When you agree to attend, or your child attend a Photo Event, we will collect your contact information to ensure your/your Childs photos are kept safe and made available only to yourself. Under the terms of legitimate interests we may collect this in advance using information the Event Organiser holds on you already.
When you create an account, buy a product or agree to have you or your child photographed by us, we will collect your information which depending on the service we are providing, may include your contact and billing information.
When you use a social media feature within our website, and you post to social media platforms, the social media site will provide us with some information about you.
If you have accessibility requirements, we want to make sure you have the best experience when attending events. To do this, we need to collect details of your requirements (which may involve you providing information about your mental or physical health).
In the few instances where we collect personal information from children, we always seek parental consent and will only ever collect such information for the purposes specified when we collect it.
Should you or your child be “at risk” or of “protected” status, please inform us in advance and we can advice you of the steps we take to maintain the security of these photos/products.
When you get in contact with us by email or via our contact forms on our website we collect your name and email address. By entering personal information into these forms and selecting the “Send” button, you have provided consent of passing information through these systems.
We will use a third party to store and manage the information and to send you emails regarding the photo shoot and related products. We may also use this service to contact you with marketing materials, unless you have not previously opted in to receiving such information. You can unsubscribe to these emails at anytime by using the information on the email. Learn more about Mailchimp’s privacy practices here.
When you browse our Website, whether or not you are registered, purchase a product or register to receive our emails, we will collect user information such as your location, language, assumed gender, IP address, when you visited our Website, how you arrived on our Website, where you visit after our Website, the pages you visited, how long you spend browsing individual pages on our Website and the browser (where applicable) and the device you used to access our Website.
If you choose a direct payment gateway to pay for your product, then Stripe (our dedicated supplier for payment processing) stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary for your hire and all direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service.
For the performance of our contract with you, We use your information when you enter into a contract with us (for example to buy Photographs or a related products) so we can:
- process your order
- take payment, and
- provide you with customer support.
For our legitimate business interests
- To conduct market research and analysis which helps improve and customise our products and services.
- For our marketing purposes, unless your consent is required for such marketing.
- To send you customer service emails including booking confirmations and event reminders.
- To prevent or detect unlawful behaviour, to protect or enforce our legal rights or as otherwise permitted by law. For example, making sure products get into the hands of the owners/parents/guardians.
Where you’ve given your consent
- To contact you with information or offers regarding our upcoming events, products or services – this may be via email (whether through normal means or third party software), via push and web notifications, via SMS, or social media platforms.
- To deliver tailored advertising and marketing communications on our websites (see our Cookies Policy for more information).
- To process your health data to meet your accessibility requirements, where specifically required and explicit consent is provided.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
If you are subscribed to receive our marketing emails you will only receive a maximum of 1 marketing email per week
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
We store and use your data only when you have given us consent to use it.
We will not keep your personal information for any purpose(s) for longer than is necessary and we will only retain the relevant personal information that is necessary in relation to the purpose.
We will retain the personal information you provided on registering an account on our Website so long as that account remains in existence.
On making a hire through our Website or other means, we will retain certain limited personal information such as your name, email address postal address and purchase history until you ask us to update or delete those details. We retain transaction information for as long as required by law.
If we are legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also retain some of your personal information for a limited period of time, even after you have closed your account.
The information that we collect from you may be transferred to, and stored outside the European Economic Area (“EEA”). Where we do so, the third country’s data protection laws will have been approved as adequate by the European Commission, or other applicable safeguards are in place.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
Google Double Click
When you click on links on our website, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
The following is a summary of your rights in relation to the EU GDPR. Further information can be found on the EU GDPR official page under Rights for citizens.
Right to be informed – The intention of this privacy statement is to provide transparency on when personal information is collected, what information is collected, what it is used for, the lawful purpose of processing, how long the data is retained, our contact information and provide your rights. Any questions regarding the privacy statement should be directed to the Data Controller.
Right of Access – You have the right to request what information is being held about you and how it is being used. You also have the right to lodge a complaint with a supervisory authority.
Right to Rectification – You have the right to obtain the correction of inaccurate or incomplete data.
Right to Erasure (right to be forgotten) – You have the right to obtain the erasure of your personal data where it is no longer necessary in relation to the original purpose it was collected and where there is no other legal ground for processing.
Right to restrict processing – You have the right to restrict what Stattoo Limited does with your data to the extent permitted by law.
Right to Object – You have the right to object the process of your personal data for marketing and/or profiling purposes without having to provide a specific reason to the objection.
Automated Decision Making and Profiling – You have the right to object to automated processing and profiling.
Exercising Your Rights
To exercise these rights or if you have any queries or concerns regarding how we use your personal data, please write to Data Controller, 37 Walgrave, Orton Malbourne, Peterborough. If you are not happy with our response, you can contact the Information Commissioner’s Office: https://ico.org.uk
If our business is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
Data Controller; firstname.lastname@example.org or by mail at Stattoo Ltd, 37 Walgrave, Orton Malborne, Peterborough.
Updated September 2020