Data Protection Principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
Processing is fair, lawful and transparent.
Data is collected for specific and legitimate purposes.
Data collected is adequate, relevant and limited to what is necessary.
Data is kept accurate and up to date. Data, which is found to be inaccurate, will be rectified or deleted without delay.
Data is not kept for longer than is necessary for its given purpose.
Data is processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage.
We comply with the relevant GDPR procedures for international transferring of personal data.
Types of data held and how we collect it
We keep personal data in order to carry out effective and efficient business processes. We keep this data in secure paper and online files, relating to each client, within our computer systems; including our accounting systems for payment records.
You provide data through email communication, telephone calls or through enquiries made through our company website.
Specifically, we hold personal details such as client company name and address, email and telephone contact details and website address/social media handle.
Unless specifically required, we ask that you not send us and not disclose to us any sensitive personal data (e.g. data related to social/ethnic origin, political opinions, religion, health).
How we use your personal data and what our legal basis is for this use
The law on data protection allows us to process your data for certain reasons only. In the main, we process your data in order to comply with a legal requirement; to fulfill the contract we have with you.
This is relevant where you book photographic services with us and data will be processed to verify your company details, access contact information, process payments made and for us to provide ongoing customer support.
We may also use your data to conduct our legitimate interests. In particular, in sending you future electronic marketing communications – in accordance with your authorisation. *If however, you do not wish us to use the data for these purposes, you can notify us at any time.
Failure to provide data
Your failure to provide us with data may mean we are unable to fulfill our requirements for entering into a contract with you or performing the contract that we have entered into.
Who we share your data with
We may on occasion share your data with our third party service providers. For example, third party service providers help support our IT infrastructure, process payments from you on your behalf or provide professional services such as legal and accountancy support. These service providers will only be allowed to access and use your data in accordance with our instructions and will be required to keep your data secure.
Protecting your data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented appropriate organisational measures to guard against such.
All employees within our company, who have responsibility for the completion of business processes, have been trained in ensuring data is processed in line with GDPR.
How long we keep your personal data
We keep your data for as long as we need it for the duration of your engagement with us in contracted work and for a maximum period of 3 to 6 years thereafter, according to legal and accounting requirements.
Unless otherwise requested by you, we will retain contact detail data in order to periodically notify you of any changes to our services or terms of business or to notify you of marketing information. Where we process your data for marketing purposes, as consented by you, we process the data until you ask us to stop.
Data Subject rights – accessing and correcting your personal data
You have the following rights in relation to the personal data we hold on you:
The right to be informed about the data we hold on you and what we do with it.
The right of access to the data we hold on you.
The right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’.
The right to have data deleted in certain circumstances.
The right to restrict the processing of data.
The right to transfer the data we hold on you to another party. This is also known as ‘portability’.
The right to object to the inclusion of any information.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.
Neon Squared Studios Limited
Shed Workspace 2
8 Lee Street
London E8 4DY or
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO).