PRIVACY POLICY
Scott Eden Photography LLC
Effective Date:
Last Updated:
1. INTRODUCTION AND SCOPE
This Privacy Policy (“Policy”) describes how Scott Eden Photography LLC, a Maryland limited liability company (“Company,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal information from visitors to our website [To be completed] and customers who purchase our photography services. Our principal place of business is located at 2811 Deepwater Trail, Edgewater, Maryland 21037.
This Policy applies to all personal information we collect through our website, email communications, telephone interactions, and in-person transactions. By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by this Policy and our separate Terms of Service.
This Policy is designed to comply with applicable federal and state privacy laws, including the Maryland Online Data Privacy Act (effective October 1, 2025), the Children’s Online Privacy Protection Act (15 U.S.C. §§ 6501-6506), the Federal Trade Commission Act Section 5 (15 U.S.C. § 45), and other applicable privacy regulations.
2. INFORMATION WE COLLECT
2.1 Categories of Personal Information
We collect only the personal information that is strictly necessary and proportionate to provide our photography services and maintain our customer relationships. The categories of personal information we collect include:
Contact Information:
Full name (first and last name)
Email address
Mailing address (street address, city, state, ZIP code)
Telephone number [when provided]
Transaction Information:
Purchase history and transaction records
Payment method information (processed securely through our payment processor)
Order details and service preferences
Billing address information
Communication Records:
Email correspondence between you and our company
Customer service inquiries and responses
Photography session scheduling and coordination communications
2.2 Methods of Collection
We collect personal information through the following methods:
Direct Collection: When you voluntarily provide information by:
• Completing contact forms on our website
• Making purchases through our online platform
• Subscribing to our email communications
• Contacting us via email or telephone
• Scheduling photography sessions or consultations
Automatic Collection: Through essential website functionality including:
• Essential cookies necessary for website operation, security, and shopping cart functionality
• Server logs that record basic technical information for website maintenance and security
2.3 Data Minimization Commitment
We adhere to strict data minimization principles, collecting only personal information that is directly relevant to and necessary for the specific purposes outlined in this Policy. We do not collect sensitive personal information such as Social Security numbers, financial account numbers, health information, biometric data, or other sensitive categories of personal information.
3. HOW WE USE YOUR INFORMATION
3.1 Primary Purposes
We use your personal information solely for the following legitimate business purposes:
Service Delivery and Transaction Processing:
Processing and fulfilling photography service orders
Coordinating photography sessions and appointments
Delivering digital photographs and related products
Managing customer accounts and service preferences
Processing payments and maintaining transaction records
Customer Communication and Support:
Responding to customer inquiries and providing customer service
Sending order confirmations, delivery notifications, and service updates
Providing technical support for our services
Communicating about scheduling changes or service-related matters
Legal Compliance and Business Operations:
Complying with applicable legal obligations and regulatory requirements
Maintaining accurate business records as required by law
Protecting against fraud, unauthorized access, and other security threats
Enforcing our Terms of Service and other legal agreements
3.2 Purpose Limitation
We do not use your personal information for any purposes beyond those specifically described in this Policy. We do not engage in targeted advertising, behavioral profiling, or automated decision-making that produces legal or similarly significant effects. We do not sell, rent, or lease your personal information to third parties for any purpose.
3.3 Legal Basis for Processing
Our processing of your personal information is based on the following legal grounds:
Performance of our contract with you for photography services
Legitimate business interests in providing customer service and maintaining business operations
Compliance with legal obligations under applicable federal and state laws
Your explicit consent where specifically requested
4. INFORMATION SHARING AND DISCLOSURE
4.1 Third-Party Service Providers
We share personal information only with essential third-party service providers who assist us in delivering our services. These service providers are contractually obligated to protect your personal information and use it only for the specific purposes we authorize. Our current service providers include:
Payment Processing:
Squarespace: Processes online payments and maintains secure payment card information in compliance with Payment Card Industry Data Security Standards (PCI DSS)
Email Communications:
Gmail: Facilitates customer email communications and maintains email correspondence records
Website Hosting and Technical Services:
GoDaddy: Provides website hosting, domain management, and technical infrastructure services
4.2 Data Processing Agreements
All third-party service providers are required to enter into comprehensive data processing agreements that include:
Strict limitations on the use of personal information
Requirements to implement appropriate technical and organizational security measures
Obligations to notify us of any data security incidents
Commitments to delete or return personal information upon termination of services
Compliance with applicable privacy laws and regulations
4.3 Required Disclosures
We may disclose personal information when required by law or when we believe in good faith that disclosure is necessary to:
• Comply with legal process, court orders, or government requests
• Protect and defend our legal rights and property
• Investigate potential violations of our Terms of Service
• Protect the personal safety of our customers, employees, or the public
• Prevent or investigate fraud, security breaches, or other illegal activities
4.4 Business Transfers
In the event of a merger, acquisition, sale of assets, or other business transfer, personal information may be transferred to the acquiring entity, provided that the acquiring entity agrees to honor the commitments made in this Policy.
4.5 No Data Sales
We do not sell, rent, lease, or otherwise transfer personal information to third parties for monetary or other valuable consideration. We do not participate in data broker activities or provide personal information to third parties for their own marketing purposes.
5. COOKIES AND TRACKING TECHNOLOGIES
5.1 Types of Cookies Used
We use only essential cookies that are strictly necessary for the proper functioning of our website and services. These essential cookies include:
Authentication Cookies:
• Session management for logged-in users
• User authentication and account access
• Security verification and fraud prevention
Shopping Cart and Transaction Cookies:
• Maintaining items in your shopping cart during your session
• Processing online orders and payments
• Preserving your preferences during the checkout process
Security and Performance Cookies:
• Protecting against cross-site request forgery and other security threats
• Load balancing and website performance optimization
• Error tracking and technical troubleshooting
5.2 Cookie Management
Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. Please note that disabling essential cookies may impair your ability to use certain features of our website, including making purchases and accessing your account.
To manage cookies in your browser:
• Chrome: Settings > Privacy and Security > Cookies and other site data
• Firefox: Settings > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Cookies and website data
• Edge: Settings > Cookies and site permissions > Cookies and site data
5.3 No Tracking or Analytics
We do not use tracking cookies, analytics cookies, advertising cookies, or other non-essential tracking technologies. We do not participate in cross-site tracking, behavioral advertising, or third-party advertising networks.
6. YOUR PRIVACY RIGHTS
6.1 Individual Rights
You have the following rights regarding your personal information:
Right to Access: You have the right to request confirmation of whether we process your personal information and to obtain a copy of the personal information we maintain about you, including:
• The categories of personal information we have collected
• The sources from which we collected your personal information
• The business purposes for collecting your personal information
• The categories of third parties with whom we share your personal information
Right to Correction: You have the right to request that we correct inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes for which we process it.
Right to Deletion: You have the right to request that we delete personal information we have collected about you, subject to certain exceptions including:
• Completing transactions for which the personal information was collected
• Complying with legal obligations
• Exercising or defending legal claims
• Maintaining business records as required by law
Right to Data Portability: You have the right to request that we provide your personal information in a portable, machine-readable format that allows you to transmit the data to another entity.
6.2 Opt-Out Rights
Universal Opt-Out Mechanism Recognition: We recognize and honor universal opt-out preference signals transmitted by your browser or device, including Global Privacy Control (GPC) signals, as a valid request to opt out of the sale of personal information. Since we do not sell personal information, these signals serve as confirmation of our no-sale practices.
Email Communications Opt-Out: You may opt out of receiving promotional email communications from us by:
• Clicking the “unsubscribe” link in any promotional email
• Contacting us directly at seden@scottedenphotography.com
• Following the opt-out instructions provided in our communications
Please note that even if you opt out of promotional communications, we may still send you transactional emails related to your orders, account, or customer service inquiries.
6.3 Submitting Privacy Requests
To exercise your privacy rights, you may submit requests through the following methods:
Email: Send a detailed request to seden@scottedenphotography.com with the subject line “Privacy Rights Request”
Online Form: [To be completed - website-specific form]
Written Request: Mail your request to:
Scott Eden Photography LLC
Attention: Privacy Rights
2811 Deepwater Trail
Edgewater, Maryland 21037
6.4 Request Processing
Verification Requirements: To protect your privacy and security, we will verify your identity before processing your request. Verification may require:
• Providing information that matches our records
• Responding to verification emails sent to your registered email address
• Providing additional documentation for high-risk requests
Response Timeframes: We will respond to your privacy rights requests within forty-five (45) days of receipt. If additional time is needed due to the complexity of your request, we may extend this period by an additional sixty (60) days with written notice explaining the reason for the extension.
No Discrimination: We will not discriminate against you for exercising your privacy rights, including by:
• Denying goods or services
• Charging different prices or rates
• Providing different levels of quality of goods or services
• Suggesting that you will receive different treatment
7. DATA SECURITY
7.1 Security Measures
We implement comprehensive technical, administrative, and physical security measures designed to protect personal information against unauthorized access, use, disclosure, alteration, and destruction. Our security program includes:
Technical Safeguards:
• Industry-standard encryption for data transmission and storage
• Secure Socket Layer (SSL) technology for all data transfers
• Regular security updates and patches for all systems and software
• Secure server infrastructure with access controls and monitoring
• Automated backup systems with encrypted storage
Administrative Safeguards:
• Comprehensive privacy and security training for all employees
• Strict access controls limiting employee access to personal information on a need-to-know basis
• Regular review and updating of security policies and procedures
• Background checks for employees with access to personal information
• Incident response procedures for security breaches
Physical Safeguards:
• Secure facilities with controlled access and surveillance systems
• Locked storage for physical documents containing personal information
• Secure disposal procedures for documents and electronic media
• Environmental controls to protect against natural disasters and equipment failure
7.2 Third-Party Security
We require all third-party service providers to implement appropriate security measures to protect personal information, including:
• Encryption of personal information during transmission and storage
• Regular security assessments and compliance certifications
• Prompt notification of any security incidents or data breaches
• Contractual obligations to maintain confidentiality and security
7.3 Data Breach Response
In the event of a data security incident that poses a risk to your personal information, we will:
• Immediately investigate and contain the incident
• Assess the scope and nature of the compromised information
• Notify affected individuals without unreasonable delay
• Provide clear information about the incident and steps being taken to address it
• Offer appropriate assistance and resources to affected individuals
• Report the incident to relevant authorities as required by law
7.4 Security Limitations
While we implement robust security measures, no system is completely secure. We cannot guarantee the absolute security of personal information transmitted to or stored by us. You can help protect your information by:
• Using strong, unique passwords for your accounts
• Keeping your login credentials confidential
• Logging out of your account when finished
• Promptly reporting any suspicious activity to us
8. DATA RETENTION
8.1 Retention Principles
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention practices are guided by the following principles:
• Data minimization: We retain only the minimum amount of personal information necessary
• Purpose limitation: We retain information only for the original collection purposes
• Storage limitation: We establish specific retention periods for different categories of information
8.2 Retention Periods by Category
Transaction and Order Information:
• Purchase records and transaction history: Three (3) years from the date of transaction
• Payment information: Retained only as long as necessary to process payments and resolve disputes
• Order fulfillment records: Three (3) years from completion of service delivery
Customer Communication Records:
• Email correspondence: Three (3) years from the date of last communication
• Customer service inquiries: Three (3) years from resolution of inquiry
• Marketing communications preferences: Until you opt out or request deletion
Account and Contact Information:
• Active customer accounts: Retained while account remains active plus three (3) years
• Inactive customer accounts: Three (3) years from last account activity
• Contact information for non-customers: One (1) year from last interaction
Legal and Compliance Records:
• Records required for tax purposes: Seven (7) years as required by applicable tax laws
• Records required for business licensing: As required by applicable regulations
• Legal dispute records: Until resolution of all related legal matters plus applicable statute of limitations
8.3 Secure Deletion Procedures
When personal information reaches the end of its retention period or when you request deletion, we implement secure deletion procedures including:
• Complete removal of information from active databases and systems
• Secure overwriting of electronic storage media to prevent data recovery
• Physical destruction of paper documents using cross-cut shredding
• Verification that information has been completely removed from backup systems
• Documentation of deletion activities for compliance purposes
8.4 Legal Hold Exceptions
We may retain personal information beyond the standard retention periods when:
• Required by law, regulation, or court order
• Necessary for pending or threatened legal proceedings
• Needed to protect our legal rights or defend against legal claims
• Required for ongoing government investigations or regulatory inquiries
9. CHILDREN’S PRIVACY
9.1 Age Restrictions
Our website and services are not directed to children under the age of eighteen (18) years. We do not knowingly collect, use, or disclose personal information from children under 18 years of age. Our photography services are designed for and marketed to adults who can enter into legally binding contracts.
9.2 COPPA Compliance
In accordance with the Children’s Online Privacy Protection Act (15 U.S.C. §§ 6501-6506), we do not knowingly collect personal information from children under 13 years of age without verifiable parental consent. If we become aware that we have inadvertently collected personal information from a child under 13, we will:
• Immediately cease collection of such information
• Delete the child’s personal information from our systems
• Not use or disclose the information for any purpose
• Implement additional safeguards to prevent future collection
9.3 Parental Rights and Responsibilities
If you are a parent or guardian and believe that your child under 18 has provided personal information to us, please contact us immediately at seden@scottedenphotography.com. Parents and guardians have the right to:
• Review any personal information we have collected from their child
• Request deletion of their child’s personal information
• Refuse to permit further collection or use of their child’s information
• Request that we not disclose their child’s personal information to third parties
9.4 Enhanced Protections for Minors
For any photography services involving minors (with proper parental consent), we implement enhanced privacy protections including:
• Requiring written parental consent before any photography session
• Limiting the collection of personal information to what is strictly necessary
• Providing parents with complete control over the use and disclosure of images
• Implementing additional security measures for any information involving minors
• Providing clear opt-out mechanisms for parents at any time
10. INTERNATIONAL DATA TRANSFERS
10.1 Data Transfer Limitations
In compliance with the Protecting Americans’ Data from Foreign Adversaries Act of 2024, we implement strict controls on international data transfers. We do not transfer personal information to countries or entities that may pose risks to national security or individual privacy rights.
10.2 Service Provider Locations
Our primary service providers operate within the United States:
• Squarespace: United States-based payment processing services
• Gmail: Google services with data centers primarily in the United States
• GoDaddy: United States-based hosting and technical services
10.3 Transfer Safeguards
When any international data transfer is necessary for legitimate business purposes, we implement appropriate safeguards including:
• Contractual data protection clauses that meet or exceed U.S. privacy standards
• Regular assessment of the privacy laws and practices in destination countries
• Technical measures to protect data during transmission and storage
• Ongoing monitoring of geopolitical developments that may affect data security
10.4 Data Localization
We maintain primary data storage within the United States and implement data localization practices to minimize international data transfers. Personal information is processed and stored on servers located within the United States whenever technically feasible.
11. POLICY UPDATES AND CHANGES
11.1 Update Procedures
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will provide notice of material changes through the following methods:
Email Notification: We will send email notice to all customers at their registered email addresses at least thirty (30) days before material changes take effect.
Website Posting: We will post the updated Policy on our website with a clear indication of the effective date and a summary of material changes.
Prominent Notice: For significant changes that materially affect your privacy rights, we will provide prominent notice on our website homepage.
11.2 Material Changes Definition
Material changes include, but are not limited to:
• Changes in the categories of personal information we collect
• New purposes for using personal information
• Changes in third-party sharing practices
• Modifications to your privacy rights or how to exercise them
• Changes in data retention periods
• Updates to security practices that may affect data protection
11.3 Continued Use and Consent
Your continued use of our website and services after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated Policy, you may:
• Discontinue use of our website and services
• Contact us to discuss your concerns
• Exercise your right to delete your personal information
• Opt out of future communications
11.4 Version Control
We maintain version control for all Privacy Policy updates, including:
• Clear effective dates for each version
• Archive of previous Policy versions
• Documentation of changes made between versions
• Compliance records demonstrating proper notice procedures
12. CONTACT INFORMATION AND REQUESTS
12.1 Privacy Contact Information
For all privacy-related questions, concerns, or requests, please contact us using the following information:
Primary Privacy Contact:
Scott Eden Photography LLC
Email: seden@scottedenphotography.com
Phone: [To be completed]
Mailing Address:
2811 Deepwater Trail
Edgewater, Maryland 21037
12.2 Request Submission Methods
You may submit privacy requests through any of the following methods:
Email Requests: Send detailed requests to seden@scottedenphotography.com with “Privacy Request” in the subject line. Please include:
• Your full name and contact information
• Specific nature of your request (access, correction, deletion, etc.)
• Any relevant account or transaction information
• Preferred method for receiving our response
Written Requests: Mail written requests to our business address listed above, marked “Attention: Privacy Rights Request”
Online Form: [To be completed - website-specific contact form]
12.3 Response Commitments
We are committed to responding to all privacy inquiries and requests in a timely and professional manner:
Initial Response: We will acknowledge receipt of your request within five (5) business days
Full Response: We will provide a complete response within forty-five (45) days, or notify you if additional time is needed
Follow-up Support: We will provide ongoing support to ensure your privacy concerns are fully addressed
12.4 Additional Resources
Terms of Service: Please also review our separate Terms of Service document, which governs your use of our website and services.
Regulatory Contacts: If you have concerns about our privacy practices that we cannot resolve, you may contact:
• Maryland Attorney General’s Office Consumer Protection Division
• Federal Trade Commission Consumer Sentinel Network
• Other applicable regulatory authorities
Document Information:
• Document Type: Privacy Policy
• Governing Law: Maryland State Law and Applicable Federal Law
• Business Entity: Scott Eden Photography LLC
• Principal Address: 2811 Deepwater Trail, Edgewater, Maryland 21037
• Effective Date: [To be completed]
• Last Updated: [To be completed]
This Privacy Policy constitutes a legally binding agreement between Scott Eden Photography LLC and users of our website and services. By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy.