Marmotta PhotoArt – GDPR, Privacy, You and Your Responsibilities
This document describes Marmotta PhotoArt’s responsibilities regarding your Privacy and Personal Data in compliance with the EU General Data Protection Regulation (GDPR). It also describes your rights and also your responsibilities when providing Marmotta PhotoArt with personal data.
Your privacy is Marmotta PhotoArt’s commitment to you. Information about Your Privacy and Marmotta PhotoArt’s following of GDPR are detailed collectively here in this document.
Definitions used in this document are those that are defined and/or consistent with those of GDPR. In addition the following definitions are used (in bold italic font):
· MPA – Marmotta PhotoArt
· Sole Trader – a self-employed person who is the sole owner of their business
· Self Employed – working for oneself as a freelance
· MPA Owner – is the individual person representing MPA, Sole Trader, Self Employed
· Explicit Consent – you have proactively supplied personal information to MPA
· Requirement – when in relation to MPA is where you have asked MPA to supply a product, service, request or enquiry
· Personal Relationship – where any individual, current or past customer, engages in a general contact relationship with MPA’s owner
Data Controller and Data Processor
MPA is the trading name of a UK self employed sole trader and has no employees or other persons who have access to any personal data. MPA is both the Data Controller and Data Processor.
Data Protection Officer
Personal Data Collection and Use
Personal Data Held
MPA may require one or more of the following personal data to fulfil a customer requirement.
· Telephone Number
· Email Address
MPA does not collect, store or process any other personal information. Please Note. It is industry standard practice for web site servers to know and log the IP (Internet Protocol) address of visitors to the server. MPA does not actively process logged IP data or attempt to identify any individual via a logged IP address.
Sensitive Personal Data
MPA does not use, request, handle or store Sensitive Personal Data.
Personal Data Use
MPA only uses your personal data to fulfil your requirement. MPA does not engage in direct marketing or advertising campaigns, has no mailing list or similar activities that use personal data.
Personal Data Retention
MPA only retains personal data for a period sufficient to:
· Fulfil your requirement
· Invoicing and UK Tax record requirements
· Ensure customer satisfaction
It is not uncommon for MPA
customers and fellow photographers and photography enthusiasts to
develop a personal contact and relationship with the MPA
these cases this falls outside of GDPR requirements.
However the MPA
Owner will support/retain their right to be forgotten, requests
for information on any personal data held and the MPA Owner will do all they
can to protect any shared information.
It is not uncommon for MPA customers and fellow photographers and photography enthusiasts to develop a personal contact and relationship with the MPA Owner. In these cases this falls outside of GDPR requirements. However the MPA Owner will support/retain their right to be forgotten, requests for information on any personal data held and the MPA Owner will do all they can to protect any shared information.
Personal Data – 3rd Party
MPA has no control or liability over personal data you share
with these 3rd parties. Should
these 3rd parties supply your personal information to MPA
will treat this data in compliance with GDPR and as if you had given
this data directly to MPA.
MPA has no control or liability over personal data you share with these 3rd parties. Should these 3rd parties supply your personal information to MPA then MPA will treat this data in compliance with GDPR and as if you had given this data directly to MPA.
Right - To Be Forgotten
MPA does not want to, or need to, retain personal data beyond that as previously described in Personal Data Retention above.
At any time, and for no or any reason, any person that MPA holds personal data on can ask MPA for them to be forgotten. Any such request will be processed and acknowledge by MPA. Any such request should be sent in writing/Email to MPA’s official contact address. All personal data will be securely deleted and the person informed in writing. Where possible this will be done within 48 hours. Please note that some subset of personal data relating to invoicing may be still required to be legally retained to comply with UK income and tax reporting purposes.
Right - To See, Correct or Delete Your Personal Data
You have the right to see and have a copy of the personal data MPA holds on you. Any incorrect data you advise MPA of will be amended or deleted as appropriate. See Right To Be Forgotten above. When you request to see and/or have a copy your personal data that MPA has then it will be provided in a portable, readily readable and safe format compatible with industry standards.
All data, including personal, MPA secures in the normal practices of the trade. These include the website being HTTPS/SSL secured and any computer containing personal data being password protected. Any computer containing personal data that has external network or Internet access resides behind a firewall/router. All computers that contain personal data use industry recognised security anti-virus and malware protection software. In addition files containing personal data are encrypted.
If MPA becomes aware of any breach of MPA held data originating from MPA systems or processes that compromises your personal data then MPA will:
· Report this to the United Kingdom’s Information Commission’s Officer (ICO)
· Notify all affected individuals
· Follow up and comply with any ICO requirements
When you supply MPA with personal information then you do so:
· Willingly and with your explicit consent
· You should only send/supply your personal data via:
1. Any provided form on MPA’s SSL protected website
2. In an Email attachment file that is password protected or encrypted.
3. Alternatively by postal service in a sealed envelope
4. By any other mutually agreed method/process that supports adequate privacy and protection for your data
· The personal information you supply is correct and applicable ONLY to you and NOT to any other individual or party
· You will help MPA in investigating any required or necessary investigations. As MPA only has extremely limited personal information (see Personal Data Held) this data will almost certainly be held by other parties and thus a thorough investigation and your co-operation will be required to ascertain if MPA was ultimately responsible for any personal data breach
· If you believe that another party, other than MPA, has lost or divulged the same personal data that you disclosed to MPA then you are asked to advise MPA accordingly so MPA is aware of potential issues and thus be able take extra care in looking after your data
Questions about Privacy and GDPR
Any questions you have about Privacy and GDPR with respect to MPA should be sent in writing/Email to MPA’s official contact address.
Document Version and Changes
30/03/2018 – Initial Draft
V0.0 – 30/03/2018 – Initial Draft
V1.0 – 09/05/2018 – First Release
V1.1 – 25/05/2018 – Amended since GDPR came into effect on this date