1. Introduction and Scope
This Privacy Policy describes how Album Sales Experience Team (“ASET”) (collectively, “ASET,” “we,”
“us,” or “our”), collects, uses, discloses, and otherwise processes personal information about visitors to
our website at aset.co (the “Site”), professional photographers and their businesses who partner with us
(each, a “Partner”), and individuals who purchase or are offered our products and services through
Partners (each, an “End Client,” and together with Partners and Site visitors, “you”).
ASET is a U.S.-based business, and our services are directed to individuals and businesses located in the
United States. We do not knowingly direct our services to, or process personal information of,
individuals located in the European Economic Area or the United Kingdom.
This Privacy Policy does not address the practices of our Partners with respect to information they
collect directly from their own clients in the course of their photography businesses. Partners are
independent businesses and are responsible for their own privacy practices and disclosures.
2. Our Role: When We Are a Service Provider
Under the privacy laws of California and several other states, the role of a business that processes
personal information determines its obligations. ASET acts in different roles depending on the
information in question:
• Independent business (controller). When we collect information directly from you through our
Site, when you communicate with us, when you participate in a sales consultation, or when you
purchase products from us, ASET is acting as an independent business, and this Privacy Policy
governs that processing.
• Service provider/processor. When a Partner shares End Client information with us so that we
can perform sales activities on the Partner’s behalf, ASET acts as a service provider (under the
California Consumer Privacy Act) or processor (under other state laws) for that Partner. We
process that information only to perform the services and as our contract with the Partner
permits. If you are an End Client and you wish to exercise rights with respect to information that
originated with your Partner, please contact your Partner directly. ASET will reasonably assist
Partners in responding to such requests.
3. Information We Collect
The categories of personal information we collect are listed below. The categories track those defined
under the California Consumer Privacy Act and are used by other states with comparable categorical
schemes.
• Identifiers: name, postal address, email address, phone number, account name, and similar
identifiers.
• Customer records: contact details, payment-card information, billing address, and transaction
records.
• Commercial information: records of products purchased or considered, design preferences, and
consultation history.
• Internet and network activity: browsing history on our Site, interactions with our
communications, IP address, device identifiers, and similar usage data.
• Geolocation data: approximate (non-precise) location inferred from IP address. We do not
knowingly collect precise geolocation.
• Audio or visual information: recordings or images you provide or that are captured during a
consultation, only if you consent or knowingly participate.
• Professional information: information about your photography business (for Partner accounts
only).
• Inferences: inferences drawn from the above to reflect preferences, characteristics, and
predispositions relevant to product recommendations.
3.1 Sources of Information
We collect personal information from the following sources:
• Directly from you: when you contact us, schedule a consultation, place an order, or interact with
our Site.
• From our Partners: when a Partner shares End Client contact information and design
preferences with us so we can deliver sales services on their behalf.
• Automatically from your device: through cookies, pixels, and similar technologies on our Site
(see Section 7).
• From service providers: such as our payment processor (Stripe), shipping carriers, album
fulfillment laboratories, hosting and analytics providers, and customer-service vendors.
• From publicly available sources: such as professional directories or social-media accounts that
you have made public, in connection with business development.
3.2 Sensitive Personal Information
We generally do not seek to collect personal information that is treated as “sensitive” under U.S. state
privacy laws. We do collect financial-account information (including payment-card information) for the
purpose of processing transactions, which is treated as sensitive under several states’ laws. We do not
use sensitive personal information for any purpose other than the limited business purposes for which it
was collected, and we do not infer characteristics from sensitive personal information.
We do not knowingly collect precise geolocation, biometric information, racial or ethnic origin, religious
or philosophical beliefs, citizenship or immigration status, health information, sexual-orientation
information, or genetic data.
4. How We Use Personal Information
We use personal information for the following purposes:
• Service delivery: scheduling and conducting sales consultations; designing albums and wall art;
processing orders; coordinating fulfillment.
• Payment processing: processing transactions through our Stripe-integrated payment
infrastructure and managing refunds, chargebacks, and reschedule fees.
• Communication: sending order confirmations, appointment reminders, transaction
notifications, and responding to inquiries.
• Site operations: maintaining and improving our Site and online ordering platforms; preventing
fraud; and securing our systems.
• Analytics: understanding how our Site and Services are used to improve user experience and
product offerings.
• Marketing (with consent where required): sending newsletters, promotional materials, and
information about new services. You may opt out at any time.
• Legal and compliance: complying with applicable law, responding to legal process, enforcing our
agreements, and protecting our rights and the rights of others.
We will not use personal information for materially different, unrelated, or incompatible purposes
without providing you with notice.
5. How We Disclose Personal Information
We disclose personal information to the following categories of recipients, in each case for the business
purposes identified above:
• Service providers and processors: payment processors (including Stripe), album-fulfillment
laboratories and print vendors, shipping carriers, cloud-hosting and information-technology
vendors, customer-relationship-management systems, email service providers, analytics
providers, and customer-support vendors. These recipients are bound by contract to use the
information only for the purposes we specify.
• Partners: we share End Client transaction information with the relevant Partner, including
through the real-time transaction notifications described in our Services Agreement.
• Affiliates: members of The Harris Company LLC and its affiliated brands (including
Printographers Society), for the purposes described in this Privacy Policy.
• Legal and safety: government authorities, courts, regulators, and other parties when we believe
in good faith that disclosure is necessary or appropriate to comply with applicable law, respond
to lawful requests, enforce our agreements, or protect our rights, property, or safety or that of
any other person.
• Corporate transactions: an acquirer, successor, or assignee in connection with a merger,
financing, reorganization, sale of assets, or similar corporate transaction, in which case personal
information will be transferred subject to commitments at least as protective as this Privacy
Policy.
5.1 Sale and Sharing of Personal Information
We do not sell personal information for monetary consideration. However, the terms “sale” and “share”
are defined broadly under the California Consumer Privacy Act and similar state laws to include certain
disclosures to advertising and analytics partners. Specifically, our use of cookies, pixels, and similar
technologies on our Site for purposes of online advertising and analytics may constitute a “sale” or
“share” of personal information (or, in some states, “targeted advertising”) under those laws.
If you would like to opt out of these activities, please submit a request using the privacy-rights
mechanism described in Section 9 below. Where we have deployed a cookie-management tool on our
Site, you may also adjust your preferences through that tool.
We do not sell or share for cross-context behavioral advertising the personal information of any
consumer we know to be under sixteen (16) years of age, except where we have received affirmative
authorization (opt-in consent) from the consumer (if at least thirteen (13) and under sixteen) or the
consumer’s parent or guardian (if under thirteen).
6. Data Retention
We retain personal information only as long as necessary to fulfill the purposes for which we collected
it, including to satisfy any legal, accounting, or reporting requirements, to enforce our agreements, and
to resolve disputes. The general retention periods we apply are:
• Account and contact information: for the life of the account plus three (3) years after closure.
• Transaction and payment records: seven (7) years, consistent with tax and accounting
recordkeeping requirements.
• Consultation notes and order history: five (5) years following the date of the consultation or
order.
• Marketing preferences and opt-out records: for so long as you have an account or interact with
us, plus five (5) years.
• Site analytics and cookie data: up to twenty-four (24) months from collection, unless
aggregated or de-identified.
• Customer-service correspondence: three (3) years following resolution of the matter.
• Records subject to legal hold: for the duration of the hold plus any applicable retention period.
When we no longer need personal information for a permitted purpose, we securely delete it, de-
identify it, or aggregate it. Information that has been de-identified or aggregated is not subject to the
retention periods above.
7. Cookies and Tracking Technologies
Our Site uses cookies and similar tracking technologies (such as web beacons, pixels, tags, and software
development kits) to operate the Site, remember your preferences, analyze how the Site is used, and
support our marketing activities.
7.1 Categories of Cookies
• Strictly necessary cookies: required for the Site to function (for example, to authenticate users,
secure forms, or process payments). These cannot be disabled.
• Functional cookies: remember your preferences and choices, such as language or region.
• Analytics cookies: help us understand how visitors interact with our Site (for example, Google
Analytics).
• Advertising cookies: used by third-party advertising and remarketing platforms to deliver
relevant advertising and measure campaign effectiveness.
7.2 Third-Party Tools and Trackers
Categories of third-party tools currently in use on our Site include analytics platforms, advertising and
remarketing pixels (which may include Meta, Google, and similar platforms), email marketing platforms,
customer-relationship-management tools, payment processing (Stripe), and customer-support tools. A
current, detailed list is available on our Site through the cookie-management tool.
7.3 How to Manage Cookies
You can manage your cookie preferences at any time by clicking the “Cookie Preferences” link on our
Site. Most web browsers also allow you to refuse or delete cookies through browser settings; however,
doing so may affect Site functionality. We recognize the Global Privacy Control browser signal as a
request to opt out of the “sale” and “sharing” of personal information for the browser from which the
signal is received, where required by law.
8. Information Security
We maintain administrative, technical, and physical safeguards designed to protect personal
information against unauthorized access, use, alteration, and disclosure. These safeguards include
access controls, secure transmission protocols, vendor security diligence, employee training, and
incident-response procedures. Payment-card information is processed through our payment processor
(Stripe), which maintains certification under the Payment Card Industry Data Security Standard (PCI-
DSS); we do not store cardholder data on our own systems.
No system can be guaranteed to be completely secure. While we work to protect your information, we
cannot warrant the security of any information you transmit to us, and you do so at your own discretion.
If you have reason to believe that your interaction with us is no longer secure, please notify us
immediately using the contact information in Section 13.
In the event of a security incident affecting your personal information, we will notify you and applicable
regulators in accordance with applicable law, including the New York Stop Hacks and Improve Electronic
Data Security Act (the “SHIELD Act”) and N.Y. General Business Law § 899-aa, which requires notification
to affected New York residents and, in certain circumstances, to the New York Attorney General, the
New York Department of State, and the New York State Police. As a New York-registered company, we
implement reasonable administrative, technical, and physical safeguards intended to satisfy the SHIELD
Act’s reasonable-security requirements.
9. Your Privacy Rights
Depending on the state in which you reside, you may have the rights described below with respect to
your personal information. We honor these rights for residents of states whose laws grant them, and we
extend the substance of the access, correction, and deletion rights to all U.S. residents as a matter of
policy. Specific rights and the conditions for exercising them vary by state; the descriptions below are
general and apply to the extent provided under your state’s law.
• Right to know: the right to know the categories and specific pieces of personal information we
have collected about you, the categories of sources, the purposes for which we use the
information, and the categories of recipients to whom we disclose the information.
• Right to access and obtain a copy: the right to access your personal information and obtain a
portable copy in a readily usable format.
• Right to correct: the right to request correction of inaccurate personal information.
• Right to delete: the right to request deletion of personal information, subject to legal
exceptions (such as completing transactions, legal compliance, fraud prevention, and exercising
legal rights).
• Right to opt out of sale or sharing: the right to opt out of the “sale” or “sharing” of personal
information, including for cross-context behavioral advertising.
• Right to opt out of targeted advertising: the right to opt out of the processing of personal
information for purposes of targeted advertising.
• Right to opt out of profiling: in some states, the right to opt out of profiling in furtherance of
decisions that produce legal or similarly significant effects concerning you.
• Right to limit use of sensitive personal information: the right to direct us to limit the use of
sensitive personal information to certain purposes, where applicable.
• Right to non-discrimination: the right not to be discriminated against for exercising any of your
privacy rights.
• Right to appeal: in many states, the right to appeal a denial of a privacy rights request.
9.1 How to Submit a Request
You may submit a privacy rights request through any of the following methods:
• Email: admin@albumdesign.art
• Mail: Privacy Officer, ASET, 9960 Puopolo Ln, Bonita Springs, FL 34135
9.2 Verifying Your Identity
To protect your information, we will take reasonable steps to verify your identity before responding to a
request. The verification method will depend on the nature of the request and the sensitivity of the
information. For most requests, we will ask you to confirm two or more pieces of information that we
already have on file for you. We will not use information you provide for verification for any purpose
other than verification.
9.3 Authorized Agents
You may designate an authorized agent to submit a request on your behalf. We will require the agent to
provide written proof of authorization and may require you to verify your identity directly with us.
9.4 Response Timeframes
We will respond to your request within forty-five (45) days of receipt. If we need more time, we will
notify you of the extension (an additional forty-five (45) days) and the reason for the delay. There is no
charge for most requests; we may charge a reasonable fee or decline a request that is manifestly
unfounded or excessive, in which case we will explain our decision.
9.5 Right to Appeal
If we deny your request, you may appeal our decision by replying to our denial or by writing to
admin@albumdesign.art with the subject line “Privacy Rights Appeal.” We will respond to your appeal
within sixty (60) days of receipt. If your appeal is denied, you may contact your state attorney general or
applicable state agency to submit a complaint.
9.6 Non-Discrimination and Financial Incentives
We will not discriminate against you for exercising any of your privacy rights. We do not currently offer
financial incentives in exchange for personal information.
9.7 California-Specific Disclosures
California residents may exercise the rights described above with respect to the categories of personal
information set out in Section 3 and the business purposes set out in Section 4. The categories of
personal information we collected, disclosed for a business purpose, sold, or shared in the preceding
twelve (12) months, and the categories of recipients to whom we disclosed each category, are described
in Sections 3 and 5. We retain personal information for the periods described in Section 6.
California residents also have the right under California’s “Shine the Light” law to request, once per year,
certain information about our disclosures of personal information to third parties for their direct-
marketing purposes. To make such a request, please contact us at admin@albumdesign.art.
9.8 Florida-Specific Disclosures
Florida residents may exercise the rights described above to the extent provided by the Florida Digital
Bill of Rights. We do not sell sensitive personal data or biometric data; if our practices change, we will
provide the additional notices required under Florida law.
9.9 New York-Specific Disclosures
New York does not currently have a comprehensive consumer privacy law. As a matter of policy, ASET
will consider good-faith requests from New York residents to access, correct, or delete personal
information, and will respond within a reasonable time. Because New York does not currently grant
statutory consumer privacy rights, we reserve the right to decline requests or to apply procedures
different from those described above.
New York residents have rights under the New York SHIELD Act and N.Y. General Business Law § 899-aa
with respect to the security of their private information and notification in the event of a security
breach. If you believe your personal information has been compromised, please contact us at
admin@albumdesign.art.
10. Marketing Choices
You may opt out of receiving marketing communications from us at any time by clicking the
“unsubscribe” link in any marketing email, replying to a text message with “STOP,” or contacting us at
admin@albumdesign.art. We will continue to send transactional and service-related communications
(such as order confirmations, appointment notifications, and account notices) regardless of your
marketing preferences.
11. Children’s Privacy
Our Site and Services are intended for use by adults. We do not direct our Site or Services to children
under thirteen (13) years of age, and we do not knowingly collect personal information from children
under thirteen. If we learn that we have collected personal information from a child under thirteen
without verifiable parental consent, we will delete that information promptly. If you believe a child
under thirteen has provided personal information to us, please contact us at admin@albumdesign.art.
For minors aged thirteen (13) to sixteen (16), we will not “sell” or “share” personal information for
cross-context behavioral advertising without affirmative authorization, as required by applicable state
law.
12. Third-Party Sites and Embedded Content
Our Site may contain links to, and embedded content from, third-party websites and services. This
Privacy Policy does not apply to those websites or services. We are not responsible for the content,
privacy practices, or security of third-party sites. We encourage you to review the privacy policies of any
third-party site you visit.
Some content on our Site (such as embedded videos, social-media widgets, or third-party advertising
trackers) may be delivered by third parties. The third parties operating those tools may collect
information about your interactions with the embedded content as described in their own privacy
policies and as further described in our Cookie Notice.
13. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
• Email: admin@albumdesign.art
• Mail: Privacy Officer, ASET, 9960 Puopolo Ln, Bonita Springs, FL 34135
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or
applicable law. When we make material changes, we will update the “Effective Date” and “Version” at
the top of this Privacy Policy and provide notice through our Site, by email (where we have your email
address), or by other reasonable means at least thirty (30) days before the changes take effect, except
where a shorter period is required by applicable law or where the change is required to address a
security or compliance issue. We will maintain a public version history identifying material changes.