It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT
Depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the information listed below to enable us provide you with the services that are tailored to your circumstances and your interests.
- Age/date of birth;
- Marital status;
- Contact details;
- Emergency contacts and details of any dependants;
- A copy of your driving licence and/or passport/identity card;
-Diversity information including racial or ethnic origin, religious or other similar beliefs, and physical or mental health, including disability-related information;
- Extra information that you choose to tell us;
- IP address;
- The dates, times and frequency with which you access our services
CLIENT DATA: The data we collect about Clients is actually very limited. We generally only need to have your contact details or the details of individual contacts at your organisation (such as their names, telephone numbers and email addresses) to enable us to ensure that our relationship runs smoothly.
SUPPLIER DATA: We don't collect much data about Suppliers – we simply need to make sure that our relationship runs smoothly. We'll collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We'll also collect bank details, so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.
HOW DO WE COLLECT YOUR PERSONAL DATA
We collect client’s personal data in three primary ways:
1. Personal data that you, the Client, give to us;
2. Personal data that we receive from other sources; and
3. Personal data that we collect automatically.
Personal data you give to us
There are numerous ways you can share your information with us. It all depends on what suits you. These may include
- Entering your details on the Nargis Cross website
- Emailing Nargis Cross photography Ltd directly
- Entering a competition through a social media channel such as Facebook or Twitter.
- Contacting Nargis Cross Photography Ltd via phone
Personal data we receive from other sources
We also receive personal data about Client’s from other sources. Depending on the relevant circumstances and applicable local laws and requirements, these may include personal data received in the following situations:
- If you 'like' our page on Facebook or 'follow' us on Twitter or Instagram we will receive your personal information from those sites
Personal data we collect automatically
To the extent that you access our website or read or click on an email from us, where appropriate and in accordance with any local laws and requirements, we may also collect your data automatically or through you providing it to us.
We collect Client personal data in two ways:
1. Personal data that we receive directly from you;
2. Personal data that we collect automatically.
When you visit our website there is certain information that we may automatically collect, whether you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via the website, for example by using the chat function.
HOW DO WE USE YOUR PERSONAL DATA?
Having obtained data about you, we then use it in a number of ways.
-Provision of the services
○ Contact details to discuss arrangement, plans, ideas and the schedule of works
○ Photographs/videos once they have been take could be used for marketing purposes
○Banking details may be used should monies need to be retuned
○We may contact you via email regarding the photographs/videos/consulting that has taken place
- Marketing activities
○Photograph/Videos could be used for marketing purposes by Nargis Cross Photography Ltd
○Photographs/Videos may also be used by Suppliers involved within the provision of the services as per agreed
- We need your consent for some aspects of these activities which are not covered by our legitimate interests (in particular, the collection of data via cookies, and the delivery of direct marketing to you through digital channels) and, depending on the situation, we'll ask for this via an opt-in or soft-opt-in
○Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us (for example, having worked with Nargis Cross Photography Ltd previously), and we are marketing other photography/videography/consultancy-related services. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out
○If you are not happy with that approach to obtaining your consent, you have the right to withdraw your consent at any time.
Some of the data we may (in appropriate circumstances and in accordance with local law and requirements) collect about you comes under the umbrella of "diversity information". This could be information about your ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs, and/or social-economic background. Where appropriate and in accordance with local laws and requirements, we'll use this information on an anonymised basis.
This information is what is called ‘sensitive’ personal information and slightly stricter data protection rules apply to it. We therefore need to obtain your explicit consent before we can use it. We'll ask for your prior to using any information that is classified as such. This means that you have to explicitly and clearly tell us that you agree to us collecting and using this information.
We may collect other sensitive personal data about you, such as health-related information or religious affiliation if this is appropriate in accordance with local laws and is required for the purposes of the agreement. We will never do this without your explicit consent.
HOW DO WE SAFEGUARD YOUR PERSONAL DATA?
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.
If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately
HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We will Delete your personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for two years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.
When we refer to "meaningful contact", we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services.
HOW CAN YOU ACCESS, AMEND OR TAKE BACK THE PERSONAL DATA THAT YOU HAVE GIVEN TO US?
One of the GDPR's main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.
Right to object:
- This right enables you to object to us processing your personal data where we do so for one of the following four reasons: (i) our legitimate interests; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; and (iv) for scientific, historical, research, or statistical purposes.
- The "legitimate interests" and "direct marketing" categories above are the ones most likely to apply to our Website Users, Candidates, Clients and Suppliers. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
- we can show that we have compelling legitimate grounds for processing which overrides your interests; or
- we are processing your data for the establishment, exercise or defence of a legal claim.
- If your objection relates to direct marketing, we must act on your objection by ceasing this activity.
Right to withdraw consent:
- Where we have obtained your consent to process your personal data for certain activities (for example, for our marketing arrangements or automatic profiling), you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.
Data Subject Access Requests (DSAR):
- You may ask us to confirm what information we hold about you at any time, and request us to modify, update or Delete such information. We may ask you to verify your identity and for more information about your request.
Right to erasure:
- You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
- the data are no longer necessary for the purpose for which we originally collected and/or processed them;
- where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
-the data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);
it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
- if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
-We would only be entitled to refuse to comply with your request for one of the following reasons:
to exercise the right of freedom of expression and information;
to comply with legal obligations or for the performance of a public interest task or exercise of official authority
for public health reasons in the public interest;
for archival, research or statistical purposes; or
to exercise or defend a legal claim.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to Delete the relevant data.
Right to rectification:
You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold
about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
What's a cookie?
- A "cookie" is a piece of information that is stored on your computer's hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.
- Cookies are used by nearly all websites and do not harm your system. If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings. We also provide information about this in our Marketing preferences page on the Hays website.
- Collect any personally identifiable information (without your express permission)
- Collect any sensitive information (without your express permission)
- Pass data to advertising networks
- Pass personally identifiable data to third parties
Turning Cookies Off
- You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies
The Data Protection Act 1998:
Nargis Cross Photography Ltd is committed to your right to privacy.
Nargis Cross Photography Ltd is committed to handling your information responsibly. We will not store or use your details for marketing purposes without your express permission and if at any time you wish to "opt-out" of such use then you may contact us via the enquiry form and we will remove your details from systems.
Nargis Cross Photography Ltd will never pass your details onto any third parties for marketing or sales purposes.
Registration details and site visitor information will only be used to deliver the services you have requested (e.g. Email Newsletters).
Please contact us if you require further information.