Data Protection Policy in accordance with the EU
General Data Protection Regulation (GDPR)
Becky Louise Limited T/A Once Upon A Time Photography – Customer Privacy Notice
Becky Louise Limited T/A Once Upon A Time Photography respects your right to privacy and complies with obligations under the Data Protection Acts 1988 & 2002 and the EU General Data Protection Regulation 2018 (GDPR).
The new regulations are very detailed and can be found at www.ico.org.uk
This Privacy Notice sets out how we use any personal information we hold for you and your child/ren. Becky Louise Limited T/A Once Upon A Time Photography is the ‘data controller’ responsible for controlling any data you give to us. We take reasonable care to ensure your information is kept safe and secure and to prevent any unauthorised access to it.
Collecting your personal information
Personal data means any information about an individual from which that individual can be identified. You provide information about yourself and your child/ren to us when you register your interest with us.
When you book a photo session with us we need to collect yours and your child/ren’s personal information so that we can honour your booking and to enable us to carry out our obligations.
If you do not provide us with all of the personal information that we need to collect then this may affect our ability to continue with the booking process.
When you contact us regarding a newborn, sitter or children’s session, whether by telephone, through our website or by email, you must hold parental responsibility if the child you are wanting to book for is under the age of 13. This enables us to gain parental consent to collect the child’s personal information.
What personal information do we collect?
The information you provide may include details such as your name, child/ren’s name/s, address, telephone number, email address, date of birth, gender and any other relevant information required. We may also ask for relevant health information, which is classified as special category personal data used for the purposes of health, wellbeing, welfare and safeguarding. Where we hold this data, it will be with the explicit consent of the participant or, if applicable the participant’s parent or guardian.
Like the majority of websites, we gather statistical and other analytical information of all visitors to our website. This Non-Personal Data comprises of information that cannot be used to identify or contact you.
Other information we may hold
Obviously as a photography studio we will also hold photographs.
When we take deposits and booking fees via telephone or in person your card data is safely stored with iZettle payments.
All deposits and booking fees taken via our online booking app are processed using Paypal.
We do not store payment information on our systems.
Why do we need your personal data?
We collect and hold personal information relating to our clients and we use this personal data to carry out our duties and obligations in line with the clients booking instructions, to monitor and process product orders, assess the quality of our services and comply with the law regarding data sharing.
We do not share information about clients with any third party without consent unless the law and our policies allow us to do so.
As some of our communication is carried out through SMS and messaging services, names and mobile telephone numbers are stored for processing purposes.
We have set out below a description of all the ways in which we will use your personal data and which of the lawful basis’ we rely on to do so:
Purpose/Processing Activity. Lawful basis for processing
To respond to your comments, Consent
queries and information requests.
To provide you with details of
your photo session day time and Contract
inform you of any changes to this.
Processing Booking Fees. Consent
Taking Photographs. Consent
Processing Product Orders. Contract
Sharing photographs on Consent
Protection of your personal data
All sensitive information is collected and stored through an encrypted connection on our secure server through Secure Sockets Layer (SSL) technology.
SSL Certificate Our website utilises industry-standard Secure Sockets Layer (SSL) technology to allow for the encryption of potentially sensitive information such as your name, address and other critically sensitive information. Information passed between your computer and our website cannot be read in the event someone else intercepts it. This technology includes the following features:
Authentication – this assures your browser that your data is being sent to the correct computer server and that the server is secure.
Encryption – this encodes the data, so that it cannot be read by anyone other than the secure server.
Data Integrity – this checks the data being transferred to ensure it has not been altered.
When you access a website secured by an SSL certificate, you will see https:// at the beginning of its URL. Your web browser may also show the connection as secure by displaying a “padlock” icon at the beginning of the address bar.
Service Providers We may transfer (or otherwise make available) your personal information to third parties that help us provide our services or provide services on our behalf. For example, we use service providers to authorise and process online payments to host our website and provide email services. Our service providers are given the information they need to perform their designated functions and we do not authorise them to use or disclose personal information for their own marketing or other purposes.
How long do we keep hold of your data?
We keep personal data on our clients in order to process any orders and this information is kept long enough to facilitate this process. We store photographs for a minimum of 30 days after a viewing session before they are deleted from our systems (unless express permission has been given for use of images for marketing purposes). If you wish to amend any data we hold please contact the Data Controller.
You have the right to object to how we use your personal information. You also have the right to see what personal information we hold about you. In addition, you can ask us to correct inaccuracies, delete or restrict personal information or to ask for some of your personal information to be provided to someone else.
Right to object
You can object to our processing of your personal information. Please contact our Data Controller, providing details of your objection.
Access to your Personal information
You can request access to a copy of your personal information that we hold, along with information on what personal information we use, why we use it, who we share it with and how long we have kept it for. You can make a request for access by contacting us at our registered address. Please make all requests for access in writing and provide us with evidence of your identity.
Right to Withdraw Consent
If you have given us your consent to use personal information, you can withdraw your consent at any time and update your marketing preferences by contacting our Data Controller.
You can ask us to change or complete any inaccurate or incomplete personal information held about you.
You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
Personal Data Breach Notification
We ensure to the best of our ability that our systems and servers are protected from hackers, viruses, intruders and other online and offline threats. However, if we experience a data breach of any kind, where a client’s data has been compromised, a notification will be sent to those affected within 72 hours of us becoming aware of the data breach.
You can make a complaint about how we have used your personal information by contacting our Data Controller. You also have the right to lodge a complaint with a regulatory body. The relevant authority in the UK is the Information Commissioner’s Office at www.ico.org.uk . We will not make any charge for responding to any request from you to exercise your privacy rights and we will respond to your requests in accordance with our obligations under data protection law.
David Molloy of Becky Louise Limited T/A Once Upon A Time Photography is the Data Controller for all the personal data that you submit.
Contact Name: Admin
Company Name: Becky Louise Limited T/A Once Upon A Time Photography
Address: Unit 1A, Westmill Street, Stoke on Trent, ST1 3EL
Telephone: 01782 461910
Other policies regarding the use of our website www.onceuponatimephotography.co.uk
can be found at:
Qualified Newborn Baby Photographer. Professional Children’s, Family Portrait and Bump to Baby Photography studio based in Stoke on Trent, Staffordshire.
Copyright © 2018 Once Upon A Time Photography. All Rights Reserved.