Connect wallet to continue
By connecting, I agree to JPG’sTerms of Service

Terms & Conditions

Effective Date: June 7th, 2021

This Privacy Policy provides information about, and applies to, the processing (i.e., the collection, further processing, use and sharing) of Personal Data on visitors to our websites by all entities belonging to Juried Photo Gallery (“JPG”).

Some special rules apply to processing by us that is subject to the European Union’s (“EU”) data protection rules including in particular the EU’s General Data Protection Regulation (“GDPR”), as explained under that heading, towards the end of this Policy. Similarly, data protection rules in the State of California, United States of America, may apply.

At the end of this policy, we also provide basic information on how we build privacy- and data protection law compliance into all our solutions “Privacy and Data Protection by Design and Default” (see section titled the same).

Scope of this policy

This Privacy Policy applies to any personal information or data we obtain from and on you, our visitors to our websites, in connection with your visit to our website and in connection with any follow-up to that visit (e.g., the sending of email updates on our products if you have asked for those. On the protection of your data in relation to the use of our solutions by our customers, see the section at the end of this Privacy Policy, under that heading.

By “personal information or data” we mean any information or data that relates to an identified or identifiable living person. In the United States, this type of information is often referred to as “Personally Identifiable Information or PII, while in Europe, the term “Personal Data” is used.

(There are some differences between US-defined PII and Europe-defined Personal Data, but this policy takes the broadest view of the terms to include all data that relate to an identified or identifiable individual – referred to in European data protection law as the “data subject”.)

Finally, in the event you chose to transfer to another site via a “button” or API on our site, you would as a consequence be covered under the terms of use and privacy policy of that site, not ours.

Session Cookies

We collect some information on you and on the device through which you connect to our website that is essential to make our site work. This is mainly done through so-called “cookies” that expire at the end of your visit (“session cookies”). This information can include your IP address, the type of device you are using and the operating system, browser type and version and whether your browser is JavaScript compatible. This information is only used during your visit (the so-called “session”) and deleted immediately when you leave our website (hence the term “session cookies”). You cannot reject the use of these cookies.

Analytics Cookies

We also collect some information on you and your device that we analyze in a depersonalized (pseudonymous) way to help us improve the user experience of visitors to our sites (“analytics cookies”). In addition to the essential information mentioned above, this may include your preferred language; geographic location using IP address, the location of an access point you access while using the Service, or the GPS or wireless technology on your device; date and time of your visit; any searches you conducted on our site; and areas of our site that you visited. We also may log the length of time of your visit and the number of times you visit our site. We may assign you one or more unique identifiers to help keep track of your future visits. This information is generated by various tracking technologies that may include “cookies,” “flash LSOs,” “web beacons” or “web bugs,” and “clear GIFs”. We may use third party tools to analyze the above information and to create statistics in relation to our website use. In the process of creating the statistics, all identifying elements are removed: the statistical outcome data no longer contain any personal information or data. We use the statistical outcome data for the following purposes.

  • To know how many visitors per day visit our site
  • To know how much traffic we are sending outbound
  • To know which items on our site are being downloaded (e.g. PDFs, long-form reports, short items)
  • To identify items not found, i.e. 404s so that we can fix them
  • To identify the types of operating systems being used and browsers so we can design our site accordingly
  • To identify the time of day when our site is most used in case we want to do syncs and repairs (that result in our site being down temporarily)
  • These statistics are only available to JPG and our third-party agents servicing our website. JPG keeps the aggregate (depersonalized) data indefinitely, and uses this aggregate data to report internally, to our Board and to our investors. For instance, we will report to our Board that a report was downloaded X number of times. We do not share any of our analytics data with anyone else or make it available to anyone else.

Lists and Forms

On our website, you can sign up to several lists and forms, i.e.:

  • Sign up for the mailing list: In the future, JPG may create a form that asks for your email address. These addresses may be collected and stored in a third-party account and may be used by JPG for email marketing.
  • Contact us: This form asks only for your full name, phone, email address, and asks you to write a brief message regarding the nature of the contact.
  • The text on the pages where these lists and subscription forms are offered explain the purpose of the list or form and how the information will be used in more detail.

The signing up to any of these lists is of course entirely voluntary – but if you do want to sign up to any of them, you will have to provide the requested information (or least the information requested in the *mandatory fields in the relevant form).

We will only use the information you provide in these contexts to provide you with the service you requested, such as email updates on selected products, or a test account; and in a de-personalized form for analytical purposes (for instance, to see how many visitors from a particular industry sector or a particular country signed up for these services).

You can always unsubscribe from any of these lists, either by re-visiting the relevant webpage and clicking on “Unsubscribe” or, if the service involved the receipt of emails (such as email updates), by clicking on the “Unsubscribe” link that we will provide at the bottom of each such email.

Diclosusrse of Personal Data

We share your data with JPG affiliates and certain third-party service providers as and when this is appropriate for our business purposes including the processing described in this Privacy Policy. Other than as described in this Policy, we do not disclose any Personal Data to third parties (except as and when required by law).

Data Retention

We will only keep any information or data on you for as long as we need the information or data to interact with you (or in rare instances, where this may be needed for legal purposes). We clean our email, contact and partner lists at least every twelve (12) months and will then delete any data on people with whom we have not interacted for that period (except that again, in rare instances we may retain data for longer if this is necessary for legal reasons).

Use of Processors

We use other companies to assist us in the processing of your data. They only process the Personal Data on our behalf and as instructed or agreed by us. In EU data protection law, such agents are called processors. We have contracts in place between us and these processors that meet all the requirements of U.S. and EU privacy/data protection law.

On the requirements of the EU General Data Protection Regulation for contracts with processors, see Article 28 GDPR, here:

https://gdpr-info.eu/art-28-gdpr/

Transfers of Personal Data on EU individuals to non-EU countries

When we collect information from and on individuals in the EU, we may transfer those data to servers and processors in non-EU countries, in particular in the USA. When we do so, we do this on the basis of standard data transfer contracts as approved by the Commission of the EU, or on the basis of the so-called “Privacy Shield” agreed between the EU and the USA, for service providers or processors who have self-certified their compliance with the Privacy Shield principles.

For information on the EU standard transfer contracts, see:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

For information on the EU – USA Privacy Shield, see:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en

https://www.privacyshield.gov/welcome

UPDATE IN THE LIGHT OF THE “SCHREMS II” JUDGMENT OF THE COURT OF JUSTICE OF THE EUROPEAN UNION:

On 6 October 2020, the Court of Justice of the EU issued a judgment in the “Schrems II” case,[2] in which it invalidated the EU-US “Privacy Shield” and said that in some cases in which standard data transfer contracts were being used for transfers of Personal Data from the EU to the USA “supplementary measures” were needed to protect those data against undue (indiscriminate) access by the U.S. security services. JPG is carrying out a transfer impact assessment into JPG’s data transfers to see if any such supplementary measures are required. However, the outcome of this assessment will have to await the guidance on this issue that is currently being prepared by the European Data Protection Board (the body established under the GDPR that provides guidance on the application of that regulation). Once the assessment has been finalized on the basis of this guidance, JPG’s policies and practices will, if necessary, be amended to reflect this guidance; and any such changes will be reported on this Privacy Statement webpage.

http://curia.europa.eu/juris/liste.jsf?num=C-362/14

Data Security

We use administrative, organizational, technical, and physical safeguards to protect the personal information and data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. We regularly test our website, data centers, systems and other assets for security vulnerabilities, and require any companies that assist us in the processing of Personal Data on our websites to also take all appropriate administrative, organizational, technical and physical measures needed to ensure the security of the information and data they process.

Right of Access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

For information on Right of Access, see:

https://ico.org.uk/your-data-matters/your-right-to-get-copies-of-your-data/

Right to Rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. Any corrections will be shared with the other JPG affiliates, and where necessary any third parties to which the data may have been disclosed, to ensure corrections are made by all parties.

For information on Right to Rectification, see:

https://ico.org.uk/your-data-matters/your-right-to-get-your-data-corrected/

Right to Erasure

You have the right to ask us to erase your personal information in certain circumstances.

For information on Right to Erasure, see:

https://ico.org.uk/your-data-matters/your-right-to-get-your-data-deleted/

As noted above, under “Lists and forms”, you can also unsubscribe at any time from our mailing list, contact list or partner subscription list.

(and from 1 January 2021, the UK General Data Protection Regulation)

Some of the processing of Personal Data carried out by JPG may be subject to the EU General Data Protection Regulation. This applies in particular to any processing of Personal Data by JPG on clients and suppliers (and their staff) in the European Union or the European Economic Area (EEA). Where JPG is processing Personal Data on behalf of an EU/EEA-based client, in the use of a JPG solution by that client, it processes the data on the relevant individuals (typically, customers of the client) in the capacity of an agent – what the GDPR calls a processor. In all these cases, JPG will process the Personal Data in accordance with the EU GDPR, and the rights set out above will be granted in full compliance with the EU GDPR, by any JPG entity (because the EU GDPR applies and will continue to apply to all such processing, also after the post-Brexit transition period during which the EU GDPR applies in the UK as if the UK were still a Member State).

On 31 December 2020, the post-Brexit transition period will end, and the data protection law that applies in the UK will then be the “UK GDPR” which is for the time being almost the same as the EU GDPR (but that may change over time). However, this does not affect the application of the EU GDPR to the processing of Personal Data set out above: that will remain subject to the EU GDPR because the EU GDPR applies to any processing by any entity outside the EU in relation to the offering of goods or services to individuals in the EU/EEA, or the monitoring of the behavior of such individuals by such an entity, and to any processing by any entity acting as a processor for an entity that is subject to the EU GDPR (such as EU/EEA-based clients of JPG).

In relation to clients and suppliers in the UK, JPG will process all relevant Personal Data in accordance with the EU GDPR until the end of the post-Brexit transition period (because until then the EU GDPR continues to apply in the UK). From 1 January 2021, JPG will process all Personal Data that will then become subject to the UK GDPR in accordance with that UK GDPR. If, after that date, the data are also subject to the EU GDPR (because of the stipulations on its applicability outlined above), JPG will also process the data in accordance with the EU GDPR.

[3] The European Economic Area consists of all the 27 EU Member States plus Iceland, Liechtenstein and Norway. EU data protection law including the GDPR also applies to the non-EU EEA states.

All JPG’s solutions are based on the principles of “Privacy and Data Protection by Design and Default”. This means we design all our solutions so as to implement all appropriate technical and organizational measures, such as pseudonymization, data minimization, encryption and other security measures, ensure full, built-in compliance with all applicable data-protection principles and requirements, including those relating to the rights of data subjects (Cf. Article 25 GDPR).



If you want to exercise any of these rights, or to receive any further information on our processing of your personal information and data, please email us at [email protected]

California Consumer Privacy Act – for California users

Information From Children Under Thirteen (aka The “Dinesh” Clause)

We do not knowingly collect information online from children under 13. If you are a parent or guardian and you learn that your children have provided Flashbots with Personal Information, please contact us. If we become aware that Personal Information has been collected from a child under age 13 without verification of parental consent, we will take steps to remove that information from our servers.

Under the California Consumer Privacy Act (the “CCPA”), a business that collects consumers’ personal information must provide to consumers access to the specific pieces and categories of personal information that the business has collected about the consumer, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties with whom the information was shared. California residents also have the right to submit a request for deletion of information under certain circumstances. Consistent with the CCPA, if you choose to exercise your rights, we won’t charge you different prices or provide different quality of services unless those differences are related to your information.

As a consumer you have the following rights:

  • To request that we disclose what personal information (about you) we collect, use, disclose, and sell;
  • To request deletion of your personal information we collect or maintain. This right is limited, and we may not always honor your request, particularly when it is necessary to maintain your information for legal purposes or to complete any business we have with you.

To opt-out of the sale of your personal information by the business. A “sale” occurs when your personal information is exchanged with a, non-service provider, third party in exchange for valuable consideration. It is not a sale when you intentionally authorize us to disclose your personal information or interact with a third party.

To not receive discriminatory treatment by the business for exercising any of the privacy rights conferred under the CCPA.

Exercising Your Rights Under the CCPA

To exercise your rights under the CCPA, you may contact us using any of the contact information at the bottom of this policy. Pursuant to the law, we will honor any verified request. You have the right to make a free request two times in any 12-month period. We will make the disclosure within 45 days of receiving your request, unless we request an extension. In the event that we reasonably need a 45-day extension, we will notify you of the extension within the initial 45-day period.

Right of Deletion

You have the right to request that we delete your personal information, subject to certain exceptions. After we receive and validate your request, we will delete your personal information, as well as direct our service providers to delete your personal information, unless an exception applies.

The CCPA permits using a designate an authorized agent to make a request on a consumer’s behalf. You may designate an agent by seeking from us and filling the agent-designation form. Both the designated agent and the consumer are subject to verification before accepting a consumer rights request.

California residents may report complaints to the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by writing to them at 400 R Street, Sacramento, CA 95814, or by telephone at 800.952.5210. For other states, please check with your state's consumer protection authority.

Residents of the state of California have the right to request certain information from us with respect to the types of personal information we share with third parties for their direct marketing purposes, as well as the identities of the third parties we have shared such information with during the immediately preceding calendar year. To exercise your choices, please contact us using the contact information at the bottom of this Privacy Policy.

Changes to this Policy

We may revise this Privacy Policy from time to time. If we make a change to this policy that, in our sole discretion, is material, we will take steps to notify all users by a notice on the site. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.Contact us

If you have questions concerning this Privacy Policy, or you notice any bugs, errors or violations please feel free to send us an email at [email protected]

Updated: June 7th, 2021