Su Kaye Photography, trading as “Su Kaye Photography Ltd”, (“we” or “us”) is sensitive to concerns that personal information collected from its customers (“you” or “your”) be handled respectfully and appropriately.
1. Information Collected from You and How It Is Used
1.1 If you order our services or products in person or via email or phone, your name, phone number, address and email address may be collected. Su Kaye Photography Ltd may also collect your IP address information and non-personal information such as operating system, browser software, Internet domain and host names, and activity on the website.
1.2 Su Kaye Photography Ltd never shares your personal information with 3rd parties. Under no circumstances does Su Kaye Photography Ltd rent, trade or share your details with any other company for their marketing purposes, unless you specifically opt in and consent via a specific marketing campaign or promotion.
1.3 Your personal details that you have provided are only used by us to improve our services as well as to contact you in relation to your enquiry, special offers, online order processing, online and event registration. Also, to contact you in connection with our own business development, market research and gifting service.
1.4 Data Processing
1.4.1 We process data at our studio at 167 Watling Street, Radlett, Herts WD7 7NQ.
1.4.2 We apply UK data protection law to our processing.
1.4.3 The Data Protection Officer at Su Kaye Photography is Su Kaye.
1.5 Personal data that we capture during marketing promotions and competitions is always subject to an opt in policy to comply with 2018 GDPR legislation but if you wish to have your details deleted either: Click Unsubscribe at the bottom of any of our email marketing OR Email the studio on firstname.lastname@example.org and ask to have all your personal information deleted. This is guaranteed to be done within 30 days to meet 2018 GDPR legislation.
1.6 Your personal details are available to see at any time via a request which we try and complete in 7-14 days unless extreme circumstances, otherwise guaranteed to be within 30 days to comply with GDPR legislation.
1.7 To request deletion of all your data please allow 14-21 days, with a maximum time limit of 30 days. In extreme circumstances we may have to refuse to show you, or delete your personal information, this may be for legal reasons. However we will inform you of this immediately as well as inform you of your rights to complain to the Supervisory Authority and to a judicial remedy.
2. Data Policy & Processing
2.1 At Su Kaye Photography we only hold and store personal data for 2 reasons:
2.1.1 Customers/Clients/Members –this is for record purposes only and for customer contact in connection with a purchase and/or booking. Your details are stored onsite using password protected specialist programs on password locked computers. All personal data is password protected and encrypted. We never share or sell your personal data with 3rd party companies.
2.1.2 Marketing –To send you offers and information on services to ensure you always get the best offers and information. All our email marketing is conducted via a special e-marketing service that has data security and offers a simple 1 click way for you to opt out of our newsletters and emails.
3.1 A photograph that features a child aged 13-18 as the main subject will be asked as well to give consent via signature.
3.2.1 Children under the age of 13 will be asked for parental consent on any data capture, entry or competition.
3.2.2 Use of images for marketing, display or competition require a parent or guardian to sign on behalf of a child under 18.
4. Data Security
4.1 We take appropriate steps to maintain our contact information in a secure format and environment to prevent unauthorised usage. Our staff are bound by contract to our GDPR policy.
5. Data Breach
5.1 In the case of a Data Breach the problem will be instantly reported to the Data Protection Officer who will conduct a full investigation and report the breach to the ICO, UK data protection supervisory authority immediately.
5.1.1 Data log, Data Usage & Data Storage will be assessed immediately.
5.1.2 All employees will be questioned in connection with the said data breach, and the results will be logged and reacted on accordingly.
5.1.3 Passwords on all data files will instantly be changed.
5.1.4 Mailchimp and/or other companies where data is stored will be contacted and asked for a report on security breach, if relevant.
5.1.5 Minimising the impact of the data breach will be assessed on a hourly basis and after 24 hours every 12 hours until resolved.
5.1.6 Any one affected will be contacted and informed of the problem if necessary.
5.1.7 The company insurance company will be contacted with a logged reference.
5.1.8 If necessary the Police will be informed and a crime number will be logged in the data breach report.
5.1.9 All documents that contain credit card and personal data will have passwords changed and any one affected will be contacted and advised of the breach with advice to change passwords and or contact their credit card company immediately.