Skinography is compliant with the spanish LOPD and the european RGPD regulations
Skinography has been from its beginning compliant with the spanish LOPD law, which bears some similarities to the GDPR, and already established many guidelines to follow on data protection, user communication and retention policies. We treat with care and under appropriate security mechanisms the information from users around the world, including the United States and many state members of the European Union, and Skinography's lead data protection supervisory authority is the spanish Agencia Española de Protección de Datos.
Starting on May 25th, 2018, Skinography is also compliant with the GDPR, here are all the details about how we collect, treat and store your data.
1. What information do we store about you?
1.1. Here's a list of all the information we store about our users
Name, first name and second name, if you provided them
Gender, when it's relevant
An encrypted version of your password
Country and region
City, if you specify it
Phone number if you specify it, required for companies
The text you enter for your Bio
The URLs of your Facebook page, Instagram, Twitter and similar profiles, if you specify them.
Height, chest, waist, hips, shoe size, bra size and other similar measurements, if you're a model and have entered them.
Complete address, along with the coordinates of the address in a map if you enter this information. It's required for companies.
Depending on the type of the user, we store the settings they set up that are specific to their profile type. For example: Photographers can specify whether they are specialised in fashion photography, advertising, portraiture … whether they are available to travel or not, etcetera.
Users upload their works to their portfolio, so we store the images, videos or other files they provide us for that purpose. We also store the titles, descriptions, tags and hashtags they provide for each photo or content, and also for each folder they setup to organise those contents.
For security purposes, we store the IP from which you're connecting to your account at Skinography, the browser type you use and other information about it like its version.
Various technical information like the date you've signed up at Skinography, the date you've accessed your account for the last time, the date you've updated your profile or uploaded a photo for the last time, your timezone, preferred currency, etcetera.
Optionally, users can request to receive invoices for their payments. In those cases, we store the provided invoicing name, address and id number to build those invoices.
When you invite another user, we store who invited who, and when.
Users can write testimonials about other users. We store those also.
The settings you specify for your account configuration, like whether you want to receive alerts about new messages or new follows, whether you want to appear in certain sections of the web or not, etcetera.
If you have a paid membership, we store the information Paypal provides us about the payments agreement, which allows us to connect with Paypal and perform the payments and renewals for your membership. We do not store your Paypal password, nor your credit card or bank account numbers.
When a user requests the optional identity verification, they send us a scan of their ID card, passport or similar id document so we can check its identity and place the “identity verified” badge in its profile. We store the scans the user sends us for that purpose. In some cases, for security purposes, we can require a user to provide a valid identification. In such cases we follow this same procedure.
Users can block other users. When that happens, we store who blocked who, and when.
Users can communicate with each other, so we obviously store the conversations. We also store whether you are connected to a chat in order to provide the “This user is online” information to the other person on the chat. We also store whether a user has seen or not the messages he received, to provide the “Double tick” information that lets other users know when their messages have been seen.
Users can report other users, photos, contents and similar, and can also place copyright infringement claims. In those cases, we store the information about the report or the claim, the explanation the user provided us (if they did), the list of photos that have been reported or claimed, and the private messages the user has attached to the report.
We do occasionally provide some users with discount coupons and similar offers. In such cases, we store the information about the coupons that have been send to users, and about when they're redeemed.
Users can create groups and castings where other users can join. Those groups provide tools such as a forum, a shared calendar and a file sharing service. When a user creates or joins a group, we store the information about the group, the date he created or joined it, the messages they contributed to the forum, the files they uploaded to share with the other members and the events they added to the shared calendar.
Users can publish ads and castings at Skinography. We store the information they enter for them, along with the images they attach to them.
Users can follow other users, just like Twitter or Instagram. In such cases, we of course store the information about who is following who.
Users can like photos or other contents, and perform other social interactions like commenting, mentioning or tagging other users, etcetera. For those cases, we store the information about who did what, and when. In the case of comments, we also store the comment itself.
Users can create lighboxes that allow them to build private or public lists of photos, videos, users or other contents. In such cases, we store the information about the lightbox, when it was created, and all the contents the user places inside the lightbox.
When our users install the Skinography App in an Android or iOs device, we store the unique identifier of the installation, the device name, brand and model. That allows us to send them notifications.
Users can open a support ticket to request for help or solve their questions. We store the information they provide us through those tickets.
Some of this information is not required to be entered in certain cases, or is not requested to the user in some other cases. Only the data that is relevant to the user profile type is requested. For example: We do not ask for the gender of a company representative because it’s not relevant to the profile of the company, but we do require it for models because it’s relevant, for example, when we notify them about castings that are only aimed to a specific gender.
1.3. Statistical information
To understand how our users use Skinography, and to improve our service, we store information about the number of visits, page views and similar statistical information. This information is not specific for each user: we do not track the visits or the behaviour of individual users. Instead, we gather data that is not linked to specific users. Additionally, we do not use Google Analytics in Skinography, so we do not support nor participate in the gathering of information Google does of users that visit sites using their technology. Instead, we use an open source analytics tool (Matomo) that anonymises the IPs so they’re never linked to a specific user. Following this policy of anonymous statistical information, we keep historical track and store the following data:
The visits Skinography receives.
The number of times the Skinography home and all other sections at Skinography have been viewed.
The number of times a user profile, a photo, a video or other contents have been viewed.
The computer or the device type, brand and model our users are using to visit Skinography, and other similar information related to those devices like their screen resolution.
Other, more technical, information about how our users use Skinography, like the time they stay in each page, the order in which they browse through our site, the average time it takes for them to load Skinography, and similar.
2. Sharing information
We do not share any information of our users with anyone. If we ever need to do it (for example, if we were to organise a fashion photography contest that is managed by another company specialised in such events), we would ask each user individually clearly, with an opt-in checkbox you would need to click in order to give us permission.
3. Who, where and for how long is my information being stored
Skinography is a project owned by Lorenzo Herrera, with Identification number 39898734J, and postal address P.O.Box 257, ZIP 43840, Salou (Spain). We’re available at [email protected], but we recommend you to create a support ticket for a faster communication.
Skinography stores your information during all the time you keep your account active. When you cancel your account, according to the spanish LOPD law, we’re required to hold your information for at least 2 years. When that happens, your information is completely removed from the internet so it’s not published anywhere, but we keep it in a safe database where it is exclusively available for legal purposes and to public administrations, judges and courts, under a legal request.
The statistical information related to your activity at Skinography is not removed from our database, but is dissociated from your identity so we can keep historical information that is helpful to us, but it’s no longer linked to you in any way. For example: We want to know how many people published castings on January 2013, but we won’t be able to know who did it, or the contents of the casting itself, if the user has cancelled his account. I.e: When you cancel your account, we only know that “someone” published “some casting” on January 2013.
Our servers are located in Roubaix and Gravelines, two beautiful small towns in France where OVH, our technical partner, has setup secure and powerful data centres. We put all our efforts to store your information in a secure way.
4. Your rights
Of course, you have the right to do whatever you need with the information we have of you, here’s the complete list of your rights:
4.1. Right to be informed
Whenever you need, we'll let you know any information at our hand about the data we hold about you, and a list of all the data we're storing about you.
4.2. Right of access
You can access all the information whe store about you, and it’s as simple as logging in to your account at Skinography. Also, of course, It's free.
4.3. Right of rectification
You can change the information we have about your. That might seem obvious, but you already know that you can change your profile, your photos, and anything else via your account menu at Skinography
4.4. Right of erasure
Of course, you can remove any information we have of you. Again, it’s as easy as accessing your account at Skinography. You'll be able to change anything there, or to completely cancel your account if you wish.
4.5. Right to restrict processing
This means you can ask us to stop using your information in any way, but still keeping it in our databases. If you ever need to do that, we have added the option to put your profile in “Invisible mode”, which does precisely that.
4.6. Right to data portability
That means you can ask us to transfer or copy your data to another company when one of our tools requires it in order to get some benefit. For example, imagine we were to offer you a tool that allows you to connect your Facebook account to your Skinography profile. You would have the right to do so, and we would need to ask you for permission. We’ve never done anything like that, but if we ever do, we’ll let you know.
4.7. Right to object
The relevant part of this right for us is that you can request us to stop sending you marketing emails. You can always configure what emails and communications you want to receive from us from the “Notifications” section in your account. Also, we always ask you for permission first whenever we need such things. The other two cases contemplated in the law by this right are much more bizarre and do not apply directly to Skinography (the objection to us using your data for legal purposes if we ever needed to, or for scientific/historical research), but you can also object to them in your “Privacy” settings.
4.8. Right not to be subject to automated decision-making, including profiling
Automated decision-making or profiling refers to what some sites do by taking the information they have about you and trying to guess your tastes, your personal preferences, or even to predict your behaviour in their site in order to, for example, give you specific discounts, or show you banners tailored to you. If we ever need to do something like that, we'll ask for your permission.
If you’re having trouble accessing any of your information, if you have any additional question, if you want to cancel your account and can’t find the option to do so, or if you want to change any information we have of you and couldn’t find it in your account at Skinography, let us know via email at [email protected], or even better: create a support ticket
5. Opting in for this terms
Prior to May 25th 2018, all Skinography users will be required to review this new privacy terms, which are of required acceptance in order to keep using Skinography. We ask you to read and understand them, we’re available for any question you might have at [email protected] and via our support system
You will receive an email from us in that regard, and the next time you access your Skinography account you’ll be required to read, understand and accept this terms in order to keep using Skinography, along with some additional opt-in checkboxes that will allow you to tell us how you want us to treat your data in compliance with the GDPR.