PRIVACY POLICY
Effective since: 23/03/2026
SCOPE OF THIS POLICY
PicShotLab OÜ (“we”, “us”, “our”, “Company”, “PicShotLab“) is committed to protecting your privacy. On this page, you can learn what information about you we collect while you interact with PicShotLab and how we process the personal data you provide us with.
This Policy is intended to help you understand:
一 why we collect your personal data;
一 how we collect, use and store your personal data;
一 which rights relating to your personal data you have;
一 how you can exercise the rights relating to your personal data;
一 how we use cookies and other tracking technologies;
一 how we share and disclose your personal data.
This Privacy Policy (“Policy”) applies between you and PicShotLab. It describes how we handle the data you provide us with through our website https://picshotstudy.com/ (“Website”) and service (“Platform”), including via contact forms, when you interact with us via our email address picshotstudy@gmail.com, or on our social media sites, including, but not limited to, LinkedIn, Instagram, and Telegram (“Social media accounts”), during video or phone calls or otherwise provide us with information about yourself.
When processing your personal data, PicShotLab can play different roles under the GDPR and other applicable laws and regulations. Depending on the factual circumstances of the processing, we may act as a data controller or joint controller under the GDPR.
You can be a Website Visitor or Client:
- You are a Website Visitor when you merely browse our Website and provide us with your data through cookies and other tracking technologies or contact us via email, phone or available contact forms on our Website;
- You are a Client when you register on the Platform, contact us via email, contact forms on our Website, or our Social media accounts for assistance and/or to leave feedback, share personal data during video or phone calls, or otherwise provide us with personal data when you use our services.
INTERPRETATION AND DEFINITIONS
We use the following definitions in this Policy:
“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679).
“data controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and how any personal data is processed.
“data processor” means the natural or legal person who processes personal data on behalf of the data controller.
“joint controllers” means two or more controllers jointly determining the purposes and means of processing.
“data subject” is a person who can be identified, directly or indirectly, by details like their name, identification number, location, online identifier, or factors related to their physical, physiological, genetic, mental, economic, cultural or social identity.
“personal data” means any information relating to you and helping identify you (directly or indirectly), such as your name, last name, email, location, etc.
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
TYPES OF PERSONAL DATA WE COLLECT
We collect and process information about you in accordance with this Policy. We may collect your personal data through the Website (including contact forms) and Platform, email, Social media accounts, and during video or phone calls, or via other ways of communication.
We collect two basic types of information about you in connection with our Website and services: Client and Website Visitor Data, which relate to Clients and Website Visitors, respectively. In particular, we collect the following:
Client and Website Visitor Data:
— Contact Information. When you submit your data via email, or contact forms available on the Website, through our Social media accounts, or share your personal data during video or phone calls, we may collect your personal data. This information may include your first name, last name, phone number, email, and any other details you provide to us.
— Registration Information. When you create an account on the Platform, we collect your email address and the password you choose to register your account and ensure access. You may also customise your account, in which case we may collect the information you choose to share with us as part of that customisation.
— Authentication Token Information. When you sign up using OAuth (such as Google), we may receive your full name, email address and profile image where available.
— Communication Information. We may collect certain information during our communications with you, such as the content of emails, messages, or video/phone conversations. This can include a brief summary of the discussion, key details relevant to our interaction, or, with your consent, a recording of the call.
— Payment Information. We can collect financial details or banking information in conjunction with other information needed for invoicing and bookkeeping purposes, such as your full name, email, phone number, and other transactional details to obtain payment from you.
— Cookies Information. We may use cookies and other tracking technologies on our Website to function correctly, for analytics, marketing activities, remembering your preferences, and for other purposes. Such use may involve the transmission of information from us to you and from you to a third-party website or us. To learn more regarding our use of cookies, please, read the ‘Use of cookies’ section of this Privacy Policy and our Cookies Policy.
— Automatically Collected Information. When you access the Website, we may collect certain information about your device automatically. We may use this information for technical administration of our Website, analytics, research and development, monitoring and improving our Website.
| We DO NOT sell your data.We DO NOT use automated decision-making, including profiling, which produces legal effects concerning a data subject or similarly significantly affects a data subject.We DO NOT intentionally collect and process the personal data of children and any sensitive personal data. Please, refrain from sharing your or third-party sensitive personal data. |
GROUNDS FOR PROCESSING
We collect and process your personal data in accordance with the provisions of the GDPR and other applicable laws and regulations.
Under the GDPR there is an exclusive list of lawful bases, allowing us to process your personal data. During personal data processing, we rely only on four of them, namely:
Article 6.1(a): consent
We collect the information you choose to give us, and we process it under your consent. You may withdraw your consent to the processing of your personal data at any time.
You may withdraw your consent to the processing of your personal data by emailing us at picshotstudy@gmail.com or contacting us in any other way convenient for you.
Article 6.1(b): performance of a contract
When you provide us with personal data via available options on our Website and Platform, this can sometimes be considered a request to form a contract or perform a contract between you and us. However, we may ask you for clear consent in case of doubt.
Article 6.1(c): legal obligation
We process your personal data to fulfil our legal obligations, such as complying with tax or regulatory requirements. If you request to exercise your rights under the GDPR, we may ask you for some personal data for verification purposes to identify you and comply with the applicable law.
Article 6.1(f): legitimate interest
We process your personal data for the purposes of our legitimate interests, such as:
一 preventing fraud,
一 ensuring the security of our Website and Platform, and
一 providing you with a seamless user experience.
We only collect and use the strictly necessary data to achieve these purposes provided that your fundamental rights and freedoms are not overridden.
HOW WE USE YOUR DATA
When acting as a data controller or joint controller, we use your personal data for the purposes listed in the table below, where we also detail the types of personal data processed, legal bases we rely on to do so, third parties with whom we may share your personal data and information on the source of such data:
| Purpose of Processing | Types of Personal Data | Legal Grounds | Third-PartyRecipients | Source |
| Creating an account on the Platform | — Registration Information — Authentication Token Information | Performance of a contract (Article 6(1)(b)) | Contractors | Client, Google |
| Maintaining the account on the Platform (including ensuring availability and accessibility of account and preventing bugs) | — Registration Information — Automatically Collected Information | Performance of a contract (Article 6(1)(b)) | Contractors | Client |
| Communication with Clients and Website Visitors (including responding to inquiries through the forms on the Website) | — Registration Information — Contact Information— Communication Information | Your consent (Article 6(1)(a))Performance of a contract (Article 6(1)(b)) | Contentsquare, Contractors | Client, Website Visitor |
| Analytics and developing activities (for optimising and enhancing our Website and services) | — Cookies Information— Automatically Collected Information | Your consent (Article 6(1)(a))Our legitimate interest (Article 6(1)(f)) | Contentsquare, Google Analytics, Stape, Contractors | Client, Website Visitor |
| Marketing activities (contact you about our services and products and conduct other marketing activities) | — Registration Information — Contact Information— Communication Information | Your consent (Article 6(1)(a)) | Meta Ads Manager, Contractors | Client, Website Visitor |
| Payment processing (for invoicing and bookkeeping) | — Registration Information— Payment Information | Performance of a contract (Article 6(1)(b)) | Stripe, Contractors | Client |
| Fraud prevention | — Registration Information— Payment Information— Cookies Information— Automatically Collected Information | Our legitimate interest (Article 6(1)(f)) | Stripe, Contractors | Client, Website Visitor |
| Legal compliance (including cookie consent management) | — Registration Information— Payment Information— Cookies Information | Legal obligation (Article 6(1)(c)) | Contractors | Client, Website Visitor |
USE OF COOKIES
When you visit our Website, we automatically gather certain information through cookies. These cookies, for example, can help us understand your interactions with our Website, enhance your browsing experience, improve our Website and services, and conduct marketing activities. To learn more about the types of cookies we use and how you can customise your cookie preferences, please review our detailed Cookies Policy.
DATA RETENTION
We keep personal data for as long as needed to fulfil the purposes outlined in this Policy.
We store Cookies Information for the period specified in our Cookies Policy.
We may not delete or anonymise your data if we are compelled to keep it under the GDPR and other applicable laws.
Notwithstanding any of the aforementioned periods of data storage, you may request to delete your personal data by emailing us at picshotstudy@gmail.com or contacting us in another convenient way.
SECURITY AND INTEGRITY OF THE DATA
We have implemented appropriate organisational, technical, administrative, and physical security measures designed to protect your personal data from unauthorised access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.
SHARING YOUR DATA WITH OTHER ENTITIES
We may share your personal data with other entities in accordance with the provisions specified hereafter.
Sharing personal data with joint controllers (other controllers)
We act as the joint controller when cooperating with Meta Platforms Ireland Limited, namely when we use Meta Pixel. For this personal data processing case, we are the party to Meta’s Controller Addendum.
In particular, Meta Platforms Ireland Limited and we act as joint controllers with regard to:
— marketing and statistical data collected by Meta and shared with us via Meta Pixel; and
— emails of the clients we provide Meta with to customise the advertising of our services.
When we act as a joint controller for particular processing of personal data, a data subject may exercise their rights under the GDPR in respect of and against both joint controllers.
Sharing data with data processors
There are many features necessary to provide you with our services that we cannot complete ourselves; thus, we seek help from third parties. We may grant some service providers access to your personal data, in whole or part, to provide the necessary services.
Therefore, we may share and disclose your personal data to other data processors, namely, to:
一 Google Analytics (Google Ireland Limited, Ireland): for Website analytics purposes. You may read its Privacy Policy here.
一 Stripe (Stripe Technology Company, Limited, Ireland): for payment processing purposes. You may read its Privacy Policy here.
一 Contentsquare (Content Square SAS, France): for communication with Clients and Website Visitors. You may read its Privacy Policy here.
— Stape (Stape Europe OÜ, Estonia): for Website analytics purposes. You may read its Privacy Notice here.
As part of our business operations, we may engage various specialists who may receive your personal data, including technical, sales, legal and marketing professionals, to provide you with better client service. Collectively, these specialists are referred to in this Policy as Contractors.
INTERNATIONAL DATA TRANSFERS
We may transfer your personal data to countries outside the European Union (EU) and the European Economic Area (EEA) that are not deemed to provide an adequate level of data protection under Article 45 of GDPR (adequacy decision).
In such cases, we will ensure that appropriate safeguards are implemented in accordance with the GDPR to protect your personal data, in particular, the standard contractual clauses adopted by the European Commission. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with these third parties to ensure that your personal data is adequately protected.
We put supplementary technical and organisational measures in place when transferring data outside the EU and the EEA. e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.
LINKS TO THIRD-PARTY WEBSITES OR SERVICES
This Policy applies only to this Website. We strongly recommend you review the privacy documents of any websites you may reach by following the hyperlinks presented on our Website. We have no control over the content and data practices of other websites and are not responsible for their actions.
SOCIAL MEDIA ACCOUNTS
We manage the Company’s official pages on various social media sites including LinkedIn, Telegram and Instagram. We can collect information about you when you interact with us via our Social media accounts by following our official pages, posting comments, or reacting to our content.
When you contact us via our Social media accounts for assistance or leave us feedback regarding the provision of services, we can collect this information for further communication purposes. You can find a detailed description of the personal data that we may collect from you above in the ‘How we use your data’ section of this Policy.
Please note that depending on the social media platform, additional processing operations may be conducted by the operators of these platforms. We recommend always checking social media platforms’ privacy policies and rules regarding the collection of your personal data.
DATA SUBJECT AGE
Our Website and services are intended for general audiences and are not directed to children under the age of 18. By submitting your personal data to us, you acknowledge that you have reached the age of 18, and under the laws of your country of residence, you have all rights to provide us with your personal data for processing.
Under the GDPR, we do not knowingly collect any personal data from children under age of 16 (or a lower age if provided by EU member state law, provided that such lower age is not below 13 years).
If we learn we have collected or received personal data from a child, we will delete that information. If you have any reason to believe that a child has provided their personal data to us, please contact us at picshotstudy@gmail.com.
RIGHTS UNDER GDPR
You may exercise the following rights by submitting a data subject request at picshotstudy@gmail.com.
Please note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
| Right under the GDPR | Description | How to exercise it |
| Right to withdraw consent(Art. 7) | You can withdraw your consent for data processing at any time. | You can submit a request. |
| Right to be informed(Art. 13, 14) | You have the right to be informed about the collection and use of your personal data. | All information about our collection and use of your personal data is described in this Privacy Policy and the Cookies Policy. |
| Right of access(Art. 15) | You have the right to confirm whether your personal data is being processed by us and access such data, along with specific information. | You can submit a request. |
| Right to rectification(Art. 16) | You have the right to correct inaccurate personal data about you and to have incomplete personal data completed. | You can submit a request. |
| Right to erasure (“right to be forgotten”)(Art.17) | You have the right to have your personal data deleted without undue delay where one of the following grounds applies:一 the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;一 you withdraw consent to consent-based processing;一 you object to the processing under certain rules of applicable data protection law;一 the personal data have to be erased for compliance with a legal obligation in the European Union or an EU Member State law;一 the personal data have been collected in relation to the offer of information society services referred to in Article 8(1);一 the personal data have been unlawfully processed. | You can submit a request. |
| Right to restriction of processing(Art. 18) | You can limit the way in which we use your data where one of the following applies:一 you contest the accuracy of the personal data;一 processing is unlawful, but you oppose erasure;一 we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise, or defence of legal claims;一 you have objected to processing, pending the verification of that objection. | You can submit a request.Where processing has been restricted on this basis, we may continue to store your personal data.However, we will only otherwise process it:一with your consent;—for the establishment, exercise, or defence of legal claims;一 for the protection of the rights of another natural or legal person;一 or for reasons of important public interest. |
| Right to data portability(Art. 20) | You have the right to receive your personal data in a structured, commonly accepted, and machine-readable format and have the right to request that we transmit this data directly to another controller to the extent that the legal basis for our processing of your personal data is your consent or performance of a contract and the processing is carried out by automated means. | You can submit a request. |
| Right to object(Art. 21) | You have the right to object to our processing of your personal data at any time to the extent that the processing is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.Also, you have the right to object to our processing of your personal data for direct marketing purposes (including profiling). | You can submit a request. |
| Right not to be subject to a decision based solely on automated processing, including profiling(Art. 22) | This right restricts us from making solely automated decisions, including those based on profiling, which produce legal or other significant effects for data subjects. | We DO NOT use automated decision-making and profiling. |
| Right to lodge a complaint(Art. 77) | You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates the requirements of the GDPR. | You can submit the complaint in the EU member state of your place of habitual residence or to the data protection authority stated in this Privacy Policy. |
| Right to compensation(Art. 82) | Any person who has suffered material or moral damage as a result of a violation of GDPR requirements has the right to receive compensation from the controller or processor for the caused damage. | Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under the law of the EU Member State referred to in Article 79(2). |
COMPLAINTS
We encourage you to reach out to us initially with any concerns you may have regarding the processing of your personal data. You may use the following email to address your inquiries: picshotstudy@gmail.com.
You have the right to lodge a complaint about our use of your personal data with a data protection authority. For more information, please contact your national data protection authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find a full list of EU supervisory authorities through this link.
AMENDMENTS TO THE POLICY
We may periodically update this Policy to reflect new updates, technologies, legal requirements, or for other reasons. Any changes will be communicated by posting an updated version of the Privacy Policy on our Website.
We encourage you to review this Policy periodically. If possible, we always give advance notice of upcoming changes by indicating when the new version of the Privacy Policy will take effect. If you continue to use our Website or services or otherwise provide us with your personal data after the new version of the Privacy Policy goes into effect, we assume that you agree to the changes.
HOW TO CONTACT US
If you have a question related to this Policy, our data processing activities, or your data subject rights under the GDPR and other applicable data protection laws, you can use the following details to contact us:
一 Our company: PicShotLab OÜ
一 Our address: Harju maakond, Tallinn, Kesklinna linnaosa, Kaupmehe tn 7-120, 10114一 Our email: picshotstudy@gmail.com