GDPR Data Protection Notice

logo-maxwell-retina

GDPR Data Protection Notice

At Maxwell Photography your privacy is very important to us.

It is one of our fundamental responsibilities as a business to ensure that we protect the information entrusted to us by you. This Data Protection Notice looks to answer your important questions about the processing of personal information by our organisation. Please take some time to read this Data Protection Notice carefully.

In this Data Protection Notice, we use the terms “Maxwell” or “we” to refer collectively to businesses and its subsidiaries.

1. Introduction

1.1. Maxwell Photography is Ireland’s only photography company registered with an ISO 9001 and ISO 14001 accreditation. The certification is monitored by NQA. Also, we are a member of the Irish Professional Photographers Association (IPPA). This notice has been prepared in line with our interpretation of GDPR, advice from our member association (IPPA) and other informed third-party consultants. Although the company has taken reasonable precautions to ensure full compliance with GDPR, we cannot wholly accept responsibility for any loss or damage arising from its interpretation and matters which may arise which are out of our control.

Maxwell Photography are the leading supplier of Photographic Services to Ireland’s Public Relations, Commercial and Corporate sectors, as well as to Press & TV.

At Maxwell Photography, we create images for business with a proven commercial photographic service. We provide a unique blend of business, marketing and creative skills to serve clients. Whether on location or at our extensive studio facilities, we offer the expertise, knowledge and skill to produce images that work for you.

Our photographs may be distributed globally through our website, online and mobile business platforms. Our business is a private limited company registered in the Companies Registration Office under Company Number 334310. Our Head office is located at Dargle Mews, 98 Lr. Drumcondra Rd, Dublin 9.

More information on the activities of our Company is available at https://maxwellphotography.ie/

1.2. How you can contact our business if you have any questions about your privacy rights or if you would like to change your privacy preferences, you can contact us in the following ways:

• By dropping in to or calling our offices
• By contacting one of our Team by phone or by email.
• If you have specific queries about this Data Protection Notice or our approach to privacy, you can also contact us directly and we who will ensure that your query is treated in a confidential manner.

If you do not agree with the response you receive from us, you are entitled to lodge a complaint with the Office of the Data Protection Commissioner:
You can visit the website of the Office of the Data Protection Commissioner at www.dataprotection.ie for more details.
Office of the Data Protection Commissioner Canal House, Station Road, Portarlington, Co. Laois, R32 AP23

Phone: + 353 57 868 4800 / + 353 761 104 800 LoCall: 1890 25 22 31 Fax: + 353 57 868 4757 Email: info@dataprotection.ie

2. How can you control the personal information you have given to us?

When your personal information is handled in connection with our product or service, you are entitled to rely on several rights. These rights allow you to exercise meaningful control over the way in which your personal information is processed. You may execute any of these rights free of charge (in certain exceptional circumstances a reasonable fee may be charged, or we may refuse to act on the request) and we may ask you to verify your identity prior to proceeding with your instruction by way of requesting additional information/documentation from you. Once we are satisfied that we have effectively verified your identity, we will respond to most requests without undue delay and within a one-month period i.e. 30 calendar days of receipt of the request. We will action your request to have your personal information corrected within 10 calendar days. These periods may be extended in exceptional circumstances and we will inform you where the extended period applies to you along with an explanation of the reasons for the extension. Further information in relation to how you may execute these rights as outlined in the Data Protection section of our notice or alternatively by contacting us using the channels outlined in this document.
For example, you are entitled to:

2.1. Access your personal information

You can look to access the personal information we hold about you by contacting us with a data access request using the channels outlined. We will endeavour to provide you with as complete a list of personal information as possible. However, it can happen that some personal information from back-up files, logs and stored records may not be included in that list as this information is not processed by us on an ongoing basis and it is not therefore immediately available. For that reason, this personal information may not be communicated to you. However, this personal information remains subject to standard data maintenance procedures and will only be processed and retained in accordance with those procedures.
2.2. Correct/ restrict /delete your personal information

If you believe that certain personal information we hold about you is inaccurate or out of date, you can look for the information to be corrected at any time using the channels outlined after we have verified the information. If you dispute the accuracy of information held, you can request that we restrict processing this information while your complaint is being examined. If you suspect that we are processing certain information without a legitimate reason or that we are no longer entitled to use your personal information, you can also ask for that personal information to be deleted.

We are not under an obligation to rectify or delete your personal information where to do so would prevent us from meeting our contractual obligations to you or where, our business is required or permitted to process your personal information for legal purposes or otherwise in accordance with our legal obligations to our Contractors, Clients or Suppliers.

We ask that you keep us informed of any relevant change in your personal circumstances to enable us to keep the information on our systems up to date and accurate.
2.3. Withdraw your consent

Whenever you have provided us with your consent to process your personal information, for example, so that we can contact you about one of our products or services, you have the right to withdraw that consent at any time through one of the channels identified. If you withdraw consent to processing (and if there is no other justification for continuing to process your information), you are also entitled to request that your personal information is deleted. Withdrawing consent does not affect the lawfulness of any processing undertaken by us based on your consent before its withdrawal.
2.4. Object to your personal information being used for certain purposes

If you disagree with the way in which we process certain information based on its legitimate interest, you can object to this through one of the channels identified. In such cases we will provide you with details regarding the rationale for processing your personal information and we will stop processing the personal information under dispute if we cannot legitimately justify the reasons for processing within the agreed timeframe.

Some of our operations are fully automated, with no human intervention and may include taking decisions based solely on automated processing. If you disagree with the outcome of a fully automated decision-making process, you can speak to a staff member to express your point of view and contest the decision using one of the contact channels.

2.5. Request your personal information to be transferred in electronic form

You can (in certain cases) request that your personal information is transferred to you or to another service provider so that you can store and reuse your personal information for your own purposes across different services. We will not be in any way accountable or liable for any damage, loss or distress sustained, incurred or suffered by you and/ or the designated service provider because of improper use of the personal information upon and after receipt from us.

2.6. How to exercise your rights. You can exercise the rights outlined above free of charge by contacting us using any of the channels mentioned in this document.

3. Why do we collect and use your personal information?

We gather and process your personal information for a variety of reasons and rely on a number of different legal bases to use that information, for example, we use your personal information to process your applications, to help administer your products and services, to ensure we provide you with the best service possible, to prevent unauthorised access to your accounts and to meet our legal and regulatory obligations.

3.1. To comply with legal obligations

We are required to process your personal information to comply with certain legal obligations, for example:

3.1.1. to report and respond to queries raised by regulatory authorities, law enforcement and other government agencies such as the Central Bank of Ireland, the European Central Bank and relevant policing authorities;

3.1.2. to respond to requests from Irish Revenue in accordance with relevant tax legislation including queries relating to Foreign Account Tax Compliance Act (FATCA), stamp duty and Common Reporting Standard (CRS) and under Notices of Attachment issued by Irish Revenue;

3.1.3. to pass details of the originator or the payee to the receiving or transferring financial institution;

3.1.4. to meet regulatory information security & incident reporting requirements such as under the Directive on Security of Network and Information Systems (NIS Directive);

3.1.5. to cooperate and provide information requested in the context of legal 3.1.4. and/or regulatory investigations or proceedings;

3.1.6. To investigate allegations of fraud and prevent fraud by third parties or customers.

3.2. To enter into and perform a contract for a product or service

3.2.1. Before we provide you with products or services, we must gather some personal information to process your application and to assess the terms upon which we can enter into the contract with you. This includes, for instance, gathering and processing personal information for use on a photoshoot.

3.2.2. To manage your accounts, policies and other products or services, we must process your personal information. Examples of processing include the administration of accounts, payments, credit decisions. As part of this process, we may be required to pass some personal information to an intermediary or counterpart (e.g. if you perform a payment transaction, we pass information on the progress of the transaction to the payee concerned). In addition, we have insurance protection, which means we may be required to provide your personal information to our insurance partners in connection with the provision and administration of insurance related claims. This type of information will only be obtained and processed where necessary to process your terms of business with us, administer your account or comply with a legal obligation.

3.3. To enable us to function as a business

3.3.1. In certain circumstances, we process your personal information based on the legitimate interests of our business.
In doing so, we ensure that the impact of the processing on your privacy is minimised and that there is a fair balance between the legitimate interests of our business and your privacy rights. If you disagree with your information being processed in this manner, you are entitled to exercise your right to object, however, due to the nature of our business e.g. on location at a third-party event, we cannot be held responsible for the collection of such information (photographs) and your objection should be made to the person(s) responsible for such event.
An example of a situation in which your personal information is processed based on our legitimate interests, include:
• to enable us to manage our relationship with you by maintaining a single view of your accounts and any products or services that we provide to you and any interaction with us. This enables us to create a profile for you and to assess your needs better;

3.4. Where you have provided consent

3.4.1. Marketing Consent:

We use your personal information to make you aware of products and services which may be of interest to you. You can find out more about how we would like to provide you with customised offers and personalised customer service. To be able to do this, we will ask you for your consent. You can at any time withdraw that consent through the contact channels set out.

3.4.2. Sensitive Information Consent:

We sometimes collect and process information which may be of a sensitive nature which you share with us in your business dealings with us for a product or service or when requesting a change to an existing product and service. The staff member you are dealing with will ask for your consent to process this type of personal information and once obtained will keep a record of this consent. Due to the nature of our business, this may be taken in electronic format.

4. What kind of personal information do we collect and how it is used?

The information we hold about you can vary depending on the products and services you use. This includes personal information which you give to us when you are looking for a quote for a product or service, personal information we collect automatically, for instance, your IP address and the date and time you accessed our services when you visit our websites or apps; and personal information we receive from other sources.

Here is a more detailed look at the information we hold about you and how it is used by us:

Types of information

Examples of how the information is used by us

Identity information

Name, sex, date of birth, nationality, photographs, address, form of identification, a self-portrait picture (or ‘selfie’) uploaded to our social media platforms or public media platforms.

We use this type of information to identify you and to help us combat fraud and other illegal activity.

Types of information

Examples of how the information is used by us

Information to help us service your needs

Your client profile can include

• Your account numbers • Details of the products/services you hold • Key relationships, civil status and household composition • Your preferences and interests • Your education, professional experience • Your lifestyle, interests and activities (memberships, etc.)

If you provide information about other people (i.e. partners or dependents), please ensure that those persons have agreed to us using this
information or that you are otherwise allowed to give us this information.

Whenever a staff member meets with you or contacts you this interaction may be logged to retain a note of the interaction so that staff can deal with your queries and satisfy your requests.

Significant life events like moving business, birthdays etc. We may use these life events to determine which services or products are most relevant to you.

TYPES OF INFORMATION EXAMPLES OF HOW THE INFORMATION IS USED BY US

Information made available by another party or in a public domain

Publicly available information including information on your social media profile where it is publicly accessible.

Information about you which is obtained from other parties, for example, people appointed to act on your behalf.

We sometimes use this type of information to verify that the information we hold on our databases is correct.

We also use this information to help us understand our relationship with you and to help us to offer you products and services we believe will be of interest to you.

Images from security cameras in and around the office premises

We may use CCTV to monitor and collect images. We have a strict retention period for security cameras images but in certain limited circumstances, the recordings may be kept for longer, for instance, to provide evidence to the Police for investigations for criminal proceedings.

5. How do we use personal information for direct marketing?

We would like to make you aware of products and services which may be of interest to you. We can do this by using some of the personal information we hold about you to better understand your needs.

5.1 For example: Ads in apps can be tailored to your interests or based on information you have shared with us;
Based on your behaviour and/or the type of transactions, we might offer you an alternative product that better suits your needs; and
Based on your demographic or other personal information we may offer you products or services which are widely used by others in the same demographic group.

5.2. You can review and make changes to your marketing preferences at any time through the options outlined in this document.

6. What about Security and Confidentiality?

We use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use or disclosure. We also take steps to ensure that only persons with appropriate authorisation can access your personal information.

6.1. Who can access your personal information within our business?

6.1.1. Only staff members who are suitably authorised can access your personal information if that information is relevant to the performance of their duties, whether it be in connection with the delivery of products or services or in accordance with legal or regulatory obligations. This may include, for example, staff members working in our Photography Department, Marketing Department or our customer services representatives who you have dealings with.

6.2. Security measures to safeguard your personal information
We use internal technical and organisational measures to protect your personal information from unauthorised access, to maintain data accuracy and to help ensure the appropriate use of your personal information. These security measures include encryption of your personal information, firewalls, intrusion detection systems, 24/7 physical protection of facilities where your personal information is stored, background checks for personnel that access physical facilities, and strong security procedures across all service operations. We use strong encryption algorithms for the transmission and storage of your Information. Although every effort is made to secure your information, including but not limited to, additional security measure and features, we cannot ensure 100% the effectiveness of same.

6.3. Other restrictions on use of your personal information
We do not collect personal information on children aged under 16, unless a parent or legal guardian has given his/her consent for this. We will not sell or hire your personal information to third parties for their own use.

7. Who do we share your personal information with?

Our business sometimes shares your personal information with trusted third parties who perform important functions for us based on our instructions and applying appropriate confidentiality and security measures. For example, we use third party service providers to send out marketing material on a product or service you may be interested in. We are engaged by third parties to take photographs at public events, for which we would prefer you to be aware the onus is on yourself and said third party to ensure consent has been secured in advance. We cannot be held responsible for the release of photographs taken at an invited function or public gathering.

7.1. We have set out below some examples of where our business shares your personal information:
• We use printing and distribution agencies to communicate with you about our products and services;
• We undertake market research in conjunction with agencies;
• We engage the services of solicitors, accountants, auditors, valuers and other consultants to act on our behalf and work with advisors you have instructed to represent you, or any other person you have informed us is authorised to give instructions or to use the account or products or services on your behalf (such as under a power of attorney);
• We work with certain relationship partners and agents under a strict code of confidentiality.
• We are required to cooperate by law or otherwise through a legal process with Irish and EU regulatory and enforcement bodies such as the Central Bank, the courts, fraud prevention agencies or other bodies. We are also required to report personal and account information to for tax purposes.

8. How long will we retain your personal information?

How long certain personal information is stored depends on the nature of the information we hold and the purposes for which they are processed. We determine appropriate retention periods having regard to any statutory obligations imposed on us by law. For example, we are required to retain some customer information for 6 years after the end of the customer relationship in accordance the Consumer Protection Code. Due to the nature of our business, the purpose for which the information was obtained may have ceased and the information is no longer required, however may be in the public domain or in our archives so we may not be able to delete, or purge said information in all circumstances.

9. Updates to our Data Protection Notice

We keep this notice under regular review and from time to time will look to amend it to reflect changes to the way in which we are processing personal information. The most recent version will always be available at request or via our website. We will inform you of material changes to the content of the Data Protection Notice through a notification posted on our website or other communication channels. You will also find more information about Irish and European data protection legislation on the Office of the Data Protection Commissioner’s website at https://dataprotection.ie/docs/Home/4.htm

More articles from MAXWELL PHOTOGRAPHY

Climb with Charlie!

The Climb with Charlie Fundraising Campaign launched today. Visit the website to find out how to donate, start your own fundraiser or find a climb

Read More »