1.1 We are committed to safeguarding the privacy of clients/customers.
1.7 Personal data will be processed in order to perform our contract with you, fulfil legal obligations and for legitimate interests, as described below.
1.8 You acknowledge and agree that where provision of personal data is necessary to ensure compliance with legal obligations or to perform our contract with you, failure to provide relevant personal data for the abovementioned purposes may prevent us providing our goods and services to you.
2. WHO WE ARE
2.1 We are Emma Collins Photography, 365 Hatfield Road, St Albans, AL4 0XF, UK. We are the data controller responsible for your personal data.
3. THE INFORMATION WE COLLECT & USE
3.1 In this Section 3 we have set out:
- the general categories of personal data that we may process;
- the purposes for which we may process personal data; and
- the legal bases of the processing.
3.2 We collect and process the following information provided by you in the course of your initial inquiry and the formation, operation and conclusion of our contract for photography services:
3.2.1 Personal / Profile Data: We may process your personal data in the course of the use of our services. This personal data includes your name, address, telephone number, e-mail address; gender and date of birth; relationship status, interest, hobbies, profession, as well as the names, dates of birth, gender and other details about your family members and other participants in a photography session, together with and other information that you choose to provide to us. The personal data may be processed for the purposes of enabling your use of our photographic services and to create and deliver products you requested. It is also used to contact you regarding use of the photographic services. The legal basis for this processing is our legitimate interest in order to provide you with service, respond or implement the performance of a contract between you and us and/or taking steps, at your request as well as where we are asked to deal with any inquiries or complaints you make; to provide postal communications which we think will be of interest to you; if you ask us to delete your data or to be removed from our marketing lists and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing; and to (a) comply with legal obligations, (b) respond to requests from competent authorities; (b) protect our operations; (c) protect our rights, safety or property, and/or that of our affiliated businesses, you or others; and (d) enforce or defend legal rights, or prevent damage.
3.2.2 Customer Relationship Data: We may process information relating to our customer relationships, including customer contact information (“customer relationship data“). The customer relationship data may include your name, your contact details, and information contained in communications between us and you. The source of the customer relationship data is you and the information you choose to provide us. The customer relationship data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications and promoting our products and services to customers. The legal basis for this processing our legitimate interests, namely the proper management of our customer relationships. With your consent, we may use your photographs to promote and advertise our business, including (a) in our studio and in our printed publications, presentations, promotional materials (including flyers, brochures, stickers, bookmarks, posters, factsheets, calendars); (b) on our website and other digital advertising of our services; and (c) in social media forums such as Instagram, Pinterest and Facebook. We may provide you with information about goods or services, events and other promotions we feel may interest you. We will contact you by email only with your consent, if this was given at the time you provided us with the personal data.
3.2.3 Payment Information / Transaction Data: We may process information relating to transactions and payments, including purchases of goods and services, provided by you to our payment service providers, that we require for the purpose of processing payment for our goods and services. The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. Any credit/debit card payments and other payments you make will be processed by our third party payment providers and the payment data you submit will be securely stored and encrypted by our payment service providers using up to date industry standards. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration our products & services.
3.2.4 Notification Data We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is your opt-in consent and our legitimate interests, namely communication with you.
3.2.5 Other Data / Information: Personal details you choose to give when corresponding with us by phone or e-mail or visits in person.
4. PROVIDING YOUR PERSONAL DATA TO OTHERS:
4.1 We share your personal data with third parties in the following situations:
4.1.1 Service Providers / Professional Advisers: We may disclose your personal data to service providers and/or professional advisers as reasonably necessary for the purposes of obtaining professional advice, or the establishment, exercise or defense of legal claims, IT suppliers and contractors (e.g. data hosting providers or delivery partners) as necessary to provide IT support and enable us to provide our goods/services, and providers of specialist services, including retouching/editing, online galleries, printers, framers and book binders. Pursuant to our instructions, these parties may access, process or store your personal data in the course of performing their duties to us and solely in order to perform the services we have hired them to provide.
4.1.2 Financial Transactions: Financial transactions relating to our services are handled by our payment services providers, Stripe and Barclays. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
4.1.3 In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. This may include (without limit) exchanging information with the police, courts or law enforcement organizations.
5. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
5.1 In this Section 5, we provide information about the circumstances in which your personal data may be transferred to [countries outside the European Economic Area (EEA)].
5.2 Your personal data will be transferred to and stored in countries other than the country in which the information was originally collected, including the United States and other destinations outside the European Economic Area (“EEA”) to our service providers for the purposes described above.
5.3 Where we transfer your personal data to countries outside of the EEA we will take all steps to ensure that your personal data continue to be protected. We will implement appropriate safeguards for the transfer of personal data to our service providers in accordance with the applicable law, such as relying on our service providers’ Privacy Shield certification or implementing standard contractual clauses for data transfers. If you would like to receive more information on the safeguards that we implement, including copies of relevant data transfer contracts, please contact us as indicated below.
6. DATA RETENTION & DELETION OF PERSONAL DATA
6.1 This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
6.2 Personal data that we process for any purpose or purposes will not be kept for longer than is necessary for that purpose or those purposes.
6.3 We apply criteria to determine the appropriate periods for retaining personal data depending on its purpose, nature, and sensitivity and any retention periods provided by applicable laws and regulations
6.3.1 For example, we will retain your personal data as follows: (a) your personal data will be retained for a minimum of 12 months after your photography session and we will retain files of your digital photographs for a minimum of 12 months.
6.4 In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria: (a) When you consent to receive marketing communications, we will keep your data until you unsubscribe. Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
6.5 In some cases notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
6.6 Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
7.1 We may update this policy from time to time by publishing a new version on our website and/or notifying you via email
8. WEBSITE USAGE
8.1 Third Party links: This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
9. YOUR RIGHTS
9.1 In this Section 8, we have summarized the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
9.2 Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a data protection authority; and
(h) the right to withdraw consent.
9.3 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee
9.4 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
9.5 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
9.6 In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
9.7 You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
9.8 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
9.9 You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
9.10 To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
(c) and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
9.11 If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence or the place of the alleged infringement.
9.12 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
9.13 You may exercise any of your rights in relation to your personal data. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
- Emma Collins Photography
- Emma Collins
- Our principal place of business is 365 Hatfield Road, St Albans, AL4 0XF, UK
10.2 You can contact us:
- At the postal address above
- Using our website contact form
- By email: firstname.lastname@example.org