We are committed to protecting the privacy and the confidentiality of the personal information of visitors to our website and of members/enquirers to Squib Photography Ltd.
All personal information in our possession is processed in accordance with the requirements of the European General Data Protection Regulation (‘GDPR’) and Data Protection Act (‘DPA’). We will only use your personal information in a way that is fair to you.
We will only collect information where it is necessary for us to do so and we will only collect information if it is relevant to our dealings with you. We have implemented appropriate technology and policies to safeguard your data from unauthorised access and improper use.
What is the legal basis for processing your personal information?
There are a number of different reasons for which a company may collect and process your personal data. At Squib Photography Ltd these include:
Consent - We can collect and process your data with your consent (opting in)
Contractual obligations - We need your personal data to comply with our contractual obligations.
Legal compliance - If the law requires us to, we may need to collect and process your data.
Legitimate interest - In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
When do we collect your personal data?
• When you engage with us on social media
• When you contact us by any means with enqueries, complaints, suggestions, feedback etc
• When you book any sort of appointment with us
• When you complete and return any of the forms we send you – either by post or by email
What sort of personal data do we collect?
• If you enquire about a product or service we will collect your name, postal address, email address and telephone numbers.
• Any interactions with us by telephone calls, emails, social media, letters and text
• Your comments and product/service reviews.
How and why do we use your personal data?
We use your personal data to provide the products and services that are most likely to interest you. The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Please bear in mind that if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
How we use your personal data and why:
• To process any orders or bookings that you make with us either in person, via telephone, electronic mail or by using our website. If we don’t collect your personal data during this process or checkout, we won’t be able to process your order/booking and comply with our legal obligations. We may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, guarantees and so on.
• To respond to your queries, refund requests and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
• To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
• To send you relevant, personalised communications in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest.
• For our own legitimate interests (e.g. for good governance, accounting and managing our business operations)
• To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
• To comply with our contractual or legal obligations to share data with law enforcement agencies. For example, when a court order is submitted to share data with law enforcement agencies or a court of law.
• To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
• Process your booking/appointment requests
• We will update your information whenever we get the opportunity to keep it current, accurate and complete
Any information you provide when enquiring to us and/or signing up for our service will be used for Squib Photography Ltd purposes only.
How we protect your personal data:
We take all appropriate steps to protect it your personal data whether stored digital or paper based. All digital material is secured via password protected measures and all paper copies are stored in our secure studio.
How long we keep your personal data for?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
Who do we share your personal data with?
We do not share your details with any third parties unless in agreement with yourselves. We may be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
We ensure lawful processing of personal data by obtaining your consent; or where there is a contractual obligation to do so in providing appropriate products and services; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services.
We must ensure that personal data shall be:
1. Processed lawfully, fairly and in a transparent manner;
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
4. Accurate and where necessary kept up to date;
5. Kept for no longer than is necessary for the purposes for which the personal data are processed. We only retain personal data for the purposes for which it was collected and for a reasonable period thereafter where there is a legitimate business need or legal obligation to do so. For details of our current retention policy contact firstname.lastname@example.org
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Squib Photography Ltd cannot therefore guarantee the security of any information you input on the website or send to us on the internet. Squib Photography Ltd is not, and will not be responsible for any damages you may suffer as a result of the loss of confidentiality of any such information.
Under GDPR you have the following specific rights in respect of the personal data we process:
1. The right to be informed about how we use personal data.
2. The right of access to the personal data we hold. In most cases this will be free of charge and will be provided within one month of receipt. To obtain a copy of the personal information we hold on you, please email us at email@example.com
3. The right to rectification where data is inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request.
4. The right to erasure of personal data, but only in very specific circumstances, typically where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
5. The right to restrict processing, for example while we are reviewing the accuracy or completeness of data, or deciding on whether any request for erasure is valid. In such cases we shall continue to store the data, but will not further process it until such time as we have resolved the issue.
6. The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services.
7. The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling)
8. Rights in relation to automated decision making and profiling You can contact us to request to exercise these rights at any time as follows: If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Tel: 0303 123 1113 (local rate) Tel: 01625 545 745 (national rate) Email: firstname.lastname@example.org www.ico.org.uk
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. Details can be found in Section 16.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that haven’t been covered, please contact us.