Trust Center
Contracts & Legal

Jurisdictions & Local Rights

Version 1 · as of July 14, 2026

Template — informational overview, pending legal review. Fotosoft SA is a Belgian company; the DPA and Terms are governed by Belgian law (courts of Liège). The table below shows the supervisory authority and data-protection regime per country so that data subjects can exercise their rights locally.

Jurisdictions & Local Rights

Coverage

The platform is offered across BE, FR, DE, AT, IT, ES, PT, CH, UK and the US. All data is hosted exclusively in Europe.

EU/EEA (GDPR) — one regime, local authority

For BE, FR, DE, AT, IT, ES and PT the same regulation (EU GDPR) applies; only the supervisory authority and language differ.

Country Supervisory authority Website
Belgium 🇧🇪 Autorité de protection des données (APD/GBA) gegevensbeschermingsautoriteit.be
France 🇫🇷 Commission Nationale de l'Informatique et des Libertés (CNIL) cnil.fr
Germany 🇩🇪 Competent Land authority (Landesdatenschutzbehörde) / BfDI bfdi.bund.de
Austria 🇦🇹 Datenschutzbehörde (DSB) dsb.gv.at
Italy 🇮🇹 Garante per la protezione dei dati personali garanteprivacy.it
Spain 🇪🇸 Agencia Española de Protección de Datos (AEPD) aepd.es
Portugal 🇵🇹 Comissão Nacional de Proteção de Dados (CNPD) cnpd.pt

Rights (access, rectification, erasure, restriction, portability, objection) and the 30-day deletion commitment apply identically; complaints go to the authority above.

Switzerland 🇨🇭 — revised FADP (nFADP)

Switzerland is not in the EEA. The revised Federal Act on Data Protection (nFADP, in force since 1 September 2023) applies; it is closely aligned with the GDPR.

  • Authority: Federal Data Protection and Information Commissioner (FDPIC / EDÖB) — edoeb.admin.ch
  • Transfers from Switzerland rely on the Swiss adequacy list and, where needed, the Swiss addendum to the EU Standard Contractual Clauses.

United Kingdom 🇬🇧 — UK GDPR

  • Regime: UK GDPR + Data Protection Act 2018.
  • Authority: Information Commissioner's Office (ICO) — ico.org.uk
  • Transfers to/from the UK use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs.

United States 🇺🇸 — state privacy laws (CCPA/CPRA et al.)

  • No federal GDPR equivalent; state laws apply, notably the California Consumer Privacy Act (CCPA/CPRA), plus Virginia (VCDPA), Colorado (CPA) and others.
  • Under these laws Fotosoft acts as a "service provider"/"processor"; consumers have rights to know, access, delete, correct and opt out of "sale"/"sharing".
  • Because data is hosted only in Europe, there is no transfer of personal data to the United States for storage.
  • Operative US terms are set out in the separate US Privacy Addendum (CCPA/CPRA).

Review note (EN): verify each authority's current name/URL and the applicable US state thresholds with counsel before relying on this document.