Marmotta PhotoArt – GDPR, Privacy, You and Your Responsibilities


This document describes Marmotta PhotoArt’s responsibilities regarding your Privacy and Personal Data in compliance with the EU General Data Protection Regulation (GDPR).  It also describes your rights and also your responsibilities when providing Marmotta PhotoArt with personal data.



Your privacy is Marmotta PhotoArt’s commitment to you.  Information about Your Privacy and Marmotta PhotoArt’s following of GDPR are detailed collectively here in this document.



Definitions used in this document are those that are defined and/or consistent with those of GDPR.  In addition the following definitions are used (in bold italic font):

·         MPA – Marmotta PhotoArt

·         Sole Trader – a self-employed person who is the sole owner of their business

·         Self Employed – working for oneself as a freelance

·         MPA Owner – is the individual person representing MPA, Sole Trader, Self Employed  

·         Explicit Consent – you have proactively supplied personal information to MPA

·         Requirement – when in relation to MPA is where you have asked MPA to supply a product, service, request or enquiry 

·         Personal Relationship – where any individual, current or past customer, engages in a general contact relationship with MPA’s owner  


Data Controller and Data Processor

MPA is the trading name of a UK self employed sole trader and has no employees or other persons who have access to any personal data.  MPA is both the Data Controller and Data Processor. 


Data Protection Officer

Not Applicable


Personal Data Collection and Use

MPA only requests personal data to specifically fulfil a customer enquiry, sale or service directly related to MPA’s products or services.  When you request information or wish to make a purchase (product or service) then you may need to supply MPA with your personal information.  This is taken as explicit consent as you are proactively supplying the data.  MPA does not collect personal data by any other means or method or use cookies.    


Personal Data Held

MPA may require one or more of the following personal data to fulfil a customer requirement.

·         Name

·         Address

·         Telephone Number

·         Email Address 

MPA does not collect, store or process any other personal information.   Please Note.  It is industry standard practice for web site servers to know and log the IP (Internet Protocol) address of visitors to the server.   MPA does not actively process logged IP data or attempt to identify any individual via a logged IP address.      


Sensitive Personal Data

MPA does not use, request, handle or store Sensitive Personal Data.


Personal Data Use

MPA only uses your personal data to fulfil your requirement.  MPA does not engage in direct marketing or advertising campaigns, has no mailing list or similar activities that use personal data. 


Personal Data Retention

MPA only retains personal data for a period sufficient to:

·         Fulfil your requirement

·         Invoicing and UK Tax record requirements

·         Ensure customer satisfaction

It is not uncommon for MPA customers and fellow photographers and photography enthusiasts to develop a personal contact and relationship with the MPA Owner.   In these cases this falls outside of GDPR requirements.  However the MPA Owner will support/retain their right to be forgotten, requests for information on any personal data held and the MPA Owner will do all they can to protect any shared information.


Personal Data – 3rd Party

MPA products and services may be available or supplied via a 3rd party.   When you choose to use these services then you will be entering into a separate consent and agreement with them as to what personal information you share with them and how it is used.  You are advised to check their Privacy Policy, Terms and Conditions and how they use your personal data.

MPA has no control or liability over personal data you share with these 3rd parties.  Should these 3rd parties supply your personal information to MPA then MPA will treat this data in compliance with GDPR and as if you had given this data directly to MPA.


Right - To Be Forgotten

MPA does not want to, or need to, retain personal data beyond that as previously described in Personal Data Retention above.

At any time, and for no or any reason, any person that MPA holds personal data on can ask MPA for them to be forgotten.  Any such request will be processed and acknowledge by MPA.  Any such request should be sent in writing/Email to MPA’s official contact address.  All personal data will be securely deleted and the person informed in writing.  Where possible this will be done within 48 hours.  Please note that some subset of personal data relating to invoicing may be still required to be legally retained to comply with UK income and tax reporting purposes.


Right - To See, Correct or Delete Your Personal Data

You have the right to see and have a copy of the personal data MPA holds on you.  Any incorrect data you advise MPA of will be amended or deleted as appropriate.  See Right To Be Forgotten above.  When you request to see and/or have a copy your personal data that MPA has then it will be provided in a portable, readily readable and safe format compatible with industry standards.


Data Security

All data, including personal, MPA secures in the normal practices of the trade.  These include the website being HTTPS/SSL secured and any computer containing personal data being password protected.  Any computer containing personal data that has external network or Internet access resides behind a firewall/router.  All computers that contain personal data use industry recognised security anti-virus and malware protection software.  In addition files containing personal data are encrypted.


Data Breach

If MPA becomes aware of any breach of MPA held data originating from MPA systems or processes that compromises your personal data then MPA will:

·         Report this to the United Kingdom’s Information Commission’s Officer (ICO)

·         Notify all affected individuals

·         Follow up and comply with any ICO requirements


Your Responsibility

When you supply MPA with personal information then you do so:

·         Willingly and with your explicit consent

·         You should only send/supply your personal data via:

1.       Any provided form on MPA’s SSL protected website

2.       In an Email attachment file that is password protected or encrypted. 

3.       Alternatively by postal service in a sealed envelope

4.       By any other mutually agreed method/process that supports adequate privacy and protection for your data

·         The personal information you supply is correct and applicable ONLY to you and NOT to any other individual or party

·         You will help MPA in investigating any required or necessary investigations.  As MPA only has extremely limited personal information (see Personal Data Held) this data will almost certainly be held by other parties and thus a thorough investigation and your co-operation will be required to ascertain if MPA was ultimately responsible for any personal data breach  

·         If you believe that another party, other than MPA, has lost or divulged the same personal data that you disclosed to MPA then you are asked to advise MPA accordingly so MPA is aware of potential issues and thus be able take extra care in looking after your data


Questions about Privacy and GDPR

Any questions you have about Privacy and GDPR with respect to MPA should be sent in writing/Email to MPA’s official contact address.


Document Version and Changes

V0.0 – 30/03/2018 – Initial Draft

V1.0 – 09/05/2018 – First Release

V1.1 – 25/05/2018 – Amended since GDPR came into effect on this date


Back to Top