GDPR Compliance

General Data Protection Regulation compliance information

Our Commitment to Data Protection

We are committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation and the Data Protection Act 2018. This page outlines how we comply with these regulations.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contractual necessity: Processing is necessary to fulfil our photography service contract with you
  • Legitimate interests: Processing is necessary for our legitimate business interests in providing professional photography services
  • Consent: Where you have provided explicit consent for specific processing activities, such as receiving promotional communications

Data Controller Information

For the purposes of data protection legislation, the data controller is:

arcane-node
82 Kensington Gardens
Birmingham
B15 2NW
United Kingdom
Email: [email protected]

Categories of Personal Data We Process

  • Identity data: name, title
  • Contact data: email address, postal address
  • Event data: event type, date, location, specific requirements
  • Communications data: correspondence regarding bookings and services
  • Visual data: photographs taken during events where you are identifiable

Your Rights Under GDPR

Under data protection law, you have the following rights:

Right to Access

You may request a copy of the personal data we hold about you. This is commonly known as a "subject access request."

Right to Rectification

You may request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

You may request deletion of your personal data under certain circumstances, though this right is not absolute and may be subject to legal or contractual retention requirements.

Right to Restrict Processing

You may request that we limit how we use your personal data in certain situations.

Right to Data Portability

You may request transfer of your personal data to another service provider in a structured, commonly used format.

Right to Object

You may object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

We do not engage in automated decision making or profiling with your personal data.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] with a clear description of your request. We will respond within one month of receiving your request, though this may be extended by two additional months for complex requests.

We may need to verify your identity before processing certain requests. No fee is typically required, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.

  • Booking and communication records: 6 years after final interaction
  • Photography files and related data: According to our archival retention schedule
  • Marketing consent records: Until consent is withdrawn

International Data Transfers

Your personal data is stored and processed within the United Kingdom. We do not transfer personal data outside the UK except where necessary for service delivery, and only with appropriate safeguards in place.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Secure server infrastructure with encryption
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and updates
  • Secure backup procedures

Data Breach Procedures

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and inform affected individuals without undue delay.

Right to Lodge a Complaint

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Updates to This Information

We may update our GDPR compliance information periodically. Any changes will be posted on this page with an updated date.