Privacy notice The following information constitutes our privacy notice.
1. We take seriously the protection of your privacy and confidentiality. We understand that you are entitled to know that your personal data will not be used for any purpose unintended by you, and will not accidentally fall into the hands of a third party.
2. We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
3. Except as set out below, we do not use, share or disclose to a third party, any information collected under this contract or otherwise.
Definitions In this Schedule, the following words shall have the following meanings:
"Act" means the Data Protection Act 2018.
“Data Protection Legislation” means all or any of:
(a) the UK GDPR,
(b) the Act,
(c) regulations made under the Act
(d) regulations made under section 2(2) of the European Communities Act 1972 which relate to the EU GDPR or the Law Enforcement Directive.
“the UK GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (United Kingdom General Data Protection Regulation), as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018
“the EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it has effect in EU law..
“Law Enforcement Directive” means Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.
"data controller", "data processor", "data subjects", "personal data", "process", "processed" and "processing" shall have the meanings respectively, as defined in the Act. Note that "process" and "processing" are defined to include simple events like receiving data into our system, or storing it. Processing is not limited to "doing something with it". In this agreement, "personal data", is limited to data which comes into our hands in some way connected to this agreement.
1. Data Protection
The obligations described in this Schedule are in addition to our obligations under the Data Protection Legislation.
Under the Data Protection Act 2018, we are obliged to inform you what personal data we hold about you, or may hold at some future date. We must tell you how we propose to use that data and give you other information.
2. What data we may process in each category
We shall process this basic personal data:
your name, age, personal address, private email address.
all information you gave to us
financial information processed through the banking system.
information relevant to the performance of your contract.
3. The bases on which we process information about you
The Data Protection Legislation requires us to determine under which of six defined grounds we process different categories of your personal information, and to notify you of the basis for each category. We mention three categories below. The others are not relevant to your contract.
If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.
If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
Information we process because we have a contractual obligation with you
When a contract is formed between you and us, in order to carry out our obligations under that contract we must process personal information.
We use your information in order to provide you with our services under that contract.
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
Information we process with your consent
Only when you have given us explicit permission to do so, do we process your personal information under the basis of consent.
We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by telling us. However, if you do so, you may not be able to use our services further.
Information we process because we have a legal obligation
Sometimes, we must process your information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
This may include your personal information.
4. Specific uses of information you provide to us
We create a client gallery for each client to whom photos are delivered as part of the services. Our client galleries are hosted by Pixieset.
In any event to visit Tracy Roberts Weddings client gallery you will be required to enter personal data and a password.
Your personal data will be stored within system and servers and will be used to email you up to a maximum of four times and only with information relevant to the client gallery you have accessed. For example: to inform you of a discount offer on gallery purchases. Any such emails sent to you will only be during the 12 month period for which the gallery is live.
Communicating with you
When you contact us, whether by telephone or by e-mail, we collect the data you have given to us in order to reply with the information you need.
We record your request and our reply in order to increase the efficiency of our business.
We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you at a later time.
Dealing with complaints
When we receive a complaint, we record all the information you have given to us.
We use that information to resolve your complaint.
If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.
If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.
We may compile statistics from information relating to complaints to assess the level of service we provide, but not in a way that could identify you or any other person.
5. Management of your information
Access to your personal information
At any time you may review or update personally identifiable information that we hold about you.
To obtain a copy of the information we hold about you, please contact us at firstname.lastname@example.org
After receiving the request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you.
Removal of information
If you wish us to remove personally identifiable information from our record, you should contact us at email@example.com.
If you do so we have no alternative than to treat your request as notice to terminate this contract. If that happens, termination will accord with the provisions in this contract.
All provisions in this contract relating to termination, express and implied, will follow.
Verification of your identity
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
6. Post termination
Physical goods of yours, which we necessarily hold as part of our contractual relationship are not personal data and are not affected by the Act.
Upon termination of our agreement with you, we and any contractual data processor will:
6.1. delete all your personal data from our electronic records by some method which prevents future re-activation of that data. We shall not destroy or delete all your data and retain such personal data for six years, for these reasons:
6.2. for accounting and taxation purposes;
6.3. to provide evidence if required in connection with a legal claim;
6.4. for any other reason where the law provides a six years limitation period; If any event occurs which requires us lawfully to continue to retain data beyond that period, then we may do so.
7. Who handles your data
Your data is handled almost exclusively by our IT systems. If you wish to correspond with us on any issue relating to your data, please contact Tracy Roberts at firstname.lastname@example.org
If you are not happy with the way we have handled your data, you may wish to contact the Information Commissioner's Office.