Studio Social Limited
Any personal information provided to or gathered by our website or photo booth app is controlled by Studio Social Ltd., Flat 1, 422 Mare Street, London, E8 1HP. If you have any queries about this document or how we use your data, please contact:
Phone: +44 (0)7756149680
Data Controller: Richard Ling, Managing Director, Studio Social Ltd.
We strive to process information about you fairly and in a transparent manner and the aim of this document is to provide you with sufficient information for you to be able to understand what we are doing with your data. If you are unsure how we are handling information about you or you think we could improve our privacy information please let us know.
WHAT INFORMATION DO WE COLLECT? HOW DO WE USE IT?
When you use our website, and fill out our contact form we may collect, derive, combine, access, or otherwise process your personal information for the following purposes:
The monitoring of customer traffic patterns and website usage to help us to develop the design and layout of the website.
Notifying you of Studio Social Ltd information, which we think, may be of interest to you including by email. We may also need to make contact via phone call in certain circumstances, typically in relation to queries you raise when contacting us.
Replying to enquiries, offering, administering and providing products and services, such as the sale of goods and services.
2. When you use our photo booth app or virtual photo booth web form and enter your email or phone number we will process your personal information for the following purposes:
We collect and store your emails and/or phone numbers in order to share your photographs with you on email, sms with a hyperlink.
We handle your personal data as a processor on behalf of the event organiser. In dealing with this personal data, we act only on the instructions of the event organiser. We do not use your personal data for our own purposes.
Use of our website and services constitutes a contract between us, which forms the legal basis on which we process your personal data. You may choose not to provide your personal data, but without it we may not be able to provide you with our products and services.
We will not send you any marketing communications.
We process aggregated information gathered from photos taken using our web form or photo booth app (for example, the number of people in a photograph, their age range and gender) for the purpose of quantifying photo metrics of an event and providing richer analytics. This does not include your personal data (PII).
Who do we share your personal data with?
We may share your personal data with third parties who provide services to us (for example data storage providers). We will provide appropriate safeguards to ensure that your personal data is protected in these instances.
We may disclose your personal data to regulators or law enforcement authorities where required to do so by law.
We will never sell your personal information to a third party.
How do we secure your personal data?
We have implemented appropriate technical and organisational measures protect your personal data.
All personal data collected by us is stored in secured networks and is only accessible to a limited number of persons who (a) have a need to access such information, (b) have special access rights to such systems, and (c) are under an obligation to keep the personal data strictly confidential. In addition, all sensitive and/or credit information which is supplied to us is encrypted via Secure Socket Layer (SSL) technology.
We also implement a variety of security measures when a user enters, submits or accesses their information to maintain the safety of the personal data.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
LEGAL BASIS FOR PROCESSING YOUR DATA
We undertake these activities in the pursuit of our legitimate interests as a commercial organisation including the marketing and promotion of our brand, products, and services.
WHOM DO WE SHARE YOUR DATA WITH AND FOR WHAT PURPOSE?
We will not share your data with any third parties. The data will be deleted as soon as your photo booth images have been processed and you have been sent an email or sms with the content. This typically takes 24-48 hours.
We collect personal information for specific purposes and on specific legal bases and endeavour to collect only the personal information required for those purposes. Once this purpose has been fulfilled and the personal information is no longer required, we will delete your data.
You have the right to request at reasonable intervals access to the personal information we have collected about you. Please refer any access request to email@example.com. When requesting access to your personal data provide as much detail as possible about what personal data you would like access to and include in the subject line that it regards an access request.
If you so choose you may request us to rectify, erase or block the processing of your personal data if that personal data is no longer accurate, up-to-date or when the further processing of that personal date would be in violation of applicable data protection legislation.
You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means called a data portability request and you have the right to object to our processing of your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling. Please see above to determine which processing activities are carried out on the basis of our legitimate interests.
You have a right to information about how we are processing information about you and we have an obligation to processes only a minimum of data for specific, explicit and legitimate purposes in a fair, lawful and transparent manner. This privacy notice fulfils our obligations to provide you with information but you should contact us directly if you have any questions or concerns.
You have a right to lodge a complaint about any aspect of how we are handling your data with the Irish Data Protection Commissioner, who can be contacted here.
Depending on where you are located, you may have certain rights in respect of your personal data. If you used the Studio Social app at an event, you will need to contact the event organiser (the controller) to exercise these rights.
If you are located in the European Union:
You have the right to:
Obtain confirmation as to whether or not we process your personal data. If we do process your personal data, you have the right to access it unless granting you access would adversely affect the rights of others. We will provide one copy of your personal data free of charge. If you request further copies, we may charge a reasonable fee based on administrative costs. If you make the request electronically, we will provide the copy of your personal data electronic form unless you request otherwise.
Require us to rectify inaccurate personal data or complete incomplete personal data without undue delay.
"Be forgotten", by requiring us to erase personal data without undue delay. We will do so unless we are permitted to retain it by law.
Require us to restrict the processing of your personal data where:
You have contested the accuracy of the personal data, but while we verify its accuracy.
The processing of your personal data is unlawful but you would rather processing was restricted than your personal data erased.
We no longer require the personal data, but you need us to retain it to establish, exercise or defend a legal claim.
Receive your personal data in a structured, commonly used and machine-readable format and have it transmitted to another controller.
If you feel that we have not processed your personal data in accordance with applicable law, you have the right to lodge a complaint with a supervisory authority responsible for data protection, in particular in the country of your habitual residence, place of work or place of the alleged infringement.
What PII do we collect from the people that visit our blog, website or app?
When ordering from, or registering on our Site as a customer, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, Facebook or Twitter handle or other details to help you with your experience.
When using our Studio Social application at an event, users will be asked to enter their email or phone number in order to share their photographs.
When do we collect PII?
We collect PII from you when you register on our site, subscribe to a newsletter, fill out a form or enter information on our site.
We collect information from users of our Studio Social photo booth application when they make use of the application at an event.
How do we use the PII which is collected?
We may use the PII we collect from customers and/or users of the our application in the following ways:
to personalise the customer's and/or user's experience and to allow us to deliver the type of content and product offerings in which our customer's and/or user's are most interested;
to administer a contest, promotion, survey or other site feature; and/or
to send periodic emails regarding your order or other products and services.
How do we protect PII?
All PII collected by us is stored in secured networks and is only accessible to a limited number of persons who (a) have a need to access such information, (b) have special access rights to such systems, and (c) are under an obligation to keep the PII strictly confidential. In addition, all sensitive and/or credit information which is supplied to us is encrypted via Secure Socket Layer (SSL) technology.
In addition to the above, we implement a variety of security measures when a user enters, submits or accesses their information to maintain the safety of the PII.
All transactions are processed through a gateway provider and are not stored or processed on our servers. All PII collected by us is hosted on our service provider's servers in the United States of America.
California Online Privacy Protection Act (CalOPPA)
stating exactly what information is being collected and those individuals with whom it is being shared; and
to comply with this policy.
For more information on the CalOPPA, please follow the this link http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf .
visitors to our site can visit our site anonymously;
visitors to our site and users of the Studio Social application are able to change their personal information by emailing us at the following email address: firstname.lastname@example.org
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the United States of America's consumer protection agency, enforces the COPPA Rule which spells out what operators of websites and online services must do to protect children's privacy and safety online.
In compliance with the provisions of COPPA, we do not specifically market our products to children under the age of 13.
Fair Information Practices Principles
The Fair Information Practices Principles form the backbone of privacy law in the United States if America and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with the Fair Information Practices Principles, should a data breach occur we will notify the affected parties of such data breach via email within seven business days of such data breach occurring.
We also agree to the Individual Redress Principle which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
The CAN-SPAM Act is a law that:
sets the rules for commercial email;
establishes requirements for commercial messages;
gives recipients the right to have emails stopped from being sent to them; and
spells out tough penalties for violations.
1 To be in accordance with the CAN-SPAM Act we agree to the following:
we will NOT use false or misleading subject lines or email addresses in any communications with you;
in the event that our message to you is an advertisement, we will identify the message as an advertisement in some reasonable way;
we will include the physical address of our business or site headquarters in all communications with you;
we will monitor third party email marketing services for compliance
with the CAN-SPAM Act, if such third party email marketing service is used;
we will honour opt-out/unsubscribe requests quickly; and
we will allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails from us, you can email us at email@example.com and we will promptly remove you from ALL correspondence.
ANY QUESTIONS REGARDING YOUR PRIVACY?
We are happy to discuss privacy and data protection with you. Please contact firstname.lastname@example.org or call Ph: +442030054926 if you have any questions.
We endeavour to take all reasonable steps to protect your personal data including the use of encryption technology, but cannot guarantee the security of any data you disclose online. You accept the inherent security implications of sending information over the Internet and will not hold us responsible for any breach of security unless we have been negligent.
APPLICABLE DATA PROTECTION LAW
This privacy notice has been based on the General Data Protection Regulation (GDPR). If you are subject to more stringent data protection legislation please refrain from using this website or any of our other services.