Privacy Policy

Effective Date: 13 august 2025 

Introduction 

Pictarine ("Pictarine", "we", "us", "our") is committed to protecting the privacy and security of the personal data of its users ("you", "your"). This privacy policy is designed to inform you  about how we collect, use, share, and protect your personal data when you use our platforms. In accordance with the UK General Data Protection Regulation (UK GDPR), our goal is to provide you with full transparency so that you can understand and control your data.  

Who is the Data Controller? 

The legal entity responsible for the processing of your personal data is Pictarine SASU, 46 Marco Polo Street, 31670 Labège, France, SIREN: 521391466. 

As the "data controller," Pictarine determines the purposes (the "why") and the means (the "how") of the processing of your personal data.  

Scope of this Policy 

This policy applies to all the platforms we offer, including the picta.com website and all its subdomains as well as our mobile Picta applications available on the Apple App Store and Google Play Store, (hereinafter collectively referred to as the "Platforms"). 

1. The Personal Data We Process 

To provide you with our Platforms, we need to process certain information about you. This data falls into two main categories: information you give us directly and information we collect automatically as you use our Platforms. 

1.1. Data You Provide to Us Directly 

• To Create and Fulfil Your Order: 

• User Content (Your Photos and Creations): This is the photos, images, and any other content you upload and select to create your personalised photo products (prints, cards, canvases, posters, magnets, etc.) on our Platforms. It also includes the project files you create, such as poster layouts or collages. To allow you to select your photos, our apps may request access to your device's photo gallery. 

• Order and Contact Information: Your name, surname, email address and depending on your order fulfilment method, your mailing address, and phone number are necessary to communicate with you about your order status, provide you with support, and allow our printing partners to identify your order for  delivery.  

• To Process Your Payment: Payment Information: When you pay your order online , we collect the necessary payment information, such as your credit card number, security code, and expiry date. To ensure the security of these transactions, we use secure third-party payment service providers. Pictarine does not store your full credit card number on its servers.  We only collect payment data for the transaction conducted through our Platforms. 

• For Communications, Support, and Marketing: 

• Communications Data: Any information you provide when you contact our customer support team at [email protected]  participate in a survey, or enter a promotion. 

• Marketing Preferences: If you subscribe to our newsletter, we collect your email address to send you offers, news, and tips. We will always provide a simple way for you to unsubscribe. 

• Satisfaction surveys or request for product reviews: Following a purchase on our Platforms, we may request your opinion by email through questionnaires. These satisfaction surveys or requests for product reviews can be requested by approved partners. You can object to these surveys or requests for product reviews directly in the emails sent to you or by notifying us. 

1.2. Data We Collect Automatically 

Technical, Connection and Navigation Data: When you use our Platforms, we automatically collect technical information such as your IP address, your connection logs, browser type, device identifiers (e.g., mobile advertising ID), operating system, and language preference. We also gather information about your interactions with our Platforms, like the pages you visit, the features you use, and crash logs for diagnostic purposes to improve the stability of our applications. Our tech stack includes tools like Google Tag Manager and Cloudflare that facilitate this collection. 

Location Information: We may collect approximate or precise location data if you authorise us to do so via your device settings. This feature is primarily used to help you find and select the nearest partner store for order pickup. 

Cookies and Similar Tracking Technologies: We use cookies and other similar technologies on our website and in our apps to ensure they function correctly, improve your experience, remember your preferences, and perform statistical analysis. For detailed information on the types of cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy. 

2. Our Purposes for Processing Your Data and Our Lawful Bases 

The UK GDPR requires us to have a valid legal reason (a "lawful basis") for each data processing activity. The list below details the Categories of Personal Data we use, why we process them (Purpose of Processing ) and which lawful basis (UK GDPR) we rely on for each purpose.  

• User Content (Photos, creations), Order and Contact Information: To process, produce, and fulfil your order for personalised photo products. Lawful basis: Performance of a Contract (Article 6(1)(b) of the UK GDPR)  

• Contact Information: To communicate with you regarding your order (confirmation, status, availability notification). Lawful basis: Performance of a Contract (Article 6(1)(b) of the UK GDPR)  

• Payment Information: To securely process your online payment for your order. Lawful basis: Performance of a Contract (Article 6(1)(b) of the UK GDPR)  

• Contact Information (when you contact support): To answer your questions and provide you with technical or customer assistance. Lawful basis: Legitimate Interest (Article 6(1)(f) of the UK GDPR) - to provide a quality customer service.  

• Location Information: To help you find and select a partner store for order pickup. Lawful basis: Consent (Article 6(1)(a) of the UK GDPR) - which you provide via your device permissions.  

• Technical and Usage Data: To ensure the security of our Platforms, prevent fraud, fix bugs, and improve our products. Lawful basis: Legitimate Interest (Article 6(1)(f) of the UK GDPR) - to maintain and optimise our Platforms.  

• Email Address (for marketing purposes): To send you marketing communications, special offers, and news about our products. Lawful basis: Consent (Article 6(1)(a) of the UK GDPR) - which you provide by subscribing.  

• Billing Data : To retain invoices and accounting records related to your purchases. Legal Obligation (Article 6(1)(c) of the UK GDPR) - in accordance with UK tax and company law. 

3. How and Why We Share Your Personal Data 

We do not sell your personal data. However, to provide our Platforms, we must share certain information with trusted third parties. 

3.1. With Our Printing and Fulfilment Partners 

For your order to be printed and prepared for collection or delivery, we must securely transfer your photos, order specifications (product, size, quantity), and your name to the partner you have selected. These partners act as our "data processors" under the UK GDPR, meaning they process your data only on our instructions and are contractually bound to ensure its confidentiality and security. 

3.2. With Our Service Providers (Other Processors) 

We use third-party companies that provide us with essential services for our operations. This includes: 

• Data hosting and cloud infrastructure. 

• Online payment processing to secure your transactions. 

• Analytics and diagnostic tools to help us understand how our Platforms are used and to improve them. 

• Communication services for sending transactional emails or newsletters. 

• Marketing service provider, audience measurement and analysis service provider, electronic messaging service provider,  

• Invoicing tool,   

• Cookie management tool 

These providers only have access to your data to perform these tasks on our behalf and are subject to strict contractual data protection obligations. 

3.3. For Legal Reasons or in a Business Transfer 

We may be required to disclose your personal data if required by law, to respond to a lawful request from public authorities, to protect our rights, or in the context of a business transaction such as a merger, acquisition, or sale of assets. 

4. International Transfers of Your Personal Data 

Your personal data (including your photos and order information) are retained and stored for the duration of processing on the servers of Pictarine, located in the European Union or the United States. As part of the tools we use (see article on recipients regarding our subcontractors), your data may be transferred outside the European Union. 

The UK GDPR imposes strict conditions on such transfers to ensure your data continues to receive an adequate level of protection. 

To legitimise these transfers to the United States, we rely on the UK-US Data Bridge. This is the UK's extension to the EU-U.S. Data Privacy Framework and is based on adequacy regulations made by the UK Government. It allows for the free and safe flow of data to US companies that are certified under the framework, as it recognises that they provide a comparable level of protection for personal data to that guaranteed by the UK GDPR. 

We ensure that our US partners to whom we transfer your data are certified under the UK-US Data Bridge. This means your data can be transferred to them securely without requiring additional safeguards. You can verify the certification of US companies on the official Data Privacy Framework website. 

5. Data Security and Retention 

5.1. The Security of Your Personal Data 

We take the security of your data very seriously and implement appropriate technical and organisational measures to protect it against destruction, loss, alteration, unauthorised disclosure, or unauthorised access. These measures include: 

• Encryption of data in transit between your device and our servers using secure protocols (SSL/TLS). 

• Strict access controls to ensure that only authorised personnel have access to your data. 

• Robust security procedures with our partners and providers, who are contractually required to protect your information. 

• Continuous security monitoring to adapt to new threats. 

5.2. How Long We Keep Your Personal Data 

The UK GDPR's "storage limitation" principle requires that we do not keep your data for longer than is necessary for the purposes for which it was collected. You have the right to request the erasure of your data, as described in Section 6. 

6. Your Data Protection Rights 

Under the UK GDPR, you have several rights over your personal data. 

6.1. Your Rights 

• The right of access: The right to ask us for a copy of the personal data we hold about you. 

• The right to rectification: The right to ask us to correct personal data about you that you think is inaccurate or incomplete. You have the right to ask us to correct personal data concerning you which you consider to be inaccurate, incomplete or obsolete.  

• The right to restrict processing: The right to ask us to limit the processing of your data in certain situations. 

• The right to erasure ('right to be forgotten'): The right to ask us to delete your personal data in certain circumstances (e.g., if it is no longer necessary for the purposes for which it was collected). 

• The right to determine guidelines relating to the conservation, erasure and communication of your personal data after your death.  

• The right to withdraw your consent at any time: For purposes based on consent, you can withdraw your consent at any time. This withdrawal will not call into question the legality of the processing carried out before the withdrawal. 

• The right to data portability: The right to receive the data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another controller. 

• The right to object: The right to object at any time to the processing of your data for direct marketing purposes. However, please note that we may continue processing your data despite this opposition, for legitimate reasons or to defend legal rights. 

• Rights in relation to automated decision making and profiling: The right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you. 

6.2. How to Exercise Your Rights 

To exercise any of these rights, please contact us at the following dedicated email address: [email protected]. To protect your privacy, we may need to ask you to verify your identity before we can respond to your request. 

6.3. Your Right to Lodge a Complaint 

If you believe that our processing of your personal data infringes the UK GDPR, you have the right to lodge a complaint with a supervisory authority. In the UK, the competent authority is the Information Commissioner's Office (ICO). You can contact them via their website: www.ico.org.uk. 

7. Additional Information 

7.1. Children's Privacy 

Our Platforms are not intended for children under the age of 13. We do not knowingly collect personal data from children. If we learn that we have collected data from a child without the required parental consent, we will take steps to delete that information. 

7.2. Links to Third-Party Websites 

Our Platforms may contain links to third-party websites or services . This privacy policy does not apply to their practices. We encourage you to read their own privacy policies carefully. 

7.3. Changes to This Policy 

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. These modifications will apply on the effective date of the modified version. If we make material changes, we will notify you through appropriate means (e.g., by email or via a notification in our apps). The date of the last update will always be shown at the top of this document. 

7.4. How to Contact Us 

For any questions about this privacy policy or our data protection practices, please contact: 

By email: [email protected]  

By post: 

Pictarine SAS 

46 rue Marco Polo 

31670 Labège 

France