PRIVACY POLICY

Smiler Group

Localgrapher s.r.o. Company ID: 01893963
Husinecká 903/10, 130 00 Prague Czech Republic, Europe

Smiler Photo s.r.o.Company ID: 08426902
Světová 523/1, 180 00 Prague
Czech Republic, Europe

Joint Data Controllers under the General Data Protection Regulation (GDPR)

Effective Date: 1 April 2026

1. Introduction

When you use Smiler, you trust us with your personal data. We are committed to maintaining that trust by protecting your privacy and being transparent about our data practices.

This Privacy Policy describes what personal data we collect, how we use it, how long we keep it, who we share it with, and what your rights are. It applies to all users of our services, including customers who book photoshoots, visitors to our website, and photographers who work with us.

Localgrapher s.r.o. (Company ID: 01893963, Husinecká 903/10, 130 00 Prague, Czech Republic) and Smiler Photo s.r.o. (Company ID: 08426902, Světová 523/1, 180 00 Prague, Czech Republic) act as joint controllers within the meaning of Article 26 of the General Data Protection Regulation (GDPR). Both entities are collectively referred to as “Smiler,” “we,” “our,” or “us” throughout this policy.

Regardless of which entity you interact with, you may exercise your data protection rights by contacting either controller using the details provided in Section 10.

2. About Our Services

Smiler operates a photoshoot experience marketplace. Our services enable customers to book professional photoshoots at iconic locations around the world. Smiler photographers are present at various special locations (such as tourist attractions and partner venues). After the photoshoot, customers can view, purchase, and download their photos through our platform.

For more information, visit our website at smiler.co.

PART A – CUSTOMERS

3. Personal Data We Collect from Customers

We may collect and process the following categories of personal data when you use our photoshoot services.

3.1 Images (Photos)

What we collect: Photos taken during your photoshoot, which include images of you and any other individuals present in the photo (e.g., friends, family).

Why we collect it: To fulfil your photoshoot request, upload photos to our platform, and enable you to view and purchase them.

Legal basis: Performance of our contract with you (Article 6(1)(b) GDPR). For other individuals captured in group photos, we rely on our legitimate interest (Article 6(1)(f) GDPR), as group photography is an essential part of our services. We ask customers and photographers to be mindful of others in the photo and inform them of the right to object.

3.2 Contact Information

What we collect: Name, phone number and country code, or email address. After the photoshoot, the photographer shows you a QR code linking to a page where you enter your contact details. Alternatively, the photographer may enter them on their device.

Why we collect it:

  • Link the photos to your account
  • Send you a confirmation that we received your details
  • Provide a link once your photos are available on the platform
  • Send periodic reminders (within one year) if you have not yet purchased your photos

Legal basis: Performance of contract (Article 6(1)(b) GDPR) for delivering our services. For reminders about unpurchased photos, we rely on our legitimate interest (Article 6(1)(f) GDPR). You may request deletion of your photos and contact details at any time.

3.3 Correspondence Data

What we collect: Personal data included in messages you send us, your email address, and data processed through our chat function (powered by Crisp), such as your name, contact details, message history, IP address, and device type.

Why we collect it: To respond to your enquiries, questions, requests, or complaints.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in providing customer support.

3.4 Payment Information

What we collect: Name, bank account number, IBAN, and BIC.

Why we collect it: To process your payment for purchased photos and maintain our financial records.

Legal basis: Performance of contract (Article 6(1)(b) GDPR) and legal obligation (Article 6(1)(c) GDPR) for tax and accounting compliance.

4. Cookies and Similar Technologies

We use cookies and similar tracking technologies when you interact with our online services. A cookie identifies your device and may constitute personal data. For full details on the types of cookies we use and how to manage your preferences, please refer to our Cookie Policy at smiler.co/cookies.

5. How Long We Keep Customer Data

Data Category
Retention Period
Photos & contact info
30 days after the photoshoot. You may request earlier deletion at any time. We will notify you before deletion.
Correspondence data
As long as necessary to resolve your enquiry. Chat data (via Crisp) is stored for 9 months.
Payment data
As long as necessary to complete the transaction, then 7 years for tax compliance.
Tax records
7 years, unless a longer period is legally required.

6. Who We Share Your Data With

6.1 Data Processors

We engage third-party service providers who process personal data strictly on our behalf and in accordance with our instructions. These processors are not permitted to use your data for their own purposes. Our processors include:

  • Amazon Web Services (AWS) – cloud hosting and storage of photos and contact information
  • Crisp – customer support chat functionality
  • Marketing and analytics tools

6.2 External Controllers

In certain circumstances, we share personal data with third parties that process it for their own purposes:

  • Tax authorities – to comply with our legal obligations
  • Payment providers (Mollie, PayPal) – to process your payments

6.3 Sharing Between Joint Controllers

Localgrapher s.r.o. and Smiler Photo s.r.o. share personal data between themselves as joint controllers for the purposes described in this policy. Both entities have access to the data necessary to provide and improve our services.

7. International Data Transfers

Our primary data hosting is within the European Union. However, some of our processors for services such as customer communications may be based in, or transfer data to, countries outside the EU (for example, the United States). In such cases, we ensure that personal data is only transferred to countries or parties that provide an adequate level of protection in accordance with European data protection standards, including through appropriate safeguards such as Standard Contractual Clauses (SCCs).


PART B – ALL OTHER USERS

8. Data We Collect from Other Users

This section applies to all users who interact with our website and services beyond the photoshoot experience, including visitors, registered users, and photographers.

8.1 Data You Provide

  • Account information: name, email, phone number, login credentials, address, profile picture, and photos
  • Demographic data: information collected through surveys or user research
  • User content: information submitted through customer support, ratings, reviews, or other communications

8.2 Data Created During Use

  • Location data: approximate or precise location from a photographer’s device when the Smiler app is actively in use
  • Transaction data: order details, service type, dates, amounts charged
  • Usage data: access dates, pages viewed, browser type, collected via cookies, pixels, or similar technologies
  • Device data: hardware model, IP address, operating system, software version, language preferences

8.3 Data from Other Sources

We may receive user feedback, ratings, and reviews from external platforms or partners.

9. How We Use Your Data

Purpose
Description
Service delivery
Providing, personalising, maintaining, and improving our products and services
Customer support
Handling enquiries, resolving issues, and providing assistance (including via Crisp)
Research & development
Testing, analysis, and product improvement to enhance safety, security, and user experience
Marketing
Sending promotions, news, and updates about Smiler services (with your consent where required)
Operational comms
Sending receipts, service changes, policy updates, and other non-marketing messages
Legal compliance
Investigating claims, complying with legal obligations, and responding to regulatory requests
Payment processing
Working with payment partners (e.g., Mollie) to process transactions securely

Important: Smiler does not sell or share user personal data with third parties for their direct marketing purposes, except with your explicit consent.

9.1 Data Security

We are committed to safeguarding your personal data against unauthorised access, modification, disclosure, or deletion. Our security measures include:

  • Encryption of all data in transit via Transport Layer Security (TLS)
  • Restricted access to personal data on a need-to-know basis
  • Regular security scanning for vulnerabilities
  • Reliance on PCI-compliant payment providers for processing payment card data (we do not store full payment details)

9.2 Cookies

We use cookies and similar technologies to improve your experience. The types of cookies we use include:

Cookie Type
Purpose
Technical
Essential for browsing and using website features, including secure areas
Functional
Remember your preferences (e.g., language) and assist with automatic login
Analytical
Aggregate data on website usage to improve functionality (e.g., Google Analytics)
Commercial
Personalise email content and online advertisements

You can withdraw your cookie consent at any time by adjusting your browser settings. Please note that disabling cookies may limit certain features of our platform.

GENERAL PROVISIONS

10. Your Privacy Rights

Under the GDPR, you (and any other individuals whose data we process) have the following rights:

  • Right to access – request a copy of the personal data we hold about you
  • Right to rectification – ask us to correct or update inaccurate data
  • Right to erasure – request deletion of your personal data
  • Right to data portability – receive your data in a structured, commonly used format, or request transfer to another controller
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time (this does not affect prior processing)
  • Right to object – object to the processing of your personal data
  • Right to restriction – request limitation of processing in certain circumstances
  • Right to lodge a complaint – file a complaint with the Office for Personal Data Protection of the Czech Republic (Úřad pro ochranu osobních údajů, UOOU) or another relevant supervisory authority

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. If we make significant changes, we will notify you using the contact information we have on file. We recommend reviewing this policy periodically. Your continued use of our platform after amendments constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint, you may contact either joint controller:

Localgrapher s.r.o. Company ID: 01893963
Husinecká 903/10, 130 00 Prague
Czech Republic, Europe
E: help@smiler.co

Smiler Photo s.r.o.Company ID: 08426902
Světová 523/1, 180 00 Prague
Czech Republic, Europe
E: help@smiler.co

W: smiler.co

Effective: 1 April 2026 – Version 2.0