1. WHO ARE WE
We are Alison Groves Photography. We are the data controller responsible for your personal data
2. WHAT DO WE COLLECT
We collect the following information from you:
Personal information: This includes your name, address, e-mail address; phone number; as well as the names, dates of birth, gender and other details about your family members and other participants in a photography session, together with and other information that you elect to provide to us.
Payment Information: Information about your debit/credit card and bank account information provided by you to our payment service providers, that we require for the purpose of processing payment for our goods and services.
Other Information: Personal details you choose to give when corresponding with us by phone or e-mail or visit our studio.
3. HOW WE USE YOUR PERSONAL INFORMATION
We use your personal information in the following ways:
- to provide you with our services and to create and deliver the products you have requested and contact you regarding your use of the services. Such use is necessary to respond to or implement your request and for the performance of the contract between you and us.
- As necessary for certain legitimate business interests, which include the following:
– where we are asked to deal with any enquiries or complaints you make
– to provide postal communications which we think will be of interest to you
– if you ask us to delete your data or to be removed from our marketing lists and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing
– to (a) comply with legal obligations, (b) respond to requests from competent authorities; (b) protect our operations; (c) protect our rights, safety or property, and/or that of our affiliated businesses, you or others; and (d) enforce or defend legal rights, or prevent damage.
- With your consent, we may use your photographs to promote and advertise our business, including (a) our printed publications, presentations, promotional materials (including leaflets, brochures, stickers, bookmarks, posters, factsheets; (b) on our website and other digital advertising of our services; and (c) in social media forums such as Instagram, Pinterest and Facebook.
- We may provide you with information about goods or services, events and other promotions we feel may interest you. We will contact you by email only with your consent, if this was given at the time you provided us with the personal data.
- We may use your personal data for other purposes which you have consented to at the time of providing your data.
4. DISCLOSURE OF YOUR INFORMATION
We share your personal data with third parties in the following situations:
- Service Providers: we sometimes engage selected third parties who act on our behalf to support our operations, such as (i) card processing or payment services (see the section below headed “Payment Information”), (ii) IT suppliers and contractors (e.g. data hosting providers or delivery partners) as necessary to provide IT support and enable us to provide our goods/services, and (iii) providers of specialist services, including retouching, printers, framers and book binders. (iii) our client software we use Light Blue. Pursuant to our instructions, these parties may access, process or store your personal data in the course of performing their duties to us and solely in order to perform the services we have hired them to provide.
- Business Transfers: if we sell our business or our company assets are acquired by a third party personal data held by us about our customers may be one of the transferred assets.
- Administrative and Legal Reasons: if we need to disclose your personal data (i) to comply with a legal obligationand/or judicial or regulatory proceedings, a court order or other legal process. (ii) to enforce our Terms & Conditions or other applicable contract terms that you are subject to; (iii) to protect us, our members or contractors against loss or damage. This may include (without limit) exchanging information with the police, courts or law enforcement organisations.
5. PAYMENT INFORMATION
Any credit/debit card payments and other payments you make will be processed by our third party payment providers and the payment data you submit will be securely stored and encrypted by our payment service providers using up to date industry standards. Please note that we do not ourselves directly process or store the debit/credit card data that you submit.
We store and use this card or payment information for the purpose of processing any future payments that you make for additional goods and services. We will store this data in accordance with our legal obligations under applicable law and only for so long as legally permitted.
You may choose to opt out of us holding your card or payment data although this means that you will need to re-supply us with card/payment details for the purpose of making any future purchases.
6. DATA TRANSFERS
Your personal data will be transferred to and stored in countries other than the country in which the information was originally collected, including the United States and other destinations outside the European Economic Area (“EEA”) to our service providers for the purposes described above.
Please note that the countries concerned may not provide the same legal standards for protection of your personal data that you have in the United Kingdom or EEA. Where we transfer your personal data to countries outside of the EEA we will take all steps to ensure that your personal data continue to be protected. We will implement appropriate safeguards for the transfer of personal data to our service providers in accordance with the applicable law, such as relying on our service providers’ Privacy Shield certification or implementing standard contractual clauses for data transfers. If you would like to receive more information on the safeguards that we implement, including copies of relevant data transfer contracts, please contact us as indicated below.
7. DATA RETENTION
What are cookies? Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.
This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
9. DOWNLOADS & MEDIA FILES
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti-virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third-party websites and advise users to verify their authenticity using third party anti-virus software or similar applications.
10. EMAIL MAILING LIST & MARKETING MESSAGES
We operate an email mailing list program, used to inform subscribers about products, services and/or news we supply/publish. Users can subscribe through an online automated process where they have given their explicit permission. Subscriber personal details are collected, processed, managed and stored in accordance with the regulations named in ‘The policy’ above. Subscribers can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages. The type and content of marketing messages subscribers receive, and if it may contain third party content, is clearly outlined at the point of subscription.
Email marketing messages may contain tracking beacons/tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
11. EXTERNAL WEBSITE LINKS & THIRD PARTIES
Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
12. SOCIAL MEDIA POLICY & USAGE
We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.
13. YOUR DATA PROTECTION RIGHTS
Certain applicable data protection laws give you specific rights in relation to your personal data. In particular, if the processing of your personal data is subject to the GDPR, you have the following rights in relation to your personal data:
- Right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
- Right to data portability: You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your personal data, and we will do so:
- If we are relying on a legitimate interest to process your personal data — unless we demonstrate compelling legitimate grounds for the processing or
- If we are processing your personal data for direct marketing.
- Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to withdraw your consent.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the UK data protection authority (the Information Commissioner’s Office or ICO), or, as the case may be, any other competent data protection authority of an EU member state that is authorised to hear those concerns.
If you wish to exercise any of these rights please contact us as described in the “Contact” section below. We may also need to ask you for further information to verify your identity before we can respond to any request.