Who We Are
Arenas Foto Wedding Photography provides wedding and couple’s photography services, as well as prints and photo books. Arenas Foto Wedding Photography is a registered corporation in Costa Rica. For any privacy-related questions, you can reach us at info(at)arenasfoto.com.
Who We Share Your Data With
We do not share or sell our users’ private personal information with or to anyone. The data we collect is for the purpose of analyzing visitor behavior, to determine what content is most beneficial to visitors and structure the site to make it more available, and to identify and protect our site from malicious attacks.
We use third-party services (data processors) across our site. We list the specific third-parties in use (with links to their privacy policies) in the sections below.
We disclose potentially personally-identifying and personally-identifying information only to our employees and contractors that (i) need to know that information in order to process it on our behalf or to provide services, and (ii) that have agreed, in writing, not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using our websites and services, you consent to the transfer of such information to them. We will not rent or sell potentially personally-identifying and personally-identifying information to anyone.
We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
If we ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data.
What Personal Data We Collect and Why We Collect It
Why We Collect Data
The data we collect is for the purpose of analyzing visitor behavior to determine what content is most beneficial to visitors and structure the site to make it more available to better visitor engagement with the purpose of gaining more clients, and to identify and protect our site from malicious attacks.
Customers who use the contact form on websites will have their email address, IP address, and any data provided in the contact form or body of the email stored in G Suite archives, and in the contact form submission log on our website for one month.
We have various security applications installed on our site that inspect all visits to our site to ensure our site’s security. These security applications identify and check the IP address of visitors against a list of blacklisted IP in order to prevent IP addresses on said blacklist from accessing our site. Some of these security plugins also record IP address of all visitors to our site, enabling us to review IP logs for visitors with malicious intent that were not stopped by the firewall in order to block them from accessing our site in the future.
Embedded Content from Other Websites
Links to the privacy policies of the most common services have been included below.
We’ve turned on the IP Anonymization feature in Google Analytics. You can learn more about this here: https://support.google.com/analytics/answer/2763052?hl=en
If you purchase using PayPal, we ask for:
- Full Name: To personalize your account experience.
- Email Address: So we can deliver our products and contact you if needed.
- Billing Address: For payment verification
- Billing Country: For tax purposes.
If you purchase using your credit card, we ask for all of the above, and:
- Credit Card Information: So we can process your payment. This data is sent to Stripe, and is never stored on our server.
- Billing City and Zip/Posal Code: To verify your credit card purchase.
What Rights You Have over Your Data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
If you come to our site through a link provided by one of our affiliates, a cookie will be added to your browser in order to remember the affiliate. This cookie will remain in your browser for 60 days, or until you delete it.
Website and Database Backup & Management
We use Cloudways’ internal backup system and Updraft Plus to website files and database.
Cloudways Privacy Police: https://www.cloudways.com/en/terms.php#privacy
How We Protect Your Data
The security and reliability of our service is our number one priority. See wordpress.org/about/security for details on the security of the WordPress core itself. Prevention is best when it comes to security, and as a first step, we follow all WordPress Security Standards on our site and server. All staff only have access to systems that are directly required to complete the functions of their job. All staff (including any contractors) undergo initial training to ensure proper understanding of all security-related processes.
We also use various security applications on our website to protect it from malicious attacks and breaches, and have implemented various security strategies on our server to further secure our website and data base in addition to the security features already implemented by our hosting provider.
What Data Breach Procedures We Have in Place
Should any event occur where customer data has been lost, stolen, or potentially compromised, our policy is to alert our customers via email no later than 48 hours of our team becoming aware of the event. We will also report such incident to any required data protection authority. We will work closely with any customers affected to determine next steps such as any end-user notifications, needed patches, and how to avoid any similar event in the future.
May 21, 2018 – Updated language of the policy to be more user-friendly, specifically outlining requirements in preparation for meeting the GDPR.