Privacy and Personal Data Policy
The website https://thepeoplespicture.com/ (“Website”) is operated by Helen Marshall Limited trading as The People’s Picture (“we”, “us” or “our”), a company registered in England & Wales under company number 11423615, whose registered office is at Acme Studios, Matchmakers Wharf, Homerton Road, London E9 5GP. Where we decide the purpose or means for the processing of the personal data that you provide when using our services, we are the “controller” responsible for your personal data. We will comply with all applicable data protection laws, including the General Data Protection Regulation 2016/679 and the (UK) Data Protection Act 2018.
Our Website may contain hyperlinks to third party websites. These websites operate fully independently from us, and we cannot accept any responsibility or liability for the privacy practices of such third parties nor the availability of these external sites or resources. The appearance of such links on our Website is not an endorsement. Should you use any of these websites, such use is at your own risk and we would recommend that you review their respective privacy policies.
1. What personal information are we likely to collect about you?
Information provided by you
If you wish to subscribe to our mailing list (or a mailing list of our commissioning partners) or to participate in any of our photo mosaic projects, we may collect and process all or some of the following information:
· Your name;
· Your address;
· Your phone number;
· Your email address;
· Your age;
· Your gender;
· Your birthplace; and/or
· Your social media handles
(together, “Your Basic Information”).
You may also submit content to the Website and via social media (using specific hashtags and tagging) including:
· Photographs of you or that you have permission to grant us a licence to use; and/or
· Stories and other information that you would like us to publish
(together, “Your Content”).
We do not actively collect any special categories of personal data about you (including details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic information or biometric information) (“Special Category Data”). Nor do we collect information about your criminal convictions or offences (“Criminal Offence Data”). Accordingly, please do not post or upload any of Your Content which may contain Special Category Data or Criminal Offence Data. In the event that you do upload or post Your Content and Your Content contains Special Category Data or Criminal Offence Data, you acknowledge and agree that such personal data has been manifestly made public by you and may be made available and/or communicated to the public for a photo mosaic project or the specific project in question both by us and the relevant commissioning partners. Similarly, please do not post or upload any of Your Content which contains images of children under the age of 18 or any unlawful content.
· number of visitors to our Website;
· pages visited while at the Website and time spent per page;
· page interaction information, such as scrolling, clicks and browsing methods;
· websites where visitors have come from and where they go afterwards;
· page response times and any download errors; and/or
· other technical information relating to end user device, such as IP address or browser plug-in
(together, the “Cookie Information”).
You can always choose to enable or disable cookies in your internet browser. By default, most internet browsers accept cookies but this can be changed. For further details, please consult the help menu in your internet browser. For further information about cookies, please see: www.allaboutcookies.org, and how to adjust your browser settings here: www.allaboutcookies.org/managecookies.
We use Google Analytics on our Website for anonymous reporting of Website usage. If you would like to opt-out of Google Analytics monitoring your behaviour on our Website please use this link: (https://tools.google.com/dlpage/gaoptout/).
2. Your personal data may be used for the following purposes
When you visit our Website, whether to browse our content or subscribe to our mailing list or contribute to a photo mosaic project (the “Service”), or otherwise in connection with the Service, we may use the personal information that you provide for the following purposes:
Where we rely on legitimate interests as a lawful basis for processing your personal data, we will always consider whether or not our interests are overridden by your rights and freedoms.
3. With whom we share personal data
We may provide your personal information to the following third party service providers:
· Payment-processing services such as Paypal or Intuit;
· Delivery couriers and postal services;
· Email marketing service providers such as Mailchimp;
· Event ticketing services;
· Marketing mailing houses;
· Social media platforms;
· Arts organisations, funders, sponsors, press, media or partners involved in our projects;
· Companies we subcontract to photograph, design, print or deliver our projects;
· Trained sub contracted arts assistants and interns and volunteers; and
· Software companies that we use to safely store and encrypt our data including Jot form, Drop box and Site Ground.
This list is not exhaustive and may change from time-to-time in line with our business processes.
If we are involved in a merger, acquisition, or sale of all or a portion of our business or assets, the information we hold may be included as part of that sale, in which case you will be notified via email and/or a prominent notice on the Website of any changes in ownership or use of your information, as any choices you may have regarding that information.
In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies), in connection with any legal proceedings or prospective legal proceedings and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
If you choose to participate in a photo mosaic project and submit Your Content (as defined above) to us, your Basic Information and Your Content will be a part of the project and, in accordance with our Contributor Terms and Conditions, be shared with our commissioning partners for their exploitation of the photo mosaic project. The processing of your personal data by such commissioning partners is subject to their respective privacy policies.
We will not pass your information on to third parties for marketing purposes unless you have provided your consent, in which event the advertisements that appear when you visit our Website may be targeted to provide you with more relevant advertising content and you may receive communications from third parties offering similar or related services to us. We require third parties to respect the security of your personal data and to process it only in accordance with applicable law.
4. Your choices and rights in relation to personal data which we process relating to you
You have rights over the way we process personal data relating to you. We aim to comply with valid requests you might have in connection with your personal data without undue delay, and within one month at the latest. Your rights include:
· to ask for a copy of or access to personal data we are processing about you and have inaccuracies corrected;
· if you consented to our processing of your personal data and have withdrawn that consent, you can ask us to restrict processing, stop processing or delete your personal data;
· if we are processing your personal data because it is in the public interest or it is in order to pursue a legitimate interest of ours or a third party, and you don’t agree with that processing, and there is no overriding legitimate interest for us to continue processing it, you can request that we restrict processing, stop processing or delete your personal data;
· to ask us to restrict, stop processing, or to delete your personal data. For example, where the processing of your personal data is for direct marketing purposes, where your personal data was unlawfully processed, where you need the personal data to be deleted in order to comply with your legal obligations or where the personal data is being processed in relation to the offer of a service to a child;
· if we are processing personal data in order to perform our obligations to you, because you have consented or if processing is being carried out by automated means, we will help – on request – you to move, copy or transfer your personal data to other IT systems. You can request a machine-readable copy of your personal data, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer; and
· if you are unhappy with the way we are processing your personal data, please let us know. Alternatively, you can make a complaint to the applicable supervisory authority. You can contact the Information Commissioner’s Office with the details available here: https://ico.org.uk/concerns/.
Subject to clause 7 below, we will delete your data if we no longer require it for the purposes for which it was collected. We will use reasonable efforts to, to the extent required by law, supply, correct or delete personal data held about you on our files (and with any third parties to whom it has been disclosed to).
To make a request in relation to any of the aforementioned rights, please email us at firstname.lastname@example.org.
You are under no statutory or contractual obligation to provide any of your personal data to us. However, if you do not provide the personal data required for our performance of the Service, we will not be able to provide you with the Service.
If you are unhappy with the way that we are processing your personal data or would like to limit the use of your personal information to a particular purpose, please let us know. The best way to bring this to our attention is by emailing us at email@example.com.
If you have previously consented to but now would prefer not to receive direct marketing, you can follow the opt-out links on any marketing message sent to you OR message us on social media platforms asking to opt out OR you can email us at firstname.lastname@example.org.
We do not knowingly use the Website to solicit data from or market to children under the age of 18.
If a parent or guardian becomes aware that his or her child has provided us with information or may be receiving communications from us without consent of a parent or guardian, we ask that this be brought to our immediate attention. We will make it our priority to address this situation and delete information relating to a child as soon as practicable. In such an event, please contact us at email@example.com.
We will take appropriate technical and organisational measures to ensure a level of security appropriate to the risk that could be encountered via the use of our Website and the Service. Except where otherwise described in this policy, we will limit access to your personal data to those employees, agents, contractors and third parties who need access. They will be subject to a duty of confidentiality. Confidentiality shall not apply to your personal data to the extent that it is: (a) made public by you; or (b) provided by you to us to be made public, such as for use in a photo mosaic project.
All information you provide to us is stored on our secure servers using a verified SSL (secure socket layer) system for transferring data. If you click on the small padlock symbol at the top of your browser’s screen, next to the web address, you will be taken to the site’s security certificate.
Please be aware that, while we make the security of our Website and your personal information a high priority, no security system can prevent all security breaches. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. How long we keep your data
In accordance with data protection laws and good commercial practice, we do not retain data in a form that permits identification of the person(s) to whom it relates for any longer than is necessary.
Once the purpose for which information has been collected has been fulfilled, we’ll either permanently delete it completely or remove all identifiers within it so that it is no longer personal data. We may use such anonymised data for research and/or business analysis purposes.
Where you have provided us with a photograph, image and/or story for use in an artwork or project and you have expressly granted us a licence to use it, it will remain in our artworks and archives and be used in accordance with the terms of the licence.
Where we obtain your personal data in relation to the use or purchase of our services, including VAT or invoicing information, we are obligated by law to keep this for a minimum of 6 years.
If you contact us for a proposal or commission and you don’t consent to marketing, we’ll keep your data for a year in case you wish to proceed with the quote.
8. International Data Transfers
Our servers are located in the EU and the information that we collect directly from you will be stored on these servers.
We may also transfer your personal data to our third-party service providers, many of whom may be located outside of the EU, operate from multiple locations including non-EU based operations or engage sub-processors located outside the EU.
Where your personal data is transferred outside of the EEA to a territory not subject to an adequacy decision by the European Commission, we have agreements in place with the relevant parties which include either (i) standard data protection clauses adopted by the relevant data protection regulator and approved by the European Commission or (ii) standard data protection clauses adopted by the European Commission, to ensure that appropriate safeguards are used to protect your personal data. If you require more information about these safeguards, you can contact us at firstname.lastname@example.org.
9. Changes to this Policy
We may update the terms of this policy at any time. We ask, therefore, all users to check for updates from time to time. We will endeavour to notify you of any significant changes in the way we collect and manage your personal data. This may be done by, without limitation, us displaying a notice on the Website following the update.
10. Contact Us
If you have any questions, comments or enquiries, please contact:
HELEN MARSHALL LIMITED (Company No. 11423615)
42 Matchmakers Wharf
London E9 5GP
Tel: +44(0) 2087932769