Privacy Policy
Diana Celine Photography Ltd
This Privacy Notice is provided by Diana Celine Photography Ltd. This Policy forms part of our legal information and confirms how we handle data which identifies you. If you have any queries regarding your personal information, please contact us at info@dianaceline.co.uk.
The use our website and its pages, www.dianaceline.co.uk, are possible without any collection of personal data by us; however, if you want to use some services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from you.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR). By means of this data protection declaration, we would like to inform you of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, you are informed, by means of this data protection declaration, of the rights to which you are entitled.
You may request to see copies of any personal information held and also request that that information is updated or removed in its entirety. This service is offered to you free of charge via an e-mail to info@dianaceline.co.uk or by calling us on 01704 548032.
Your rights under the GDPR;
Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows:
These rights, where applicable, will be applied to your personal data and how it is processed by Diana Celine Photography Ltd.
For a more in-depth look at your individual rights and for further information to data protection legislation please visit the ICO Website https://ico.org.uk/for-the-public/
1. Definitions
The data protection declaration of the Diana Celine Photography is based upon the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR).
Below is a list of definitions used by the GDPR and an explanation.
a) Personal data
Personal data means any information relating to an identifiable living person. An identifiable living person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, date of birth, address, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
b) Data subject
Data subject is any identified or identifiable living person, whose personal data is processed.
c) Processing
Processing is the operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the Controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Diana Celine Photography Ltd 5 Wesley Street, Southport, Merseyside PR8 6JX United Kingdom
Telephone: 01704 548032
Email: info@dianaceline.co.uk
3. How your data is collected and used
By the very nature of our business, Diana Celine Photography Ltd, only collects small but relevant personal information that we use to offer a personalised professional experience. For this purpose we may collect the following from data;
The data is collected from the following sources;
Via the website
The website of Diana Celine Photography LTD contains information that enables a quick electronic contact to our business, as well as direct communication with us, which also includes a general email address (info@dianaceline.co.uk). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller is stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
The website of Diana Celine Photography does not contain cookies. Cookies are small files installed on your browser device that allow websites to find out more about your browsing behaviour.
Via the Telephone
Verbal personal data obtained for the purpose of our services will be processed and stored on a secure database. There is no transfer of this personal data to third parties. We will always seek your permission to obtain your personal data before we collect it.
By completing a contact form on our website you are agreeing to be contacted. We may contact you via text, phone call, email or on facebook. If you wish not to be contacted by one or more of these mediums, please email info@dianaceline.co.uk to specify.
Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
Third parties
Diana Celine Photography LTD offers a photo gallery as part of our service. Diana Celine Photography Ltd client’s galleries are externally hosted by Pixieset. Their privacy policy can be found here: https://pixieset.com/privacy/
To visit a client gallery you will be required to enter personal data (namely your email address) and a password. Your personal data (email address) will be stored within Pixieset’s system, on their servers and will be used to email you up to a maximum of four times and only with information relevant to the client gallery you have accessed. Any such emails sent to you will only be during the two week period for which the gallery is live. After two weeks has passed since a gallery was created it is automatically deleted and your personal data (email address) is completely removed from Pixieset’s system.
Only Diana Celine Photography Ltd will have access to your personal data (email address) stored on Pixieset’s system on behalf of Diana Celine Photography Ltd. It will only be used as detailed above, will not be used for any other marketing purposes and will not be passed onto any third parties. Pixieset’s technical support team will have the means to access to your personal data (email address) but will never access or share this data other than by request from Diana Celine Photography Ltd.
By logging into a Diana Celine Photography Ltd client gallery you are agreeing to opt in to receive relevant, gallery-specific emails as described above. Emails are automated so if you do not wish to receive such emails it is advised that you do not log into any Diana Celine Photography Ltd client galleries.
Display of Images
We may display any photograph(s) to promote Diana Celine Photography Ltd on the Diana Celine Photography Ltd website, on social media, in local newspapers, in advertising brochures, magazine articles and other such material, providing that the images used are used lawfully and without damage to Diana Celine Photography Ltd’s client(s). The rights of the people captured in these photographs are protected by Diana Celine Photography Ltd as detailed in this privacy policy.
Data Breaches
We will report any unlawful data breach to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
3. Portrait photography as a form of Personal Data
Under GDPR legislation, a photograph may in some instances constitute a form of personal data where they can be processed to allow “the unique identification or authentication of a natural person”. Diana Celine Photography Ltd will never photograph an individual as a means of unique identification or authentication unless consensually contracted to do so. Individuals captured in portraits or in group photos do so as part of their photo shoot and their rights are protected by Diana Celine Photography Ltd as detailed in this privacy policy.
In terms of explicit GDPR compliance, individuals are photographed within the parameters of GDPR legislation on the basis of ‘legitimate interests’. The taking of photographs when viewed as a form of processing personal data is necessary for the legitimate interests of Diana Celine Photography Ltd as a photography business unless there is a good reason to protect a given individual’s personal data which overrides those legitimate interests.
Withdrawal of Consent
Anyone photographed by Diana Celine Photography Ltd may withdraw their consent for a photograph in which they appear to be displayed. The process for this is to email Diana Celine Photography Ltd at info@dianaceline.co.uk specifying the photo in question.
Social Media Policy and Usage
We adopt a safe and responsible Social Media Policy. While we may have official profiles on social media platforms users are advised to verify the authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
4. Your right to lodge a complaint
As well as the right to withdraw consent and exercise any of the above rights mentioned under ‘Your rights under the GDPR’, you also have the right to raise a complaint with a regulatory body. In the United Kingdom, this is the Information Commissioner’s Office (ICO). If you have concerns about the way your data is being processed by an organisation, you can find out more here.