Privacy Policy – SeasonID

Last updated: [date]

1. General information

1. The controller of personal data is SeasonID (“Controller”).
2. Contact regarding personal data protection: contact@seasonid.com.
3. This Privacy Policy sets out the rules for processing personal data of users of the SeasonID website available at [seasonid.com].

2. Scope of processed data

When using the Service, we may process the following data:

• email address,
• uploaded photo,
• data provided in the contact form,
• technical data (IP address, browser type, device),
• information about consents given.

3. Purposes and legal bases of processing

Personal data is processed for the following purposes:

3.1. Provision of the Service

• Purpose: performing color analysis and delivering the report
• Legal basis: Article 6(1)(b) GDPR (performance of a contract)

3.2. Contact with the user

• Purpose: responding to inquiries
• Legal basis: Article 6(1)(f) GDPR (legitimate interest)

3.3. Payments

• Purpose: payment handling
• Legal basis: Article 6(1)(b) GDPR
• Operator: Stripe Payments Europe Ltd.

3.4. Training and improving automated analysis models (AI / ML)

• Purpose: development and improvement of automated color analysis models
• Scope: user-uploaded photos
• Legal basis: Article 6(1)(a) GDPR (voluntary consent)

This consent:

• is not required to use the Service,
• can be withdrawn at any time,
• is recorded with the date it was given.

4. Nature of biometric data

Uploaded photos may include facial images. The Controller does not process biometric data for the purpose of uniquely identifying individuals within the meaning of Article 9 GDPR.

5. Data retention

Data is retained:

• for the duration of service delivery,
• until limitation periods for claims expire,
• where AI/ML consent is given, until consent is withdrawn or data is anonymized.

6. Data recipients

Data may be transferred to:

• IT and hosting providers,
• payment operators,
• email service providers.

Personal data is not sold or shared for marketing purposes.

7. Transfers of data outside the EU

Data may be processed outside the EU only where an adequate level of protection is ensured, in accordance with GDPR (e.g. standard contractual clauses).

8. User rights

Users have the right to:

• access their data,
• rectification,
• erasure,
• restriction of processing,
• data portability,
• withdraw consent at any time,
• lodge a complaint with the President of the Personal Data Protection Office (UODO).

9. Cookies

The Service uses cookies for:

• technical purposes,
• analytics,
• security purposes.

Details are described in the Cookie Policy.

10. Data security

The Controller applies appropriate technical and organizational measures to protect personal data.

11. Changes to this Privacy Policy

This Privacy Policy may be amended. The current version is always available in the Service.