★★★★★4.9·8,212 reviewsSee all →
Smiler

Privacy Policy

Last updated: May 2026

This Privacy Policy describes how Smiler Photo s.r.o. ("Smiler", "we", "us") collects, uses, and shares personal data when you use the smiler.co website, the customer booking flow, the photographer portal, or any other service we provide (collectively, the "Services"). We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Czech law.

1. Who we are

Smiler Photo s.r.o.
Registered office: Czech Republic
Company ID (IČO): 08426902
Contact: bookings@joinsmiler.com

Smiler is the data controller for personal data processed through the Services, except where photographers act as independent controllers for the photographs they capture.

2. What data we collect

  • Account data — name, email address, phone number, password (hashed), and, for photographers, billing details, IBAN, and VAT number where applicable.
  • Booking data — chosen product, date and time, location, meeting point, group size, message to the photographer, and channel of origin (direct, OTA partner, or photographer storefront).
  • Payment data — handled by our payment processor Mollie B.V. We never store your full card number; we only retain the Mollie payment identifier and the amount, currency, and status.
  • Photographs — images captured by the photographer during your shoot, plus any technical metadata (EXIF) embedded in them.
  • Location data — when you actively share your location on the booking page so your photographer can find you on the meeting point. Location pings are stored only while the activation window is open (30 minutes before to 2 hours after the shoot).
  • Device and usage data — IP address, browser type, pages viewed, and timestamps, collected via standard server logs and, if enabled, analytics cookies.

3. Why we process this data

  • To create and manage your account and bookings (contract, Art. 6(1)(b) GDPR).
  • To process payments and trigger payouts to photographers (contract / legal obligation).
  • To deliver galleries and notify you when they are ready (contract).
  • To enable in-app chat between customers and photographers (contract).
  • To prevent fraud, abuse, and to enforce our Terms (legitimate interest, Art. 6(1)(f)).
  • To comply with accounting, tax, and other statutory obligations (legal obligation).
  • To send service emails (booking confirmations, gallery links). Marketing emails only with explicit consent.

4. How we share data

We share personal data only with parties that need it to deliver the Services:

  • Photographers receive your name, contact details, booking details, and meeting point so they can perform the shoot.
  • Mollie B.V. (Netherlands) processes card and bank payments on our behalf. See Mollie's privacy notice.
  • Email and SMS providers (Resend, Plivo) deliver transactional notifications.
  • OTA partners (e.g. GetYourGuide, Viator) receive booking confirmations only when the booking originated from their platform.
  • Authorities when required by law or court order.

We do not sell personal data to third parties.

5. Where data is stored

Personal data is processed and stored on servers located within the European Economic Area. If a sub-processor handles data outside the EEA, we rely on Standard Contractual Clauses or another GDPR-compliant transfer mechanism.

6. How long we keep data

  • Galleries remain available to customers for 31 days after publication, then are archived and removed from public access.
  • Booking and account records are kept while your account is active and for up to 3 years after the last interaction.
  • Invoices and accounting data are retained for 10 years as required by Czech tax law.
  • Marketing consent records until you withdraw consent, then for the period needed to evidence the withdrawal.

7. Cookies

We use essential cookies for authentication and session continuity, and optional analytics cookies to understand how the site is used. You can manage cookies in your browser settings or via our cookie banner. See our Cookie Policy for details.

8. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion ("right to be forgotten") subject to retention obligations.
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the Czech Office for Personal Data Protection (úoou.cz).

To exercise any of these rights, email bookings@joinsmiler.com from the address associated with your account. We respond within one month.

9. Security

We use HTTPS everywhere, hash account passwords with bcrypt, encrypt backups at rest, and apply role-based access controls inside the organisation. No system is perfectly secure — please notify us at bookings@joinsmiler.com if you suspect a vulnerability.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated by email to active account holders.

11. Contact

Questions about this Privacy Policy or our data practices? Reach us at bookings@joinsmiler.com.