Who we are
Our principal website address is: www.fitzgibbonphotography.com. We also use micro-sites for specific projects, including: www.leedsandliverpool.co.uk. Andrew Fitzgibbon Photography is a trading name of Snapped Pixel Ltd (company number 11168641) registered in England and Wales. For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you.
What this notice is about
This notice describes how Andrew Fitzgibbon Photography collects and uses personal data about you when you use our services or websites, in accordance with the General Data Protection Regulations (GDPR), the Data Protection Act 1998 or 2018 (as applicable) and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
What personal data we collect and why we collect it
We obtain personal data about you, for example, when:- you request a proposal or quote from us in respect of the services we provide- you contact us in person, by email, telephone, post, messaging or online service or social media (for example when you have a query about our services)- we receive data from third parties and/or publicly available resources (for example if someone buys you a voucher or pays for a service or product for you, they will usually give us your name and details to allow us to process their order and provide our service to you)- we deliver our services and take photos- you use and interact with this website (more information is provided about this below)The information we hold about you may include the following:- personal contact details (such as your name and/or address, phone numbers, email addresses, social media handles)- information that is automatically collected (such as via cookies when you visit our website)- video and sound recordings of Skype, Facetime or other online meetings or calls- details of contact we have had with you in relation to the provision, or the proposed provision, of our services- details of any services you have received from us- our correspondence and communications with you- information about any complaints and enquiries you make to us- information from research, surveys, and marketing activities- information we receive from other sources – for example if a friend provides your information to us.
Additional information regarding our website
Who we share your data with
We take your privacy very seriously. We do not sell your data to third-party organisations. So we can provide our services to you, there are some circumstances in which we need to share your data with third parties. Such third parties include:
Delivery and postage service providers to allow us to send you documentation and orders you have placed. Information shared includes name, address and in some case e-mail address / mobile number.
Manufacturers or other suppliers, for example our printing labs if we are sending an order directly to you from a lab. Information shared includes name, address and in some case e-mail address / mobile number.
Professional advisers and providers such as our bank, our accountant or our insurer.
Payment services providers such as Paypal. Information shared will be transaction data for the purposes of processing your payments, refunds and dealing with related queries. You can find information about the payment service provider’s privacy policies and practices at paypal.com.Law enforcement and legal requirements – we will provide data to law enforcement agencies if issued with a court order to do so.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
How long we retain your data
Personal data which relates to our service provision to you will normally be retained indefinitely in order for us to be able to provide a better customer service in the event that you contact us again in the future. We will always retain personal data for a sufficient length of time to enable us to comply with our legal obligations in any event.
Personal data which we process on the basis of your consent will be retained until you let us know that you withdraw such consent. We may keep data longer than indicated if we cannot delete it for legal, regulatory or technical reasons.
If you leave a comment on our website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
How we look after your data
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Transferring personal data outside the European Economic Area (EEA)
The majority of your information is processed in the UK and European Economic Area (EEA). However, as part of the services offered to you, some of your information may be transferred to countries outside the EEA (for example because of where our IT service providers may locate their servers).
Where your information is being processed outside of the EEA we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Notice. We will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
Rights of access, correction, erasure, and restriction
Your duty to inform us of changes
It’s important that the personal data we hold about you is accurate and current. Should your personal information change, please let us know so we can update it accordingly.
Your rights in connection with your personal data
Under certain circumstances by law you have the right to:- request access to the personal data we hold about you
– require correction of the personal data we hold about you- request erasure of your personal data
– object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.
– request the restriction of processing of your personal data- request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your right to withdraw consent
Where we are processing your data on the basis of your consent (for example, in relation to direct marketing you’ve indicated you’d like to receive from us), you have the right to withdraw your consent for that specific processing at any time. Please contact us as indicated below in order to do this or, in relation to receipt of emails, you may click unsubscribe at the bottom of any marketing or general information email we send to you.
Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you have any concerns about data privacy, please contact Andrew Fitzgibbon (who also does everything else around here) at firstname.lastname@example.org. You can also find more information at the Information Commissioner’s Office website at https://ico.org.uk