GDPR Privacy Policy Form

FORM PRIVACY POLICY – May 2018

THIS FORM PRIVACY POLICY SHOULD BE MODIFIED TO CONFORM TO YOUR ACTUAL USE OF INFORMATION IN EACH INSTANCE.  DO NOT USE THIS FORM WITHOUT REVIEWING IT CAREFULLY AND MAKING SURE ALL USAGE OF INFORMATION IS ACCURATE.  YOU SHOULD REVIEW THIS FORM WITH YOUR ATTORNEY.  ITEMS IN BRACKETS SHOULD BE CUSTOMIZED TO YOUR BUSINESS OR DELETED AS THEY MAY APPLY TO SPECIALIZED SERVICES THAT ARE NOT APPLICABLE TO ALL DMLA MEMBERS.

DUE TO THE RECENT EUROPEAN GENERAL DATA PROTECTION REGULATION, WHICH IS IN EFFECT AS OF MAY 25, 2018, CERTAIN ADDITIONAL COMPLIANCE REQUIREMENTS MAY BE NECESSARY IF YOUR WEBSITE IS USED IN THE EUROPEAN ECONOMIC AREA. FOR EXAMPLE, IF YOUR COMPANY COLLECTS CERTAIN “SPECIALIZED” PERSONAL DATA SUCH AS GENETICS, RACE OR ETHNICITY DATA, POLITICAL OPINIONS, ETC., YOU ARE REQUIRED TO APPOINT A “DATA PROTECTION OFFICER.” IF YOUR COMPANY HAS MORE THAN 250 EMPLOYEES, YOU WILL BE REQUIRED TO KEEP MORE DETAILED RECORDS OF WHAT DATA YOU COLLECT AND HOW YOU USE IT, SUCH AS YOUR REASONS FOR PROCESSING THE DATA, A DESCRIPTION OF DATA BEING PROCESSED, DETAILS ON RECIPIENTS OF THE DATA, DURATION OF RETENTION, DETAILS ON TRANSFERS OUTSIDE OF THE EU, AND AN OVERVIEW OF THE SECURITY MEASURES YOU EMPLOY.

[INSERT COMPANY NAME] (“Company”, “we”, or “Us”) is committed to respecting your privacy. This Privacy Policy describes how Company collects, uses, and retains personal information to enable us to do business with you and improve our services. “Personal Information” includes any information that relates to, identifies, or can be used to identify, contact, or locate the person to whom such information pertains.

The terms of this policy apply to [all of Company’s websites/Company’s website: http://www.______.com/ ([collectively] the “Site”), unless different terms are otherwise specified or provided to you

By using this Site, you understand and agree to the terms of this Privacy Policy. This Site is operated in [the United States/_______] and may be accessed abroad. For data protection purposes, Company is the controller and, unless otherwise noted, is also the processor of data. Personal Information collected may be retained, and may be stored, processed, accessed, and used in jurisdictions whose privacy laws may be different and less protective than those of your home jurisdiction.

We do not sell, rent, or share your Personal Information to or with third parties in any way other than as disclosed in this Privacy Policy.

UPDATING YOUR PERSONAL INFORMATION AND PRIVACY PREFERENCES

Upon request Company will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. To request this information please contact us at [privacy@company.com].

You have the right to access and correct or revise your Personal Information and privacy preferences at any time [by visiting the “_______” section of the Site and/or] by contacting us at [privacy@compay.com]. We will respond to your request within a reasonable period of time.

WHAT PERSONAL INFORMATION WE COLLECT AND RETAIN FROM CUSTOMERS

When you visit this Site some Personal Information may be collected automatically as part of the Site’s operation. This information may include your IP (Internet Protocol), your browser type, access times,[ the website that referred you to us,] and navigational information such as the pages you view on the Site. We collect information about your use of the Site and our other customers in the aggregate to learn more about how our Site is used by our customers in order to improve our service and our Site.

When you register online with us, we collect the Personal Information you provide to us, including your name, address, job title, company name and company type, phone number, email address, password, and [INSERT ANYTHING ELSE YOU COLLECT]. You may choose not to provide this information by not registering with us, however certain products and services on the Site are only available to you upon registration. Registration enables you to access higher resolution content [and to enter into a license to use content for comp purposes].

[If you use our mobile apps, we collect information on the type of device you use, and operating system version. We do not ask for, access, or track any location-based information from your mobile device at any time.]

If a password is used to protect your account and Personal Information, it is your responsibility to keep your password confidential.

PERSONAL INFORMATION WE COLLECT AND RETAIN FROM CONTRIBUTORS

In addition to the Personal Information collected from general users of the Site, if you contribute content to us for licensing you may be asked to provide your Personal Information such as your name, phone number, primary address, and email address. We may verify this information by asking you to [upload a scan of a government issued ID (which will be stored securely on our servers), or] provide a credit card number.

In order to pay you and report sales to you, you will be asked to provide certain Personal Information such as payment information, payment method, payment emails, tax information; [INSERT WHAT OTHER INFORMATION YOU NEED].

Some of this information is mandatory and if you choose not to disclose, we may not be able to engage in any activity with you.

HOW WE USE YOUR PERSONAL INFORMATION

When you license content from us, we collect your username, password, full name, telephone number, email address and postal address, [company name, company title,] credit card number, and other Personal Information to process your orders and complete the license transaction, for license transaction history record keeping purposes, or to receive products or services. Your email address is used to confirm the licensing transaction.

We may contact you using your email or other Personal Information to respond to customer requests and inform you of special offers services.

We may ask you questions relating to your user preferences in order to better serve you and improve the use of our Site. Providing information regarding your usage and preferences is always voluntary.

We may contact you to administer promotions or sweepstakes you enter and notify you of the results.

We collect Personal Information regarding your orders, your use of the Site, and other account information as part of your sales history with us.

We may disclose to carefully-chosen third parties navigational and transactional information in the form of anonymous, aggregate usage statistics and demographics, but only in forms that do not reveal your identity or other confidential information.

We may contact you to investigate or take any action regarding illegal activity or any violations of our terms of service.

We may disclose Personal Information if required by law (for example, to comply with a subpoena, warrant, court order, or legal process) or when necessary to protect our rights, avoid litigation, protect your safety or the safety of others, investigate fraud, and/or respond to a government request. We may also disclose information about you if we determine that such disclosure should be made for reasons of national security, law enforcement, or other issues of public importance.

DATA RETENTION

We will retain your Personal Information for as long as your account is active, your information is needed to provide you services, or as required to fulfill our legal obligations, resolve disputes, and enforce our agreements. If you wish to delete your account or request that we no longer use your information to provide you services contact us at [privacy@company.com]. We will respond to your request within [30 days].

If you are a contributor and have submitted model releases with any content, we will retain the releases to comply with our legal obligations, dispute resolutions, licensing transactions, or to enforce our contractual obligations. We will not publicly disclose any Personal Information regarding any model.

ABOUT COOKIES

When you visit Company’s Site, a text file called a cookie is placed in the browser directory of your computer’s hard drive. A cookie is information that a website can store on your web browser and later retrieve. The information that cookies collect includes the date and time of your visit, your registration information and your navigational and licensing information. It allows the web browser to recognize the pages you have been to when you are visiting the Site and allows you to quickly return to viewed pages. We may also use “web beacons” that monitor your use of our Site. Web beacons are small strings of code that provide a method for delivering a graphic image on a web page for the purpose of transferring data, such as the IP  address of the computer that downloaded the page on which the web beacon appears, the URL (Uniform Resource Locator) of the page on which the web beacon appears, the time the page containing the web beacon was viewed, the types of browser that fetched the web beacon and the identification number of any cookie on the computer previously placed by that server.

When corresponding with you via HTML capable e-mail, web beacons let us know whether you received and opened our e-mail.

You may adjust your browser to reject cookies from us or from any other website. Additionally, by setting your web browser to display HTML e-mails as text only, you may be able to prevent the use of some web beacons. Please consult the “Help” section of your browser for more information. [However, certain areas of our Site can only be accessed in conjunction with cookies or similar devices and you should be aware that disabling cookies or similar devices might prevent you from accessing some of our content.]

DIRECT MARKETING

If at any time you decide that you do not want to receive marketing emails from us you will have the option of opting out and/or unsubscribing from our emails and mailing lists by adjusting [your “Personal Information Preferences”] as follows: [(1) checking or unchecking the appropriate box on your online registration form [or the “xxxxxx” page of the Site]; (2)[ contacting your Account Executive]; or (3) sending an email to [privacy@company.com]]. If you chose not to receive marketing emails, you may continue to receive transactional or account emails (e.g., purchase confirmations and account balance statements).

FORUMS & OTHER INTERACTIVE SERVICES

Our websites may include discussion forums or other interactive areas or services, including blogs, chat rooms, bulletin boards, message boards, online hosting or storage services, or other areas or services in which you or third parties create, post or store any content, messages, comments, materials or other items on the sites (“Interactive Areas”). If you use an Interactive Area, you should be aware that these areas are open to the public and any personal information you post or provide at registration may be viewable by others. We are not responsible for personal information you submit in connection with the Interactive Areas, nor are we responsible for how others might use that information, including to send you unsolicited messages. Interactive Area postings may be retained indefinitely. If at any time you would like to remove a posting, please email us at [privacy@company.com]. Keep in mind that removal of a posting from an Interactive Area does not mean that the posting will be deleted from our systems.

SECURITY OF OUR DATA

Whenever you submit an order to Company, you can do so over a secure (i.e., encrypted) connection. This ensures that your personal information is not at risk. Additionally, we encrypt your credit card information and store it in a secure location, which can be accessed only by authorized personnel. As no method of transmission over the Internet, or method of electronic storage is 100% secure, while Company uses commercially reasonable methods to protect your personal information, we cannot guarantee that it is absolutely secure. In the unlikely event that an unauthorized third-party compromises Company’s security measures, Company will not be responsible for any damages directly or indirectly caused by an unauthorized third party’s ability to view, use or disseminate your information.

REVIEWING, UPDATING, OR CORRECTING YOUR INFORMATION

If at any point you wish to access your personal information to (1) change your preferences, (2) review the accuracy, or (3) correct, supplement or modify your information, you may make a written request to [insert email address].

CHANGES IN PRIVACY POLICY

Company reserves the right to amend the Privacy Policy from time to time at its sole discretion and will provide notice by email or on the home page of the Site when we make material changes to this Privacy Policy prior to the change becoming effective.

LINKS TO THIRD PARTY SITES

Our Site includes links to other sites whose privacy practices may differ from those of Company. If you submit personal information to any of those sites, your information is governed by their privacy policies. Please review the privacy policy of any Web site you visit.

SOCIAL MEDIA

On some pages, we allow you to share Personal Information with third parties, such as social networks like Facebook. In these instances, you are agreeing to the data being shared and the shared data is subject to the privacy policies of the third parties. We do not control and do not assume any responsibility for the use of personal information by such third parties. For more information about the third party’s purpose and scope of their use of personal information in connection with sharing features, please visit the privacy policies of such third parties.

REFERRAL PROGRAM EMAILS

If you choose to use our referral service to tell a friend about our Site, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the Site. We store this information for the sole purpose of sending this one-time email and tracking the success of our referral program.

Your friend may contact [privacy@company.com] to request that we remove this information from our database.

CHILDREN

We do not intend to solicit or collect Personal Information from anyone under the age of 18. If you are under 18, do not enter information on this site or engage our services. If you believe a child of yours under the age of 18 has entered Personal Information please contact [INSERT EMAIL] to have the data removed and terminate the child’s account.

CONTACT INFORMATION

Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their Personal Information. Subject to any exemptions provided by law, if you live in this area you have the right to request access to your Personal Information, as well as to seek to update, delete, or correct this Information.

[If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this Web site, you can contact our Data Protection Officer at ______________][privacy@company.com].

You can contact Company by emailing [INSERT EMAIL, PHONE, and ADDRESS].

SOME COMPANIES ELECT TO SUBSCRIBE TO A SERVICE THAT ALLOWS YOU TO SELF-CERTIFY THAT YOUR PRIVACY POLICY IS COMPLIANT WITH GDRP AND OTHER INTERNATIONAL DATA PROTECTION LAWS. ONE SERVICES IS PRIVACY SHIELD.  IF YOU ELECT TO SUBSCRIBE TO PRIVACY SHIELD YOU MAY ADD THESE PARAGRAPHS, AND TO SUBSCRIBE, YOUR PRIVACY POLICY WILL BE REVIEWED.

PRIVACY SHIELD

Company has certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (individually and collectively, “Privacy Shield”). Company complies with the Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, transfer and retention of personal information from European Union member countries and Switzerland. Company has certified that it adheres to the Privacy Shield based on Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield programs, and to view our certification pages, please visit https://www.privacyshield.gov/. If you would like to exercise any of your data protection rights (including the right to have your personal information disclosed or deleted), please contact us using the “Contact Information” below.

U.S. FEDERAL TRADE COMMISSION ENFORCEMENT

Company’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

General Data Protection Regulation Explained

There is some confusion over the GDPR, the General Data Protection Regulation,  that goes into effect on May 25, 2018. This regulation strengthens the privacy rights of individuals living in the European Union (not only E.U. citizens) and applies to anyone who does business with those persons, even if that simply means collecting data for marketing purposes.

Nancy Wolff, DMLA Counsel, has written a comprehensive explanation of the regulation that you can read here.

Importance of Net Neutrality

Net neutrality means that internet service providers should enable access to all content and applications regardless of the source, without favoring or blocking particular products or websites.  Seems simple, right?  Why has it become such a major political issue?

The Senate voted today to pass a measure that would repeal changes to net neutrality rules that were recently adopted by the Republican-controlled Federal Communications Commission. Chances are that the House won’t approve this repeal.

Why is Net Neutrality so Important?  In an article written by Tiffany Li,  an attorney and resident fellow at Yale Law School’s Information Project,  a big picture of the impact is presented.

 

GDPR Explained

by Nancy Wolff, DMLA Counsel

You may have noticed an increase in urgent messages from companies updating their privacy policies in anticipation of the upcoming deadline to become GDPR compliant. “GDPR” refers to a new European Union law – the General Data Protection Regulation that goes into effect on May 25, 2018. This regulation strengthens the privacy rights of individuals living in the European Union (not only E.U. citizens) and applies to anyone who does business with those persons, even if that simply means collecting data for marketing purposes.

Privacy is becoming more and more of a global issue, and the E.U. is leading the way in attempting to protect personal data. The policies behind the GDPR aim to increase transparency, in terms of both what personal data is collected and how it may be used, and the accountability of those who maintain and use that personal data. The regulation is complex and extensive and includes steep penalties for those who are not compliant – up to €20,000,000 or 4% of global revenue from the previous year, whichever is greater.

But before you think the solution is to simply exclude all European residents from your client base, or have a panic attack, it is important to recognize that the E.U. “privacy police” are unlikely to expect immediate full compliance or have the operational capacity to scrutinize every business transacting with E.U. residents. Your goal should be to reevaluate your privacy practices to be as compliant as possible given your type of business and your use of personal data.

The stock industry is not a business that primarily engages in personal data collection. The purpose of the industry is to aggregate and license content on behalf of contributors to those who legitimately incorporate it in their publishing, marketing, or other media works. Stock companies should continue to use best practices regarding the security of personal data, obtaining proper consent from those who they send marketing communications, and updating privacy policies to accurately reflect how information is used and how an individual can contact someone in your company about what personal data is collected. (A new sample privacy policy that can be modified to comply with your company’s practices will be provided shortly). There is a common understanding in recent literature published about the GDPR that many industries will be provided a soft launch period, despite the fact that the regulation has been published since 2016.

At its highest level, the GDPR requires any company who collect personal data to maintain it securely, and to provide transparency in what ways it may use the personal data. The definition of “personal data” is quite broad and includes anyinformationthat relates to an identifiable person. See GDPR, Art. 4, Sec. 1. The individuals whose data is collected are called “data subjects.” See GDPR, Art. 4, Sec. 1. Those who collect data are called “controllers.” See GDPR, Art. 4, Sec. 7. Those who process data for controllers are referred to as “processers.” See GDPR, Art. 4, Sec. 8.  Any content library with contributors, distributors, customers and model releases, is a controller and needs to keep its records that contain personal data secure.

The first step toward GDPR compliance is to audit your data practices. Make a list of what personal data you collect and how you use that data. Then, when you update your privacy policy, you can use that list to make sure that you have provided adequate disclosure of how you use the personal data.The regulations require that the notice is not written in legalese but inclear and plain language.In general, you should not collect or retain information that you have no legitimate business purpose to collect.

The privacy notice should address the following to sufficiently inform the data subject:

  • Who is collecting the data?
  • What data is being collected?
  • What is the legal basis for processing the data?
  • Will the data be shared with any third parties?
  • How will the information be used?
  • How long will the data be stored for?
  • What rights does the data subject have?
  • How can the data subject raise a complaint?

Further, if someone from the E.U. requests information about the personal data you collect, you have an obligation to respond to requests within 1 month and may not charge the data subject for responding. You also need to give the E.U. resident the ability to update that information and the ability to remove the information if there is no legitimate reason to maintain that personal data.Additionally,any data breach of personal information must be reported within 72 hours.

Individuals subject to the GDPR can enforce these new rules, as it provides for a private right of action, but there must be some material damage.

In terms of marketing to customers or potential customers in the E.U., the consent rule under the GDPR is an “opt-in” instead of “opt-out” rule. Consent must be very clear and cannot be buried in terms and conditions. There should be a separate check box for marketing and promotions and for accepting terms and conditions.

It is too soon to know how these new regulations will impact the image licensing industry. To some extent all photographs of recognizable people contain personal data. Some have asked whether the new “right to be forgotten” will affect the industry and whether models or subjects could request that images be erased or consent withdrawn. While these regulations have not been officially interpreted yet, this kind of overly broad interpretation would be contrary to the purpose of the regulations – which is to address privacy issues with data collection.

The regulations do acknowledge that there are legitimate business reasons to retain certain personal information. The licensing of editorial as well as commercial images by image libraries serves an important business and newsgathering function and model releases are required to be retained for many business and legal purposes, and are necessary to produce in the event of a claim. Further, the “right to be forgotten” is not absolute and the regulations acknowledge that other rights, such as the right to freedom of expression and information, including processing for journalistic purposes and the purposes of academic, artistic or literary expression must be reconciled with this right. These exceptions should insulate the licensing of images and restrict persons from demanding that images be removed.

This article is intended to be a broad overview of this new regulation and not a complete description of the GDPR or any company’s obligations. You are encouraged to seek further advice and there are many websites offering insights. Importantly, the regulations have not been interpreted and we will continue to monitor this topic. The GDPR will be included in the DMLA legal panel at the DMLA Annual meeting in October.

Keep Fighting for Artists’ Rights!

The letters that are being sent are starting to make a difference so don’t stop!

More members of the House Judiciary Committee need to be paying attention to H.R. 3945 – CASE Act!

Keep up the fight by sending a letter each week! The more we send, the closer we’ll be to getting the copyright protection YOU deserve!

You can find your a sample letter and your representative here.  It’s easy.  Just do it!

Job Postings for Alamy in New York

 

 

 

Alamy has two new job opportunities in their New York Office

Sales Manager – Editorial

https://www.alamy.com/work-for-us/us-jobs/sales-manager-editorial-2018.asp

Sales Manager – Commercial

https://www.alamy.com/work-for-us/us-jobs/sales-manager-commercial-2018.asp

AMAZON VP TO OPEN LICENSING EXPO

You’re invited to attend Licensing Expo 2018!

The landscape of commerce and customer expectations is rapidly changing. Nicholas Denissen, Vice President, Amazon, will deliver the opening keynote address at Licensing Expo 2018, speaking to how brands can grow their business online and what Amazon is doing to enable them. Nick, and panelists from industry leaders working with Merch by Amazon will discuss how they are capitalizing on e-commerce and reshaping their businesses to better anticipate customer appetite for unique content and larger selection.

 

Don’t miss these great insights and more from Licensing Expo – register for FREE today!
Acquire new strategies, shape innovative ideas, and build practical solutions by attending Licensing University™

Organized by LIMA (The International Licensing Industry Merchandisers’ Association), Licensing University includes a full day of “Basics” programming for industry newcomers, a full slate of “up close and personal” Roundtable sessions, and countless sessions on the latest trends in the licensing industry. Look no further to build and refine your brand licensing expertise at Licensing Expo.

Here are some Licensing University sessions we think you would enjoy:

In order to attend Licensing University, you must first be registered for Licensing Expo.

Register Now

SUPPORT NEEDED FOR CASE ACT!!

I’m sure that you’re aware we been working for the last few years with a group of other associations on what is now the CASE Act (HR#3945) the SMALL CLAIMS TRIBUNAL BILL, a bill by Representatives Hakeem Jeffries (D-NY), Tom Marino (R-PA), Doug Collins (R-GA), Lamar Smith (R-TX), Judy Chu (D-CA), and Ted Lieu (D-CA). The bill is ready for write-up and we are now awaiting a date for that to happen based on a couple of issues still being worked out, but it looks like it could be as early as next week.

It has come to our attention that so far only about 2200 letters have been received by the Copyright Alliance platform which is less than 5 letters per member of Congress–barely even noticeable. We have been told by the players on the Hill that the passage of this bill will come down to grassroots support and this is a very poor showing. They need to see that we are behind this important bill for creators!

We need every member and their photographers and their adult children, friends and neighbors to send letters to their representatives!

I am asking you to send out a plea to your staff and photographers to help us get this bill passed by contacting their representatives. It is really easy. There are letters ready for them to use here. If we fail and small claims doesn’t make it through this year, it will be very difficult to get it passed in subsequent years. THIS IS OUR CHANCE! Please help all creators protect their copyrights!

Thanks so much for your help!

DMLA’s Amicus Brief Supports Argument as Oracle defeats Google Fair Use Argument over Java Code Packets

Last week the U.S. Court of Appeals for the Federal Circuit reversed the U.S. District Court for the Northern District of California’s ruling of fair use in Oracle America, Inc. v. Google LLC, and held that a verbatim and non-transformative taking in the presence of an actual or potential licensing market fatally undermined the defense.

Even in industries unrelated to computers, mobile devices, software, and source code, the court’s broad pronouncement that “[t]here is nothing fair about taking a copyrighted work verbatim and using it for the same purpose and function as the original in a competing platform” is both powerful and beneficial to creators and licensors of copyrighted content. DMLA’s amicus brief with the support of the coalition of Visual Artists– and one of many amicus briefs in this hotly contested case– helped explain to the court of appeals the importance of licensing markets in fair use cases in general. Ultimately DMLA supported the winning argument and contributed to the creation of appellate-level precedent that will help image licensors everywhere in responding to many infringement claims, as it turns on harm to the licensing market.

Read the entire article here