Last Modified: December 2020
Fenix International Limited and its subsidiaries (collectively, “OnlyFans,” “we,” “us,” “our”) respect your privacy and are committed to protecting the personal data we hold about you. If you have questions, comments, or concerns about this Privacy Notice or our processing of personal data, please see the bottom of this Privacy Notice for information about how to contact us. OnlyFans is the data controller of the personal data collected, and is responsible for the processing of your personal data.
OnlyFans is a social network which enables users to share their content; other users to enjoy content and for some to do both. We refer to those users who share content as “Creators” and those users who pay to view Creators’ content as “Fans”. This Privacy Notice explains our practices with respect to personal data we collect and process about you. This includes information we collect through, or in association with, our website located at www.OnlyFans.com, our services that we may offer from time to time via our website, our related social media sites (Twitter and Instagram), or otherwise through your interactions with us (the website, our social media pages, and services, collectively, the “Services”).
Please review the following to understand how we process and safeguard personal data about you. By using any of our Services, whether by visiting our website or otherwise, and/or by voluntarily providing personal data to us, you acknowledge that you have read and understand the practices contained in this Privacy Notice. This Privacy Notice may be revised from time to time, so please ensure that you check this Privacy Notice periodically to remain fully informed.
2. PERSONAL DATA WE COLLECT
We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal data”). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal data. To the extent this data is stored or associated with personal data, it will be treated as personal data; otherwise, the data is not subject to this Privacy Notice.
a. Categories of Personal Data We Collect
The types of personal data we collect about you depends on your interactions with us and your use of the Services. In the past twelve (12) months, we collected the below categories of personal data from our users:
We will not collect additional categories of personal data other than those categories listed above. If we intend to collect additional categories of personal data, we will provide you with a new notice at or before the time of collection.
b. How We Use Your Personal Data
We strive to ensure that the content can be enjoyed by everyone, and to keep the content appropriate, tasteful and lawful. To do that, we collect and process your personal data for the following business and commercial purposes:
We will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.
c. How We Obtain Your Personal Data
We collect your personal data from the following categories of sources:
d. Legal Bases for Processing
We process personal data for, or based on, one or more of the following legal bases:
e. Who We Share Your Personal Data With
We share personal data with the following categories of third parties:
f. Personal Data We Share
In the past twelve (12) months, we shared with the following categories of third parties the following categories of personal data for a business purpose:
3. YOUR RIGHTS REGARDING PERSONAL DATA
You have certain rights regarding the collection and processing of personal data. You may exercise these rights, to the extent they apply to you, by contacting us at the information provided at the end of this Privacy Notice, or by following instructions provided in this Privacy Notice or in communications sent to you.
Your rights vary depending on the laws that apply to you, but may include:
a. Accessing, Modifying, Rectifying, and Correcting Collected Personal Data
We strive to maintain the accuracy of any personal data collected from you, and will try to respond promptly to update our records when you tell us the information in our records is not correct. However, we must rely upon you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us. Any updates or corrections to your information may be made through your account settings.
Depending on the laws that apply to you, you may obtain from us certain personal data in our records. If you wish to access, review, or make any changes to personal data you have provided to us through the Services, please contact us at the information provided at the end of this Privacy Notice. We reserve the right to deny access as permitted or required by applicable law.
b. Your California Privacy Rights
California’s “Shine the Light” law, permits our users who are California residents to request and obtain from us a list of what personal data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the email address below, and are free of charge. However, we do not disclose personal data protected under the “Shine the Light” law to third parties for their own direct marketing purposes.
The California Consumer Privacy Act (“CCPA”) provides our users who are California residents the following additional rights:
Right to Know: You have the right to request that we disclose certain information to you about the personal data we collected, used, disclosed, and sold about you in the past 12 months. This includes a request to know any or all of the following:
Data Portability: You have the right to request a copy of personal data we have collected and maintained about you in the past 12 months.
Right to Deletion: You have the right to request that we delete the personal data we collected from you and maintained, subject to certain exceptions. Please note that if you request deletion of your personal data, we may deny your request or may retain certain elements of your personal data if it is necessary for us or our service providers to:
Right to Opt-Out/In: You have the right to opt-out of the sale of your personal data. You also have the right to opt-in to the sale of personal data. However, we do not sell your personal data.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights. Unless permitted by the CCPA, we will not:
If you have an account with us, you can exercise any of the above rights from your profile. If you don’t have a profile or if you are unable to access, control, or delete your information from within your profile, you can contact us through any of the above methods.
Only you, or a person authorized by you to act on your behalf, may make a verifiable consumer request related to your personal data.
You may only make a verifiable consumer request for Right to Know or Data Portability twice within a 12-month period. The verifiable consumer request must:
We may deny your request if we are unable to verify your identity or have reason to believe that the request is fraudulent.
Consumer Request by an Authorized Agent
If any authorized agent submits a consumer request on your behalf, in order to confirm that person or entity’s authority to act on your behalf and verify the authorized agent’s identity, we require an email be sent to firstname.lastname@example.org, along with all of the below items:
We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. Making a verifiable consumer request does not require to create an account with us. However, if you do have an existing login, we will require you to log in to submit a request. We will only use personal data provided in a verifiable consumer request to verify the request’s identity or authority to make the request.
We will acknowledge receipt of the request within ten (10) business days of its receipt. We will respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response electronically. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For Data Portability requests, we will provide the responsive information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit the information to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
c. Your Nevada Privacy Rights
Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent to email@example.com, and are free of charge.
d. Your European Union and UK Privacy Rights
In addition to the above-listed rights, European Union and UK privacy law provides individuals with enhanced rights in respect of their personal data. These rights may include, depending on the circumstances surrounding the processing of personal data:
4. YOUR CHOICES
You have choices about certain information we collect about you, how we communicate with you, and how we process certain personal data. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide some of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.
a. Communications Opt-Out. You may opt out of receiving email communications from us at any time by following the opt-out link or other unsubscribe instructions provided in any email message received, by contacting us as provided at the end of this Privacy Notice, or by changing your notification preferences in account setting. you wish to opt out by sending us an email to the address provided below, please include “Opt-Out” in the email’s subject line and include your name and the email address you used to sign up for communications in the body of the email. Note, that if you do business with us in the future, you may not, subject to applicable law, opt out of certain automated notifications, such as order or subscription confirmations, based on business transactions (e.g., e-commerce).
b. Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.
c. Cookies and Web Tracking. Consult our Cookie Notice for more information about how to control and/or opt out of certain web tracking technologies.
5. PROTECTING PERSONAL DATA
We use reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal data. Those safeguards include: (i) the encryption of personal data where we deem appropriate; (ii) taking steps to ensure personal data is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards.
However, no method of safeguarding information is completely secure. While we use measures designed to protect personal data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.
6. RETENTION OF PERSONAL DATA.
We retain personal data for a period of six (6) months after a user closes their account, and certain personal data for longer periods to the extent we deem necessary to carry out the processing activities described above, including but not limited to compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties. Under applicable law, we are required to retain certain financial information for seven (7) years.
7. OTHER IMPORTANT INFORMATION ABOUT PERSONAL DATA AND THE SERVICES.
c. Collection of Personal Data from Children. Our Services are not intended for anyone under 18. Anyone under 18 years of age is not permitted to use the Services, and we do not knowingly collect information from children under the age of 18. By using the Services, you represent that you are 18 years of age or older.
d. Third-Party Websites and Services. As a convenience, we may reference or provide links to third- party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business (including, but not limited to, our service providers). When you access these third-party services, you leave our Services, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. You access these third-party services at your own risk. This Privacy Notice does not apply to any third-party services; please refer to the Privacy Notices or policies for such third-party services for information about how they collect, use, and process personal data.
e. Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal data we obtain from or about you via the Services may be disclosed to any potential or actual third- party acquirers and may be among those assets transferred.
f. Do Not Track. We currently do not use any cross-site tracking technologies and do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms. Note, however, that you may find information about how to block or reject certain tracking technologies in our Cookie Notice.
g. International Use. Your personal data will be stored and/or processed in the United States, as well as in the European Union, Canada, Hong Kong, Russia, Singapore, Switzerland, Thailand, Ukraine and the United Kingdom. By your use of the Services, you acknowledge that we will transfer your data to, and store your personal data in, the above countries, which may have different data protection rules than in your country, and personal data may become accessible as permitted by law in the above countries, including to law enforcement and/or national security authorities in the those countries. For transfers of data into and out of the European Economic Area, pursuant to Article 46 of the General Data Protection Regulation, we use data transfer agreements subject to EU-approved standard contractual clauses.
8. MODIFICATIONS AND UPDATES TO THIS PRIVACY NOTICE
This Privacy Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this Privacy Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Notice. We will use reasonable efforts to notify you in the event material changes are made to our processing activities and/or this Privacy Notice, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised Privacy Notice will constitute your acknowledgement of the amended Privacy Notice.
9. APPLICABILITY OF THIS PRIVACY NOTICE
This Privacy Notice is subject to the Terms of Service and Acceptable Use Policy that govern your use of the Services. This Privacy Notice applies regardless of the means used to access or provide information through the Services.
This Privacy Notice does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith.
10. ADDITIONAL INFORMATION AND ASSISTANCE
If you have any questions or concerns about this Privacy Notice and/or how we process personal data, please contact us at firstname.lastname@example.org.
In addition, we have appointed a data protection officer (“DPO”) who is responsible for, among other things, responding to questions, requests, and concerns in relation to this Privacy Notice and our use of personal data. You may contact the DPO as follows:
Data Protection Officer
We have also appointed an EU Representative who may be reached as follows:
DAPR sp. z o.o.
Poland Company Number 0000688178
Zurawia 47 Street
00-680 Warsaw, Poland
We hope that we can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.