Lunia Photography Ltd
This Privacy Notice is provided by Lunia Photography Ltd. This Policy forms part of our legal information and confirms how we handle data which identifies you. If you have any queries regarding your personal information, please contact us at firstname.lastname@example.org.
The use our website and its pages, www.lunia-photography.co.uk, are possible without any collection of personal data by us; however, if you want to use some services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from you.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR). By means of this data protection declaration, we would like to inform you of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, you are informed, by means of this data protection declaration, of the rights to which you are entitled.
You may request to see copies of any personal information held and also request that that information is updated or removed in its entirety. This service is offered to you free of charge via an e-mail to email@example.com or by calling us on 01704 548032.
Your rights under the GDPR;
Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows:
- Right to be informed about the collection and use of your personal data.
- Right to access your personal data.
- Right to have your personal data rectified.
- Right to have your personal data deleted.
- Right to restrict me processing of personal data.
- Right to data portability.
- Right to object to the processing of your personal data.
- Rights related to automated decision making and profiling.
These rights, where applicable, will be applied to your personal data and how it is processed by Lunia Photography Ltd.
For a more in-depth look at your individual rights and for further information to data protection legislation please visit the ICO Website https://ico.org.uk/for-the-public/
The data protection declaration of the Diana Celine Photography is based upon the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR).
Below is a list of definitions used by the GDPR and an explanation.
a) Personal data
Personal data means any information relating to an identifiable living person. An identifiable living person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, date of birth, address, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
b) Data subject
Data subject is any identified or identifiable living person, whose personal data is processed.
Processing is the operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the Controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Lunia Photography Ltd 5 Wesley Street, Southport, Merseyside PR8 1BN United Kingdom
Telephone: 01704 548032
3. How your data is collected and used
By the very nature of our business, Lunia Photography Ltd, only collects small but relevant personal information that we use to offer a personalised professional experience. For this purpose we may collect the following from data;
- Telephone number
- Email Address
- Dates of Birth
The data is collected from the following sources;
Via the website
The website of Lunia Photography LTD contains information that enables a quick electronic contact to our business, as well as direct communication with us, which also includes a general email address (firstname.lastname@example.org). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller is stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
The website of Lunia Photography does not contain cookies. Cookies are small files installed on your browser device that allow websites to find out more about your browsing behaviour.
Via the Telephone
Verbal personal data obtained for the purpose of our services will be processed and stored on a secure database. There is no transfer of this personal data to third parties. We will always seek your permission to obtain your personal data before we collect it.
By completing a contact form on our website you are agreeing to be contacted. We may contact you via text, phone call, email or on facebook. If you wish not to be contacted by one or more of these mediums, please email email@example.com to specify.
Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
To visit a client gallery you will be required to enter personal data (namely your email address) and a password. Your personal data (email address) will be stored within Pixieset’s system, on their servers and will be used to email you up to a maximum of four times and only with information relevant to the client gallery you have accessed. Any such emails sent to you will only be during the two week period for which the gallery is live. After two weeks has passed since a gallery was created it is automatically deleted and your personal data (email address) is completely removed from Pixieset’s system.
Only Lunia Photography Ltd will have access to your personal data (email address) stored on Pixieset’s system on behalf of Lunia Photography Ltd. It will only be used as detailed above, will not be used for any other marketing purposes and will not be passed onto any third parties. Pixieset’s technical support team will have the means to access to your personal data (email address) but will never access or share this data other than by request from Lunia Photography Ltd.
By logging into a LuniaPhotography Ltd client gallery you are agreeing to opt in to receive relevant, gallery-specific emails as described above. Emails are automated so if you do not wish to receive such emails it is advised that you do not log into any Lunia Photography Ltd client galleries.
Display of Images
We will report any unlawful data breach to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
3. Portrait photography as a form of Personal Data
In terms of explicit GDPR compliance, individuals are photographed within the parameters of GDPR legislation on the basis of ‘legitimate interests’. The taking of photographs when viewed as a form of processing personal data is necessary for the legitimate interests of Lunia Photography Ltd as a photography business unless there is a good reason to protect a given individual’s personal data which overrides those legitimate interests.
Withdrawal of Consent
Anyone photographed by Lunia Photography Ltd may withdraw their consent for a photograph in which they appear to be displayed. The process for this is to email Lunia Photography Ltd at firstname.lastname@example.org specifying the photo in question.
Social Media Policy and Usage
We adopt a safe and responsible Social Media Policy. While we may have official profiles on social media platforms users are advised to verify the authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
4. Your right to lodge a complaint