Hello, we hope you well and happy.
This month brings some major changes to privacy and data protection law.
These changes will better protect your personal information, giving you more control over your data, how it is used and how you are contacted.
General Data Protection Regulation (GDPR) is the biggest change to data protection law in 20 years, designed to give you more control over how your data is used. The new guidelines take effect on 25 May 2018 and will govern how we gather, save and process your personal information.
Antonio Leanza Companies Ltd – trading as “LSP Coaching & Training, London School of Photography and LSP” – understands that your information is important and that in the wrong hands it could pose a risk to your rights and freedom. In order to help protect your personal data, this document explains what information we need to collect, why we collect it, what we do with it, how long we keep it for, who can access it and what your rights are.
What we need to collect
- Information that you provide to us such as your name, address, date of birth, telephone number, email address and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
- Information about the services we provide to you (including, for example, those we have provided to you, when and where, what you paid and how (PayPal, cheque, bank transfer), the way you use our products and services, and so on);
- Information about whether or not you want to receive marketing communications from us;
- Information about any device you have used to access our services (such as your device’s make and model, browser or IP address) and also how you use our services. If you use our websites, we try to identify when and how you use those websites too;
- Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. This helps us keep track of your likes and dislikes and any problems or concerns you’ve had with our products or services.
Why we need it
There are a number of ways in which we use your personal information. If you do not provide your information to us, then we will be unable to interact with you in that way – for example, if you do not provide your name, address and account details when purchasing one of our workshops, we will not be able to sell you that product as we would be unable to process your payment or contact you with all the necessary information.
What we do with it
All the information we collect via our website, products and services, or through correspondence with you, is used by “LSP Coaching and Training” to operate and improve the service we offer you. We are committed to using your personal information only for:
- making our services available to you.
- personalising your training experience;
- monitoring and improving any of our websites and our services.
- planning and managing our business activities, including analysing customers’ preferences.
- enabling third parties to carry out technical, logistical or other functions on our behalf.
- providing you with information about the products and services we offer.
- providing you with periodic communications about new features, tutorials, services, events, promotions and special offers. Such communications from “London School of Photography” might include advertising or offers. (We will never pass your information outside of Antonio Leanza Companies Ltd for marketing purposes). We may also contact you in relation to any questions you have raised with us or to discuss the status of your account with us.
- preventing and detecting fraud or abuses of our website or services.
- allowing us to comply with any requirements imposed on us by law or court order.
International Data Transfers
“LSP Coaching and Training” is based in the UK, but in order to offer you the best service we can provide, we work with service providers from other parts of the world. This means that the data we collect sometimes needs to be transferred, stored and used outside the European Economic Area. We want you to know that we have taken steps to ensure there is an appropriate level of security for the processing carried out in these countries.
How long we keep it
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need it for the purposes we acquired it for in the first place.
In most cases, this means we will keep your information for as long as you continue to train with us or use our services, and for a period of time afterwards if you stop doing so just in case you begin shopping with us again. After that, we will either delete it or anonymise it so that it cannot be linked back to you.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, for example for any legal, accounting, or reporting requirements. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Who can see it
The parties that can access this information are:
- Service providers: acting as processors who provide IT, system administration and delivery services.
- Professional advisers: acting as processors or joint controllers including lawyers, bankers, auditors and others who provide consultancy, banking, legal, insurance and other professional services.
- Her Majesty’s Revenue & Customs (HMRC), regulators and other authorities: acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Other people who help us provide our websites: they include information technology experts who host our websites and payment services companies that make it easy for you to use your credit or payment cards with us. Other examples include market research companies, marketing, advertising, design and PR organisations and general service companies such as printers and mailing houses;
- Our insurers and insurance brokers: who provide us with comprehensive cover against the risks of running a business as big as ours. (They may keep this information for the purpose of ongoing risk assessment and insurance broking and underwriting services.)
- Banks and finance companies: where we have allowed them to offer you the possibility of buying our products on credit or debit card. (They may keep this information for their related banking and finance purposes)
- With social media companies such as Facebook and Twitter: and our advertising partners to enable us to run targeted promotions for you on their platforms;
- Any new business partners we may have over time, for example, in the event of a joint venture, reorganisation, business merger or sale that affects us.
- The police, local authorities, Her Majesty’s Revenue and Customs (HMRC), the Courts and any other government authority: if they ask us to do so (but only if us doing so is lawful).
- We may also share the information we collect where we are legally obliged to do so, e.g. to comply with a court order.
- Social media, blogs, reviews, etc.
- Any social media posts or comments you send to us: (on the “London School of Photography” Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) on which they are written and could be made public. Other people, not us, control these platforms. We’re not responsible for this kind of sharing. Before you make any remarks or observations about anything, you should review the terms and conditions and privacy policies of the social media platforms you use.
How we protect it
We take the protection of your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:
- We protect the security of your information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL).
- We use appropriate procedures and technical security measures (including encryption and anonymisation) to safeguard your information across all our computer systems, networks, websites, mobile apps and office.
- We do not record any Credit / Debit card information as all our card payments are processed through PayPal. Once the payment is confirmed, a token is transmitted to our booking system.
What are you rights
- Request a copy of the data we hold on you.
- Request that we correct or update the data that we hold on you.
- Request that we delete the information we hold on you.
- Request that we keep your data but do not use it.
- Request that we send a copy of your data to another organisation.
- Object to how we are using data.
- Raise a complaint with the Information Commissioner’s Office about us. If you wish to do this then go to ico.org.uk/concerns
- Take us or the Information Commissioner’s Office to court. If you wish to do this then go to ico.org.uk/concerns or email firstname.lastname@example.org
- Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you are seeking to exercise any of these rights, please contact us:
- By email email@example.com
- By post: Privacy Team, London School of Photography, 19 – 21 Hatton Garden, London EC1N 8BA, UK
Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect the personal information belonging to our customers against fraudulent requests. We may also contact you to ask you for further information in relation to your request to speed up our response.
Additionally, we must inform you of the following:
- If we suffer a data breach and your data is affected in a way that poses a risk to your rights and freedom.
- If we carry out your request to correct/update, erase or not use your data
Hopefully, that has clarified things for you. However, if you are still looking for more information you can contact us through one of our preferred contact methods.
Phone: +44 (0) 203 691 768 or +44 (0) 7976 762 156