At Rebecca May Photography (RMP), your privacy and the safeguarding of your data is very important to us, and there are a few fundamental principles that we follow:
-We don’t ask you for personal information unless we truly need it
-We don’t share your personal information with anyone except to comply with the law, develop our services, or protect our rights.
-We don’t store personal information on our database unless required for the ongoing operation of our services.
The use of the RMP website is possible without any indication of your personal data; however, if a data subject wants to use services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for this processing, we generally obtain your consent.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to RMP. With this data protection declaration, RMP aims to inform you of the nature, scope, and purpose of the personal data we collect, use and process, as well as the rights to which you are entitled.
As the controller, we at RMP ented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website – however Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means if preferred, e.g. by telephone.
2. Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Maidstone ME15 (Full address supplied upon request)
3. Collection of general data and information
The website of RMP collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files.
Collected may be
(1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, RMP does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimise the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, RMP analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of the company, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
4. Contact possibility via the website
The RMP website contains information that enables you to contact us easily, via both email or telephone. If you contact us by e-mail or via a contact form, the personal data voluntarily transmitted by you is automatically stored for the purposes of processing or responding to your request – there is no transfer of this personal data to third parties.
5. Comments function in the blog on the website
RMP sometimes offers users the choice to leave comments on individual posts on the blog of our site. A blog is a web-based, publicly-accessible portal, through which one or more people may post articles or write down thoughts. Blog posts may usually be commented by third parties.
If you decide to leave a comment on the blog published on this website, the comments made by you are also stored and published, as well as information on the date of the commentary and on the pseudonym chosen by you. In addition, the IP address assigned to you by the Internet service provider (ISP) is also logged. This storage of the IP address takes place for security reasons- in case of a violation to the rights of third parties, or the posting of illegal content through a given comment. The storage of this personal data is, therefore, in our interest, so that we can act in the event of an infringement. As before though, this collected personal data will not be passed to third parties, unless such a transfer is required by law or serves the aim of our defence.
6. Routine erasure and blocking of personal data
We shall process and store your personal data only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which we are subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with legal requirements.
7. Your rights
Data protection legislation is there for both your and our protection, and with this you have a number of rights which we will outline below:
a) Right of confirmation
You have the right to obtain confirmation from us as to whether or not your personal data is being processed. If this is something you wish to do then you can contact us at any time.
b) Right of access
You have the right to know what information we store of you and are able to request a copy, and this could include:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be disclosed
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
Along with this, you have a right to request for us to alter or erase the personal data we hold for you, or to restrict our use of it. Should the need arise, you can by European legislation lodge a complaint with a supervisory authority in order to rectify the situation, but MRP will do all they can to satisfy your personal data preferences.
c) Right to rectification
Should we hold information and personal data about you that is incorrect, you can at any time to notify us of this so that we can make the necessary amendments.
d) Right to erasure
With European legislation, you have a right to request for your personal data to be forgotten, and we have an obligation to comply without undue delay, where one of the following grounds applies and so long as the processing is not necessary:
The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
You withdraw your consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
The personal data has been unlawfully processed.
The personal data must be erased for compliance with a legal obligation in Union or Member State law to which we as an organisation are subject.
The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If one of the above applies and you wish to request the erasure of personal data stored by us, then you can contact us at any time, and we shall promptly ensure that the erasure request is complied with. In any case where we have made personal data public and are obliged pursuant to Article 17(1) to erase the personal data, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform any others who were passed the information that you have requested the removal of your data or any links to or copies of it. We will of course arrange the necessary measures in each individual case.
e) Right of restriction of processing
You have the right granted by the European legislator to restrict our use of your data where one of the following applies:
The accuracy of the personal data is contested by you- this enables us to verify the accuracy of the personal data given.
The processing is unlawful and you oppose the erasure of the personal data, preferring to restrict the use of your data instead.
We are no longer requiring your personal data for the purposes of the processing, but they are required for the establishment, exercise or defence of legal claims.
If you have objected to our processing your data pursuant to Article 21(1) of the GDPR, pending the verification of whether our legitimate grounds override those of yours.
If one of the aforementioned conditions is met, and you wish to request the restriction of the processing of your personal data stored by us, then you may contact us at any time.
f) Right to data portability
You have the right to receive the personal data that was provided to us concerning you, in a structured, commonly used and machine-readable format. You have the right to transmit that data to another person or organisation without hindrance from us, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.In exercising your right to data portability pursuant to Article 20(1) of the GDPR, you shall have the right to have personal data transmitted directly from us to another, where technically feasible, and when doing so this does not adversely affect the rights and freedoms of others.
g) Right to object
You have the right granted by the European legislator to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.In the event of an objection, Wedding Rose shall no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Though we are reliant on the ability to display footage and basic names as a way of advertising our services to future clients, you have the right to object at any time to the processing of your personal data for direct marketing. You also have the right, on grounds relating to your particular situation, to object to the processing of your personal data for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
h) Automated individual decision-making, including profiling
You shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between us and you, or (2) it is based on your explicit consent, MRP shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the our part, to express your point of view and contest the decision.
i) Right to withdraw data protection consent
Under legislation, each subject has the right to withdraw his or her consent to the processing of his or her personal data at any time, and this can be exercised by contacting us at any time.
8. Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which you are party- for example, when processing operations are necessary for the supply of goods or services- the processing is based on Article 6(1) lit. b GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, for example in the case of enquiries concerning our products or services.
If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect your vital interests or the interests of another person. This would be the case, for example, if a visitor were injured in our company and their name, age, or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.
Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator.
It is considered that if you are a client of ours, then a legitimate interest could be assumed (Recital 47 Sentence 2 GDPR).
9. The legitimate interests pursued by us or by a third party
Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favour of the well-being of all of our clients, employees and shareholders.
10. Period for which the personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.
11. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Your obligation to provide the personal data; possible consequences of failure to provide such data
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for you provide us with personal data for processing, in order for us to create a contract together, and by not providing us with this personal data we would not be able to conclude our contractual agreement. In each individual case, we will clarify to each client whether the provision of your personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and then the consequences of non-provision of the personal data.
12. Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.