Privacy Policy
01 January 2023
Privacy Policy
|
FotoGoto.com Data Protection Policy (Rev 1.1 01/08/2023) |
1. INTRODUCTION
We, FotoGoto.com “FGT” are “data controllers” of the information which we collect from or about you – “Personal Data”. As controllers, we are responsible for the security and processing of your Personal Data. This Privacy Notice explains why and how we process your data.
The word ‘process’ covers most things that can be done with personal data, including collection, storage and destruction of that data. FGT is a trading name of AWOL Adventure Limited, a Private Limited Company based in the United Kingdom and our contact details are:
|
Address: |
1st Floor, The Old Printworks, Birley Street, Kirkham, Preston PR4 2AT |
|
Email: |
info@fotogoto.com |
You can contact our Data Protection Officer (DPO) by emailing info@fotogoto.com if you have any queries about this notice or anything related to data protection.
You have certain rights in relation to your personal data including the right to object to processing of your data in certain circumstances. All of these rights are set out in Section 12 of this privacy notice.
2. YOUR PERSONAL DATA
‘Personal data’ is any information that relates to a living, identifiable person. This data can include your name, contact details, and other information we gather as part of our relationship with you.
It can also include ‘special categories’ of data, which is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The collection and use of these types of data is subject to strict controls. Similarly, information about criminal convictions and offences is also limited in the way it can be processed.
We are committed to protecting your personal data, whether it falls into ‘special categories’ or not, and we only process data if we need to for a specific purpose, as explained below.
We collect your personal data mostly through our contact with you, and the data is usually provided by you, but in some instances we may receive data about you from other people/organisations. We will explain when this might happen in this Notice.
3. DATA, WHY IT WILL BE PROCESSED AND OUR LEGAL BASIS FOR PROCESSING
|
Personal Data Description |
Processing reason |
Legal Condition or Basis for processing |
|
Customer’s (or prospective customer’s) name and email address.
|
Informing the Customer about specific products that we would like to offer them
Protection of the business from financial risk; provision of applicable discounts and benefits; keeping of mandatory financial records. |
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract Art 6 (1) b)
Processing is necessary for compliance with a legal obligation to which the controller is subject (for example, contractual obligations, or financial and auditing regulations) Art 6 (1) c)
Processing is necessary for the purposes of our legitimate interests -in providing services including customer service, protecting the business and maintaining and providing a secure environment Art 6 (1) f) Processing is necessary for the purposes of our legitimate interests - training development and quality purposes Art 6 (1) f) |
|
Personal appearance and behaviour (all customers and users of and other visitors to a facility)
|
Collection and monitoring of sporting event related images for the purpose of delivering digital and physical products related to event photography, as well as for the monitoring of staff when carrying out work duties; to facilitate in the management and support of staff, and for security / crime prevention purposes |
Maintaining and providing a secure environment Art 6 (1) f) Processing is necessary for the purposes of our legitimate interests - protection and management of business risks and the legitimate interests of third parties Art 6 (1) f) |
Consequence of not providing the above data:
FGT will be unable to enter into a contract with you for the provision of services or facilities, and you will not be permitted to use the website.
|
Name, email address, gender, phone number, preferred method of contact and marketing preferences |
For receiving promotions and marketing, including newsletters, bulletins and mailouts. |
Consent – you have given consent to the processing of your personal data for one or more specific purpose Art 6 (1) a) |
|
Name, contact details, event details and services required |
To pass to our preferred suppliers of event services for the Customer to contract with if they wish. |
Consent – you have given consent to the processing of your personal data for one or more specific purpose Art 6 (1) a) |
|
Photograph, location, name |
Publicity, competition result, promotion to be published in hard format or online or on social media |
Consent – you have given consent to the processing of your personal data for one or more specific purpose Art 6 (1) a) |
|
Special Category Data |
Processing |
Legal Condition or Basis for processing – Article 9 condition required |
|
Biometric data – facial measurements taken from images (participants and spectators at mass participation sports events) and/or from “selfie” photos taken by users and uploaded to our website.
|
Used to uniquely identify an individual, in order to deliver the services to them. Further information on this process is provided under "Facial Recognition" below. |
Processing is necessary for the purposes of the legitimate interests pursued by FGT – to provide quick, safe and efficient product delivery Art 6 (1) f) Explicit consent will be requested Art 9 (2) a) |
|
You may withdraw your consent to the processing of the personal data and Special Category Data in this section at any time. Please see s11. |
||
4. COOKIES
FGT’s websites collect and use cookies as set out below. None of the cookies collect or store personally identifiable information. Please note - if you use your browser settings to block the cookies you may not be to access all or parts of our website.
|
Essential Cookies |
For the full functional use of our websites we use essential cookies to |
|
Performance Cookies |
For Web statistic analysis – to track usage patterns and deliver customised content to our users |
5. DATA RECEIVED FROM THIRD PARTIES
|
Data and from whom/where |
Processing |
Legal Condition or Basis for processing |
|
Data Name, Address, Contact details (telephone number(s)), date of birth, bank details, photographic images, marketing preferences, detail of event entry/ies
|
For the purposes of identifying customers and notifying them of offers or products
|
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract Art 6 (1) b)
Processing is necessary for the purposes of our legitimate interests - in providing services including customer service Art 6 (1) f) |
6. WHO WE MAY SHARE YOUR DATA WITH
We use facial recognition services to provide our services which requires disclosure by us to AWS of your photograph(s). This provides us with facial analysis and facial search capabilities for us to detect and analyse faces in order to provide our service. We have provided further information about this under 'Facial Recognition' below.
7. FACIAL RECOGNITION
When you take part in an event where we are providing our services, you will have signed up to the Event Organiser's terms and conditions which state that photography will be taking place. You will also see signage saying that photography is in operation. Our facial recognition technology works by detecting faces from cameras placed around the event.
You may also choose to upload a photo of yourself using a mobile device (a “selfie”) for the purposes of matching it to photos where that same face appears.
These images are transmitted to our highly secure cloud server where they are converted into a set of facial measurements. Those facial measurements are then compared to photographs participants have submitted to us if they have chosen to purchase photos from us. The data is instantly deleted if there is no match. Your personal data will only be used by us to identify your image if, when you registered, you chose to purchase photos and provided us with a photograph, and your consent, to enable us to identify you.
Facial measurements used for the purposes of identifying individuals are 'biometric data' under data protection legislation. We obtain your consent to our use of biometric data as described above when you provide a photograph of yourself to be used by us to provide our services.
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
FGT generally does not share or transfer any customer visitor or supplier personal data outside of the UK and EEA. However some software providers are located, or store customer data outside of those jurisdictions.. In such instances, FGT will ensure that appropriate safeguards have been put in place to ensure that adequate protection is afforded to personal data being transferred, for example by ensuring the relevant contract includes the standard data protection clauses adopted by the European Commission.
Our software provider Freshdesk Inc uses data storage centres some of which are located in the Asia Pacific region.
8. HOW WE STORE YOUR DATA
|
Data |
How it is stored |
|
Paper / hard copy personal data |
In an appropriately secure manner and location with appropriately controlled access |
|
Electronic personal data |
On an appropriately secure server with appropriately controlled access or in a cloud storage facility within the UK managed by an approved third party contractor. |
|
Biometric Data |
Is indexed with AWS and stored in accordance with AWS's data privacy policy which can be found via: https://aws.amazon.com/compliance/data-privacy-faq/. FGT does not store any biometric data. |
9. DATA RETENTION
|
Data |
Retention Principle |
|
All personal data |
Data is processed and stored only as long as it is needed for the purpose for which it was collected, subject to the following overriding principles: 1.where legal obligations require us to keep the information for longer or for a specified period 2.until the expiry of any limitation period in relation to potential claims against FGT 3.until the expiry of a reasonable period of time in relation to potential complaints or claims against FGT 4. FGT has set out an internal protocol in relation to retention periods which takes account of the obligation to keep data only for as long as it is needed as well as all statutory or other legal obligations regarding the retention of such records. |
10. RIGHTS OF THE DATA SUBJECT
You have the following rights in respect of your data:
|
1. The right to be informed about who is controlling your data, how, and for what purpose they intend to process the data, with whom they may share the data, and for how long they will keep the data. Full information is at : |
All of these are summarised within this Privacy Notice and full details are available on the ICO website here: |
|
2. The right of access – you have the right to receive confirmation that your data is being processed. You also have the right to access your personal data in order to verify the lawfulness of the processing. |
You can contact us at info@fotogoto.com to request access to your data.
|
|
3. The right to rectification – you can ask for inaccurate or incomplete personal data to be rectified.
|
If we decline to meet your request, we will explain why, and remind you of your right to complain to the Information Commissioner’s Office or ultimately seek a judicial remedy. |
|
4. The right to erasure or the right to be forgotten – you can ask for your personal data to be deleted or removed in specific circumstances.
|
We will only store and process data that is specifically required for genuine and proper business reasons and for the protection of our business from financial risk and only for the appropriate length of time. |
|
5. The right to restrict processing – you can ask us to “block” or suppress the processing of your personal data circumstances. |
We will restrict processing of your personal data as requested unless we cannot do so for legal reasons |
|
6. The right to data portability – this allows you to obtain and re-use certain elements of your personal data for your own purposes across different services; it allows you to move copy or transfer your data easily from one IT environment to another in a safe and secure way, without hindering its usability. |
If we are going to decline your request, we will within one month of the request explain to you why not and will inform you of your right to complain to the Information Commissioner’s Office, and your right to a judicial remedy. |
|
7. The right to object – you have the right to object to certain types of processing, or processing for specific reasons. i. processing based on “legitimate interests” or “the performance of a task in the public interest/exercise of official authority (including profiling) on grounds relating to your particular situation; ii. to direct marketing (including profiling);
iii. and to processing for purposes of scientific/historical research and statistics on grounds relating to your particular situation; |
We will comply with your request to stop processing your data in accordance with the requirements and provisions set out here:
i. if you notify us of the grounds of objection specific to your situation we will stop processing the personal data unless: a. we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or b. the processing is for the establishment, exercise or defence of legal claims. ii. We will, without delay and free of charge, stop processing personal data for direct marketing purposes as soon as we receive an objection. iii. if you notify us of the grounds of objection specific to your situation we will stop processing the personal data unless we are conducting research where the processing of personal data is necessary for the performance of a public interest task. |
|
8. Rights in relation to automated decision making and profiling – you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects, or which similarly significantly affects you. |
We use or may use in the future automated decision making in the form of Facial Recognition Software for controlling access to our facilities and services. We may profile personal data and sometimes special category data for the purposes of marketing and promotion where individuals have opted into receiving this. You can ask for us to stop sending you marketing information by contacting photos@FGTadventure.com |
11. WITHDRAWING CONSENT
For personal data where we are relying upon your consent as the legal basis for processing (please refer to section 3. Above) you may withdraw your consent at any time by altering your preferences in your online portal, or by notifying us at info@fotogoto.com
12. MAKING A COMPLAINT
If you feel you have a complaint regarding the processing of your personal data, please contact the Data Protection Officer at info@fotogoto.com
13. HOW TO CONTACT FGT’S DATA PROTECTION OFFICER
If you wish to contact FGT’s Data Protection Officer, please write to the address or the email at the top of this privacy notice.
14. IF YOU STILL HAVE A CONCERN REGARDING YOUR PERSONAL DATA
You may report your concern to the Information Commissioner’s Office – contact details may be found on the ICO website https://ico.org.uk/for-organisations/
15. IMPLEMENTATION OF POLICY
This Policy shall be deemed effective as of 1st May 2021. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.
This Policy has been approved and authorised by:
|
Position: |
Data Protection Officer |
|
Date: |
1st August 2023 |
|
Due for Review by: |
1st August 2024 |
© 2023-2024 FGT Adventure Ltd.