FAIR PROCESSING NOTICE (CUSTOMER DATA)
1 About this document
1.1 During the course of our activities I, Steven Gregson, will process personal data (which may be held on paper, electronically, or otherwise) about our customers and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the Data Protection Act 1998 (DPA) and the General Data Protection Regulations (GDPR). The purpose of this notice is to make you aware of how we will handle your personal data.
1.2 This notice may be amended at any time.
1.3 This notice applies to all customers of Steve Gregson Photography.
2 Data protection principles
2.1 I, Steven Gregson, will comply with the eight data protection principles in the DPA, which say that personal data must be:
(a) Processed fairly and lawfully.
(b) Processed for limited purposes and in an appropriate way.
(c) Adequate, relevant and not excessive for the purpose.
(e) Not kept longer than necessary for the purpose.
(f) Processed in line with individuals’ rights.
(h) Not transferred to people or organisations situated in countries without adequate protection.
2.2 “Personal data” means recorded information I hold about you from which you can be identified. It may include contact details, other personal information, photographs which are linked in some way with personal identifiers, expressions of opinion about you or indications as to our intentions about you. “Processing” means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.
3 Fair and lawful processing
3.1. I, Steven Gregson, will usually only process your personal data for the legitimate interest of the provision of customer services. With your consent, your data may also be used for marketing purposes related to Steve Gregson Photography.
4 How we are likely to use your personal data
4.1. In providing customer services to you, we use your data in the following ways:
To update and enhance customer records;
to market and promote Steve Gregson, or Steve Gregson Photography using your image, constituting ‘legitimate interests’
– For statistical analysis to help us manage our business;
– In order to complete statutory returns; and
– For legal and regulatory compliance.
5 Processing for limited purposes
I, Steven Gregson, will only process your personal data for the specific purpose or purposes notified to you or for any other purposes specifically permitted by the DPA.
6 Adequate, relevant and non-excessive processing
Your personal data will only be processed to the extent that it is necessary for the specific purposes notified to you.
7 Accurate data
I, Steven Gregson, will keep the personal data we store about you accurate and up to date. Data that is inaccurate or out of date will be deleted/ destroyed. Please notify Steve Gregson if your personal details change or if you become aware of any inaccuracies in the personal data he holds about you.
8 Data retention
I, Steven Gregson, will not keep your personal data for longer than is necessary for the purpose. This means that, unless you have provided your consent to continue to receive marketing material from Steve Gregson or Steve Gregson Photography, your data will be destroyed or erased from our systems when it is no longer required. Most customer data, other than data that we are required to retain for legal reasons, will be destroyed after a period of 24 months following completion of our services to you. Any data that we are legally required to retain will be destroyed within 6 months of that legal obligation ceasing to apply.
You may withdraw your consent to the use of your data for marketing purposes at any time. Any member data used for that purpose will be destroyed within 7 days of notification of withdrawal of such consent.
9 Processing in line with your rights
You have the right to:
(a) Request access to any personal data I hold about you.
(b) Prevent the processing of your data for direct-marketing purposes.
(c) Ask to have inaccurate data held about you amended.
(d) Prevent processing that is likely to cause unwarranted substantial damage or distress to you or anyone else.
(e) Object to any decision that significantly affects you being taken solely by a computer or other automated process.
10 Data security
10.1 I, Steven Gregson, will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
10.2 I, Steven Gregson, have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. I will only transfer personal data to a third party if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself.
10.3 Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.
11 Providing information to third parties
Please note that our services for you may require us to pass on such information to third parties such as your agent, repro print company, production company or similar. We may also give such information to others who perform services for us, such as IT consultants. Our business may be audited or checked by our accountants, or by other professional bodies/organisations. We do not normally copy such information to anyone outside the European Economic Area. All such third parties are required to maintain confidentiality in relation to your personal data.
12 Subject access requests
If you wish to know what personal data we hold about you, please make the request in writing addressed to Steve Gregson.