California, Colorado, Connecticut, Utah, Virginia and others with similar laws) may have the rights summarized below, subject to statutory exceptions.
California (CCPA/CPRA)
- Right to Know: request details about categories and specific pieces of personal information collected, sources, purposes, and disclosures.
- Right to Delete: request deletion of personal information, subject to exceptions.
- Right to Correct: request correction of inaccurate personal information.
- Right to Opt Out of Sale/Sharing: opt out of the sale or sharing of personal information for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Personal Information: if collected, limit certain uses of sensitive data.
- Non-Discrimination: we will not discriminate for exercising your rights.
Submit requests by emailing [email protected]. If authorized agents submit requests, we may require proof of authorization and may also require you to verify your identity directly with us.
Colorado, Connecticut, Virginia, Utah, and Similar Laws
- Rights may include access, correction, deletion, portability, and the right to opt out of targeted advertising, sale, and certain profiling.
- Appeal: if we deny your request, you may appeal by replying to our decision email; we will inform you of our final decision and any available external remedies.
Verification and Response
We will verify requests using information reasonably necessary to confirm your identity (e.g., control of the email address associated with your account). We respond within timelines required by applicable law.
Automated Decision-Making and Profiling
We do not engage in automated decision-making producing legal or similarly significant effects without human involvement. We may use limited profiling to personalize content or recommendations, subject to your rights to object or opt out where applicable.
Marketing Communications
You may opt out of marketing emails at any time using the unsubscribe mechanism in our messages or by contacting us. We may still send transactional or service-related communications.
Managing Preferences and Opt-Outs
- Email Marketing: use in-message unsubscribe or email [email protected].
- Cookies/Advertising: adjust browser settings and any on-site cookie controls we provide; you may opt out of targeted advertising where required by law.
- Account Settings: where available, manage preferences in your account.
Children’s Privacy
Our services are not directed to children under 13, and we do not knowingly collect personal information from them. If we learn that we have collected such information, we will delete it promptly.
Changes to This Notice
We may update this notice to reflect changes in our practices, technologies, or legal requirements. Material changes will be indicated by updating the “Last updated” date and, where appropriate, by additional notice. Continued use of our services after changes indicates your acknowledgment of the updated notice.
Contact
For questions, requests, or concerns about this notice or our data practices, contact: Van Elazinsu, 7600 Kingston Pike, Knoxville, TN 37919, United States; Email: [email protected].
