We are committed to protecting the privacy and the confidentiality of the personal information of visitors to our website and of members/enquirers to our organisation. There is a lot of information here but we want you to be fully informed about your rights and how Brett Harkness Photography Ltd uses your data.
We undertake to ensure that all personal information in our possession is processed in accordance with the requirements of the European General Data Protection Regulation (‘GDPR’) and Data Protection Act (‘DPA’).
We will only use your personal information in a way that is fair to you. We will only collect information where it is necessary for us to do so and we will only collect information if it is relevant to our dealings with you. We have implemented appropriate technology and policies to safeguard your data from unauthorised access and improper use.
We may update this Policy from time to time and you are welcome to come back and check it whenever you wish to.
Explaining the legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive emails from us, or make a purchase from us.
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, if you order a product from us, we’ll collect your address to deliver your purchase, and if necessary we will need your telephone number to pass on to our courier.
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud, misbehaviour or other criminal activity to law enforcement.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we will also use your address details to send you direct marketing information, telling you about products and services that we think might interest you.
When do we collect your personal data?
• When you sign up for any of our information on our website
• When you make an online purchase from our website
• When you engage with us on social media
• When you contact us by any means with queries, complaints, suggestions, feedback etc
• When you book any sort of appointment with us
• When you complete and return any of the forms we send you – either by post or by email
What sort of personal data do we collect?
• If you are an enquirer to our service we will collect your email address, your postal mailing address, and your telephone numbers.
• Details of your interactions with us by telephone calls, emails, social media, letters and text
• Details of your interactions with us through online surveys
• Copies of documents you provide if it is necessary for the purpose of you attending a workshop held abroad. This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
• Personal details which help us to recommend items of interest.
• Your comments and product/service reviews.
• To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, and the advertisements you clicked on.
• Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback
How and why do we use your personal data?
We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you.
We then use this to offer you promotions, products and services that are most likely to interest you. The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.
Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
For example, if you’ve asked us to let you know if a place on one of our fully booked events comes available, we can’t do that if you’ve withdrawn your general consent to hear from us.
Here’s how we’ll use your personal data and why:
• To process any orders that you make by using our website, in person or over the telephone. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations. We may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, guarantees and so on.
• To respond to your queries, refund requests and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
• To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
• To send you relevant, personalised communications in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest.
• For our own legitimate interests (e.g. for good governance, accounting and managing our business operations)
• To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
• To comply with our contractual or legal obligations to share data with law enforcement agencies.
For example, when a court order is submitted to share data with law enforcement agencies or a court of law.
• To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
• To process your booking/appointment requests
• We will update your information whenever we get the opportunity to keep it current, accurate and complete
Any information you provide when enquiring to us and/or signing up for our service will be used for Brett Harkness's purposes only.
We may disclose your information to companies who act as ‘data processors’ on our behalf, some of whom may be outside the UK/EEA. This will be for our purposes only – for example sending out a mail shot to you from us. We have never, and will not ever sell, rent or otherwise distribute any personal information to third parties.
You may indicate your preference for receiving direct marketing by email from us. You will be given the opportunity on every electronic communication we send you to indicate that you no longer wish to receive our emails. Once properly notified by you, we will stop using your information in this way.
How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Access to your personal data is password-protected, and any sensitive data (such as payment card information) is not kept on record.
How long we keep your personal data for
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
Who do we share your personal data with?
We sometimes share your personal data with trusted third parties.
For example, delivery couriers or other law enforcement agencies for fraudulent activity, to handle complaints.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
• We provide only the information they need to perform their specific services.
• They may only use your data for the exact purposes we specify
Examples of the kind of third parties we work with are:
• Mailing houses who send out mail on our behalf
• IT companies who support our website and other business systems.
• Operational companies such as delivery couriers.
• Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.
• We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
We operate under GDPR and DPA. We ensure lawful processing of personal data by obtaining your consent; or where there is a contractual obligation to do so in providing appropriate products and services; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services. The DPA and GDPR apply to ‘personal data’ we process and the data protection principles set out the main responsibilities we are responsible for.
We must ensure that personal data shall be:
1. Processed lawfully, fairly and in a transparent manner;
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
4. Accurate and where necessary kept up to date;
5. Kept for no longer than is necessary for the purposes for which the personal data are processed. We only retain personal data for the purposes for which it was collected and for a reasonable period thereafter where there is a legitimate business need or legal obligation to do so. For details of our current retention policy contact firstname.lastname@example.org
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.We use up-to-date industry procedures to protect your personal information. We have appropriate security measures in place to protect against the loss, misuse or alteration of information that we have collected from you via our websites. However please be aware that the internet is not a 100% secure medium of communication.Brett Harkness cannot therefore guarantee the security of any information you input on the website or send to us on the internet. Brett Harkness is not, and will not be responsible for any damages you may suffer as a result of the loss of confidentiality of any such information.
Under GDPR you have the following specific rights in respect of the personal data we process:
1. The right to be informed about how we use personal data. .
2. The right of access to the personal data we hold. In most cases this will be free of charge and will be provided within one month of receipt. To obtain a copy of the personal information we hold on you, please email us at email@example.com
3. The right to rectification where data is inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request.
4. The right to erasure of personal data, but only in very specific circumstances, typically where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
5. The right to restrict processing, for example while we are reviewing the accuracy or completeness of data, or deciding on whether any request for erasure is valid. In such cases we shall continue to store the data, but will not further process it until such time as we have resolved the issue.
6. The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services.
7. The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling)
8. Rights in relation to automated decision making and profiling
You can contact us to request to exercise these rights at any time as follows:
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
How can you stop the use of your personal data for direct marketing?
You can stop direct marketing communications from us by clicking the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further marketing emails from us.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Information Commissioner’s Office
Or go online to www.ico.org.uk
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. Details can be found in Section 16.
• Remembering settings, so you don’t have to keep re-entering them whenever you visit a new page.
• Remembering information you’ve given (eg your postcode) so you don’t need to keep entering it.
• Measuring how you use the website so we can make sure it meets your needs.
Our cookies aren’t used to identify you personally. They’re just here to make the site work better for you. Indeed, you can manage and/or delete cookies as you wish.
For more information about cookies and managing them, including how to turn them off, please visit the www.allaboutcookies.org
Measuring website usage (Google analytics)
We use Google Analytics to collect information about how people use our websites. We do this to make sure they meeting the users’ needs and to understand how we could do it better.
Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. They do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are. We do not allow Google to use or share our analytics data.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.