GDPR PRIVACY POLICY
Introduction
LaHu Studios Ltd. takes your privacy very seriously. This privacy policy has been prepared in line with the EU’s General Data Protection Regulation (GDPR), which promotes fairness and transparency for all individuals in respect of their personal data.
Who we are
This is the privacy policy for LaHu Studios Ltd.
Registered office address: 10 Long Lane Close, Holbury, New Forest, UK, SO45 2LE
Phone: 07525760920
Email: hello@lahubrandvisibility.com
Compliance Declaration
Both LaHu Studios and this website, www.lahubrandvisibility.com and it's subdomains, comply with the DPA, GDPR and PECR. The GDPR comes into effect on the 25th of May 2018. This Notice is updated whenever changes are made to relevant data protection legislation.
Who to contact regarding your data and privacy
Please contact us using the details above.
The purposes for which we will use and process your data
If you are a client we will process your data in accordance with the contract you have signed with us. We will also process your data in accordance with any legal obligations we have.If you are a potential client we will only use your data in relation to providing you with details and information about the potential working relationship. If you do not become a client, any personally identifiable information we hold about you will be destroyed, unless you explicitly consent to us retaining that information.If you have signed up to our newsletter or email list we will use your data only for that purpose.
We will inform you at the time of collecting your data what it will be used for.As a data controller we collect a variety of data in order to deliver our services and we will manage your personal data transparently, fairly and securely. We may ask you to provide us the following data – First and last names, contact numbers, email and postal addresses as well as other information pertaining specifically to your booking. Being a photographic business we also create and manage images as per our contractual agreement(s). We use the above data to deliver our service to you.
We collect this data on the following lawful basis to arrange or fulfil a Contract. When you visit our website we may also collect Cookies. These are small pieces of data that websites send to a user’s computer and are stored on the user’s web browser. They are designed to enable the website to remember information, such as what a user might have put in a shopping cart for example. This helps us monitor website traffic.
The lawful basis for which we will process your informationUnder GDPR we have to make everyone whose data we hold or whose data we may be collecting aware of the lawful basis under which we will be processing your data. LaHu Studios Ltd.. will be processing your information under the lawful basis of;
Contract
As part of our contract to provide you with our services we will process your data for reasons of invoicing and payment and any legal obligations surrounding this such as for tax purposes.
As part of our contract to provide you with our services we will process your data for reasons of marketing, invoicing and payment and any legal obligations surrounding this such as for tax purposes.
Consent
When you sign up to any of our email lists or newsletters we will ask you for consent to contact you using the details given. You have the right to withdraw this consent at any time by contacting us via the details above.
Your Right to Withdraw Consent
You have the right to withdraw your consent to be bound by this Notice at any time. If you wish to do so, please use the contact form at the bottom of this page. You also have the right, as set out above, to withdraw your consent to my processing your personal data.
Legitimate Interest
There may be times when we use your information if we feel there is a reason of legitimate interest to do so. This means if we have some information which we feel could be useful to you or your business. For example, to inform you of changes to our privacy policy. We may also contact you to inform you of changes to our business or new services that we offer if we deem them to be relevant to you. You have the right to object to your data being used in this way and if you do object, please contact us via the details above.
Your Rights Under the GDPR
Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows: Right to be informed about the collection and use of your personal data. Right to access your personal data, and any supplementary information which constitutes personal data. Right to have your personal data rectified; this means you can ask me to correct your personal data if it changes, turns out to be inaccurate, or is incomplete. Right to have your personal data deleted; this means that you have the right to request the deletion or removal of your personal data.
There are some circumstances when you do not have this right. Right to restrict me processing your personal data. Right to data portability. Right to object to me processing your personal data. Rights related to automated decision making including profiling. Most of these Rights will apply to your personal data and how it is processed by LaHu Studios, but some (such as the right to data portability and rights related to automated decision making including profiling) are not relevant to this business at the time of writing. If you want to know more about your rights, please click here. For other information relating to data protection legislation, please visit the ICO website directly.
Third parties
Most of our data we collect directly from you.
The only time we receive data from a third party is when work is referred to us from another company. The information we are given is minimal and only what is necessary to make contact with you; name and email address or phone number. In this situation, when we first have direct contact with you, we will ensure the information we have about you is correct and we will only use the data in relation to the work we are undertaking for you and on occasion under the lawful basis of legitimate interest as outlined above.
When we have a contract with you, on occasion we have to share some of your data with third parties in line with legal obligations such as for accounting and tax purposes. When doing this we will only share what is necessary.
We use third party software on occasion when processing some of your data. The software companies that we use comply with GDPR.
They are:
ActiveCampaign (https://www.activecampaign.com/gdpr-updates/)
Dropbox (https://www.dropbox.com/en_GB/security/GDPR)
Google Cloud (https://cloud.google.com/security/gdpr/)
Pixieset (https://pixieset.com)
17 Hats (www.17Hats.com)
Other than ‘Second photographers’ or ‘Associate photographers’ who join me on shoots and need information to be able to do their job and those third parties mentioned in this notice and listed below, LaHu Studios Ltd. shall not pass your personal data to any third party. Your personal data may, subject to obligations to comply with data protection legislation, be shared with the following third parties mentioned above.
Having taken precautions to maintain the security of such personal data, I may in certain circumstances share personal data with the ICO, and other legal, regulatory and law enforcement bodies; In anonymised form, I may share personal data with: Any third party, in relation to the sale of some or all of my business, or its assets, or as part of any business restructuring or reorganisation. I will take steps with the aim of ensuring that your rights continue to be protected if your personal data is transferred in accordance with this clause; and Data aggregators and platform providers as part of an analysis of user metrics or sales performance (including but not limited to Google and Facebook).
In certain circumstances I may also share your personal data with third party media businesses for the purposes of marketing my offerings, improving my services, and running a profitable business. These third party businesses may include; magazines/publications, social media sites, or other outlets, with the aim of raising public awareness of my business.
Your information will never be sold to profit motivated organisations for their or our financial gain.
Why do we Share your Personal Data with the Above?
We share your data in order to deliver our service to you / for marketing purposes. We may transfer personal data to a country outside of the European Economic Area (EEA) if necessary e.g. if a third party we utilise could have servers located outside of the EEA. If this is the case, we will either obtain your consent or otherwise ensure that the transfer is legal and your data is secure by following the EU’s guidelines.
How do we Keep your Personal Data Secure?
We keep your data secure and only accessible by trained members of our team. In the unlikely event of a criminal breach of our security we will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, we will also inform you.
Retention periods
We will retain your information for as long as we feel it is relevant or necessary and we will check that your details are still correct if a significant period of time has passed since last contacting you.
If we have a contract with you and your details are relevant to us for tax purposes, we will keep your data for at least five years after the submission deadline of the relevant tax year.
We will retain your information for as long as we feel it is relevant or necessary and we will check that your details are still correct if a significant period of time has passed since last contacting you.
If we have a contract with you and your details are relevant to us for tax purposes, we will keep your data for at least six years after the submission deadline of the relevant tax year.
Your rights and your data
You have the right to request to see the information that we hold about you.
You have the right to rectification, which means the right to ask us to amend any data we hold about you which is not accurate.
You have the right to request that we delete your data. In some circumstances this may not be possible if we need to retain some of your data to comply with legal obligations that we have. We will notify you if this is the case.
You have the right to restrict processing which means to inform us if you only wish us to use your data for certain purposes. For example, if we are unable to delete your data because of tax purposes you can request that this is the only reason we will hold it and we will not contact you for any other reason.
You have the right to change or withdraw consent that you have given about how your information or data may be used.
If you wish to exercise any of your above rights please contact us via the details above.
Complaints
If you have a complaint about how your data is being used by us, you have the right to make a com-plaint to The Information Commissioner's Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.