THIS PRIVACY NOTICE EXPLAINS IN DETAIL THE TYPES OF PERSONAL DATA WE MAY COLLECT ABOUT YOU WHEN YOU INTERACT WITH US. IT ALSO EXPLAINS HOW WE’LL STORE AND HANDLE THAT DATA AND KEEP IT SAFE. 

 

WE KNOW THAT THERE’S A LOT OF INFORMATION, BUT WE WANT YOU TO BE FULLY INFORMED ABOUT YOUR RIGHTS, AND HOW KENSA STUDIOS LIMITED USES YOUR DATA. 

 

WE HOPE THE FOLLOWING SECTIONS WILL ANSWER ANY QUESTIONS YOU HAVE BUT IF NOT, PLEASE DO GET IN TOUCH WITH US. 

 

IT’S LIKELY THAT WE’LL NEED TO UPDATE THIS PRIVACY NOTICE FROM TIME TO TIME. WE’LL NOTIFY YOU OF ANY SIGNIFICANT CHANGES, BUT YOU’RE WELCOME TO COME BACK AND CHECK IT WHENEVER YOU WISH. 

  

WHO IS KENSA STUDIOS LIMITED? 

 

Kensa Studios Limited is one of the South West’s leading personal portraiture photographers who also offer boudoir make over experiences. 

 

EXPLAINING THE LEGAL BASIS WE RELY ON 

 

The law on data protection sets out six ways which a company may collect and process your personal data, having analysed our customer database and business model we have assessed that Legitimate Interest is the primary basis. The legal basis that is used for Kensa Studios Ltd is Legitimate Interest for prospective customers and Contractual for clients. 

 

WHEN DO WE COLLECT YOUR PERSONAL DATA? 

 

Personal data is collected from enquiries through our personal contacts, social media enquiries, referrals and inbound phone calls. 

 

WHAT SORT OF PERSONAL DATA DO WE COLLECT?

 

The personal data we collect is limited to the level we need to deliver our services and is made up of the following: 

 

  • Name 

  • Email address 

  • Phone number 

  • Postal address 

  • Images 

  • Card Details for late charges & no shows Card details entered via Paypal on the website shop if used

  • Bank Details for direct debit  

  •  

HOW AND WHY DO WE USE YOUR PERSONAL DATA? 

 

Your personal data is used to ensure the services we deliver are suitable and appropriate and any data collected is only used to administer and deliver those services. 

  • To clarify bookings and confirm the order process. 

  • To collect card details to charge for no shows and late shoot date changes 

  • To collected bank details for the purpose of a direct debit facility 

  • To respond to your queries and complaints. 

  • To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice. 

  • To comply with our contractual or legal obligations to share data with law enforcement. 

Of course, you are free to opt out at any time. 

 

HOW WE PROTECT YOUR PERSONAL DATA 

 

We use well established software to support our business and all software companies used have provided us with their GDPR Privacy Policy. 

We use Tave for our client information, where you can view their Privacy Policy here. 

We use Timely for the online booking system – you can view their Privacy Policy here

We use Go Cardless for our Direct Debit system – you can view their Privacy Police here.  

Access to your personal data is password-protected and sensitive data such as card payment details is secure. For payment transactions we use Payment Sense – you can view their Privacy Policy here. Payment transactions are also carried out through Stripe – you can view their Privacy Policy here. 

Another example would be our communications which is managed using Microsoft Office 365 which has an updated Privacy Amendment which can be viewed here. 

In addition, we have internal processes for any employees or associates which clearly states their terms of reference and how personal data will be used. 

We use paypal for anything purchased on our online website. You can view their Privacy Policy here.

 

HOW LONG WILL WE KEEP YOUR PERSONAL DATA? 

 

Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected. We keep images for six months prior to deletion, however, some images may be used for marketing purposes for an extended period with the prior consent of the client. We may keep images for longer if someone still has payments to make towards their order. Customer database details such as name, address, email and notes may be kept longer so that when a customer returns we have their details on file already and can review information about the clients previous shoots.  

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. 

 

WHO DO WE SHARE YOUR PERSONAL DATA WITH? 

 

Your personal data is only used to deliver the services described in Section 5. 

 

WHERE YOUR PERSONAL DATA MAY BE PROCESSED 

 

Protecting your data outside the UK 

We may transfer personal data that we collect from you to third-party data processors in countries that are outside the UK such as Australia or the USA. This will only be done using the technology solutions highlighted in section 6. 

If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times. Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice. 

 

WHAT ARE YOUR RIGHTS OVER YOUR PERSONAL DATA? 

 

The GDPR provides the following rights for individuals: 

 

  1. The right to be informed 

  1. The right of access 

  1. The right to rectification 

  1. The right to erasure 

  1. The right to restrict processing 

  1. The right to data portability 

  1. The right to object 

  1. Rights in relation to automated decision making and profiling 

 

Where any subject access request is made there is a requirement to prove identity before any information is divulged. This may involve physical presence with accompanying ID. 

Where a request to “Be forgotten “is made that can only be complied with if there are no other legal frameworks that overrule GDPR. Examples would be HMRC, FCA, etc. 

 

REGULATION CHANGES AND REMEDIAL ACTIONS 

 

The GDPR is live as from 25th May 2018 and the UK Data Privacy Bill gained Royal Ascent on 23rd May 2018. This Notice is based on the regulations as they exist with a review process set up to make any adjustments required to become and stay compliant. 

In the event of any changes or processes which need remedial action the review procedure will capture those issues and remedy them. 

 

12. CONTACTING THE REGULATOR 

 

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. 

You can contact them by calling 0303 123 1113. 

Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites) 

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. 

 

INTRODUCTION 

 

This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe. 

We know that there’s a lot of information, but we want you to be fully informed about your rights, and how Kensa Studios Limited uses your data. 

We hope the following sections will answer any questions you have but if not, please do get in touch with us. 

It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.