Version 1 · as of July 14, 2026
Template — informational overview, pending legal review. Fotosoft SA is a Belgian company; the DPA and Terms are governed by Belgian law (courts of Liège). The table below shows the supervisory authority and data-protection regime per country so that data subjects can exercise their rights locally.
Jurisdictions & Local Rights
Coverage
The platform is offered across BE, FR, DE, AT, IT, ES, PT, CH, UK and the US. All data is hosted exclusively in Europe.
EU/EEA (GDPR) — one regime, local authority
For BE, FR, DE, AT, IT, ES and PT the same regulation (EU GDPR) applies; only the supervisory authority and language differ.
| Country | Supervisory authority | Website |
|---|---|---|
| Belgium 🇧🇪 | Autorité de protection des données (APD/GBA) | gegevensbeschermingsautoriteit.be |
| France 🇫🇷 | Commission Nationale de l'Informatique et des Libertés (CNIL) | cnil.fr |
| Germany 🇩🇪 | Competent Land authority (Landesdatenschutzbehörde) / BfDI | bfdi.bund.de |
| Austria 🇦🇹 | Datenschutzbehörde (DSB) | dsb.gv.at |
| Italy 🇮🇹 | Garante per la protezione dei dati personali | garanteprivacy.it |
| Spain 🇪🇸 | Agencia Española de Protección de Datos (AEPD) | aepd.es |
| Portugal 🇵🇹 | Comissão Nacional de Proteção de Dados (CNPD) | cnpd.pt |
Rights (access, rectification, erasure, restriction, portability, objection) and the 30-day deletion commitment apply identically; complaints go to the authority above.
Switzerland 🇨🇭 — revised FADP (nFADP)
Switzerland is not in the EEA. The revised Federal Act on Data Protection (nFADP, in force since 1 September 2023) applies; it is closely aligned with the GDPR.
- Authority: Federal Data Protection and Information Commissioner (FDPIC / EDÖB) — edoeb.admin.ch
- Transfers from Switzerland rely on the Swiss adequacy list and, where needed, the Swiss addendum to the EU Standard Contractual Clauses.
United Kingdom 🇬🇧 — UK GDPR
- Regime: UK GDPR + Data Protection Act 2018.
- Authority: Information Commissioner's Office (ICO) — ico.org.uk
- Transfers to/from the UK use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs.
United States 🇺🇸 — state privacy laws (CCPA/CPRA et al.)
- No federal GDPR equivalent; state laws apply, notably the California Consumer Privacy Act (CCPA/CPRA), plus Virginia (VCDPA), Colorado (CPA) and others.
- Under these laws Fotosoft acts as a "service provider"/"processor"; consumers have rights to know, access, delete, correct and opt out of "sale"/"sharing".
- Because data is hosted only in Europe, there is no transfer of personal data to the United States for storage.
- Operative US terms are set out in the separate US Privacy Addendum (CCPA/CPRA).
Review note (EN): verify each authority's current name/URL and the applicable US state thresholds with counsel before relying on this document.