The Property Photography Company Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, www.thepropertyphotographycompany.co.uk and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
In this Policy the following terms shall have the following meanings:
means an account required to book a service on Our Site;
means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;]
Our Site is owned and operated by, The Property Photography Company Ltd registered in England under company number 11758246.
Registered address: 20-22 Wenlock Road, London, England, N1 7GU..
Data Protection Officer: Paul Stott.
Telephone number: (01223) 455173 or 07341 948104.
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Under the GDPR, you have the following rights, which we will always work to uphold:
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 15.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for the following purposes:
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email or post with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
Data subjects have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on the data subject or otherwise significantly affects them.24 An example of a legal effect is a decision that impacts an individual’s legal or civil rights, or their rights under a contract. Examples of significant effects include decisions that have a financial impact on individuals, or impact their employment.
We do not currently engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Services that include elements of automated decision-making are highlighted in the table below:
Temporary blacklist of IP addresses associated with repeated failed transactions
Persists for a small number of hours.
Temporary blacklist of credit cards associated with blacklisted IP addresses
Persists for a small number of days.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for 18 calendar months from the date of your last order.
Our website, www.thepropertyphotographycompany.co.uk uses the shopify platform and therefore its data is transferred and stored outside the EEA.
Personal data of residents of the EEA can only be transferred to recipients outside the EEA if the recipient has adequate protections in place. These protections may include:
● Adherence to domestic laws that have been deemed adequate by the European Commission
● Negotiated agreements (such as the EU-U.S. Privacy Shield)
● Contractual protections
● Approved sets of internal policies (Binding Corporate Rules)
● Approved codes of conduct or certifications
Shopify has protections for personal data in every step of its data flow, as described below. The following diagram illustrates Shopify's data transfer structure:
EEA personal data is received and initially processed by Shopify's Irish entity, Shopify International Ltd.
EEA to Canada
Data is exported from the EEA to Shopify’s Canadian parent entity, Shopify Inc. This export takes place within Shopify’s corporate structure.
Data within Shopify Inc. is protected under PIPEDA, Canada’s private
sector privacy legislation, which is considered adequate under the GDPR.
Shopify Inc. uses a combination of data centres and cloud service providers to store this personal data in the United States and Canada.
When personal data is transferred to the United States, it is either done so through the EU-U.S. and Swiss-U.S. Privacy Shield, for Shopify’s own storage, or through contractual data protection addenda (DPAs) with third-party service providers. The EU-U.S. and Swiss-U.S. Privacy Shields are also considered adequate under the GDPR. Shopify’s Privacy Shield certification statement can be found on PrivacyShield.gov.
Additionally, Shopify is in the process of applying for approval of Binding Corporate Rules (BCRs) by the Irish Data Protection Commissioner. After they are approved, Shopify will rely on these BCRs to protect the personal data that is transferred between Shopify’s corporate entities worldwide.
We will never independently sell personal data for commercial purposes. However, Shopify does disclose personal data to third parties or allow third parties to access personal data to help provide services—for example, to:
● Store platform data
● Respond to and manage support inquiries
Additionally, Shopify may provide personal data, where permitted, to prevent, investigate, or respond to:
● Potential fraud
● Illegal conduct
● Physical threats
● Violations of any agreements with Shopify
We and Shopify will also provide information to third parties when legally required to do so. Where When We or Shopify believe it is legally required to provide information, and not legally prohibited from disclosing the existence of the legal order, it will notify the data subject and give the data subject a chance to seek a protective order.
You may access certain areas of Our Site without providing any personal data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email address shown in Part 15.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Paul Stott):
Email address: firstname.lastname@example.org
Telephone number: 07341 948104
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.