Roles
You (the photographer) are the data controller. Holdstill is the data processor. We process personal data — gallery viewer emails, download logs, favorites — strictly on your documented instructions.
Holdstill legal
Data Processing Agreement.
When you use Holdstill to deliver galleries to your clients, we act as your data processor. This DPA sets the terms.
Last updated
30 April 2026
Scope of processing
Hosting, delivery, analytics, AI-assisted sequencing, and migration of gallery content and related metadata for the duration of your subscription.
Data residency
All personal data is stored and processed within the European Union. Backups remain in the EU. We do not transfer personal data to third countries without an adequacy decision or appropriate safeguards.
Subprocessors
We use a short, named list of EU-based subprocessors (hosting, email, AI inference). The current list is available on request and updated with at least 30 days' prior notice for material changes.
Security
Encryption in transit and at rest, role-based access, audit logging, regular penetration testing, and least-privilege internal controls. Incident response within 72 hours per Art. 33 GDPR.
Data subject requests
We assist you in responding to access, rectification, erasure, and portability requests from your clients within reasonable timeframes.
International transfers
Where unavoidable, transfers rely on Standard Contractual Clauses and additional technical measures (encryption, pseudonymization).
Audit rights
Once per year, you may request a summary of our security controls and recent independent assessments. On-site audits are available for enterprise plans.
Termination
On termination, we return or delete all personal data within 30 days, except where retention is required by law.
Liability
Liability under this DPA is governed by the main terms of service, unless a separate enterprise agreement says otherwise.