PRIVACY POLICY
1. Introduction
At Photo Walks of London (“we”, “us”, or “our”), accessible via photowalksoflondon.com (the “Website”), we are committed to safeguarding the privacy and personal data of our users. This Privacy Policy outlines our practices in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), and explains how we collect, use, disclose, and protect your personal information. We prioritize data minimization and transparency in how we handle your information, and we are committed to upholding the highest standards of data privacy and security.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all individuals who access or use our Website, services, or interact with us in any form. The data controller responsible for your personal data is Photo Walks of London. If you have any questions or concerns regarding your data, you may contact us at [email protected].
This policy covers personal information collected both directly and indirectly through the Website and through other interactions, including email correspondence and third-party integrations.
3. Categories of Data Processed
We may collect and process the following categories of personal information:
a) Usage Data:
Includes information on how you access and use the Website, such as IP address, browser type, pages visited, referring URL, time spent on pages, and interaction data. This data is collected automatically when you interact with our Website.
b) Account Data:
Includes your full name, email address, postal address, and phone number that you provide when creating an account or filling in forms on the Website.
c) Profile Data:
Includes your preferences, previous purchases or bookings, browsing behavior on the Website, and any other profile attributes set by you or inferred through interaction.
d) Communication Data:
Includes records of email or other communications with us, support requests, inquiries, and any metadata associated with such correspondence.
e) Technical Data:
Includes device identifiers, operating system details, browser configurations, and system logs associated with your use of the Website.
f) Transaction Data:
Includes payment details (processed securely through third-party payment gateways), billing and delivery information, and any transactional communications.
g) Preference Data:
Includes marketing preferences, product or service interests, and consent flags indicating your selections for various communication types.
4. Legal Bases for Processing
We will only collect and process your personal information where we have a legal basis to do so under applicable laws. These bases include:
– Performance of a Contract: Where processing is necessary for the fulfillment of services you have requested, such as booking a tour.
– Legitimate Interests: Including business optimization, fraud prevention, service improvement, and ensuring website security.
– Consent: For marketing communications and non-essential cookies, which will only be enabled based on your explicit consent.
– Legal Obligations: Where we are required to comply with applicable laws or regulatory obligations.
5. Your Rights
Under the GDPR and CCPA, you have the following rights with respect to your personal data:
– Right of Access: You may request a copy of your personal data processed by us.
– Right to Rectification: You may ask us to correct any inaccurate or incomplete personal data.
– Right to Erasure (“Right to be Forgotten”): In certain circumstances, you may request the deletion of your personal data.
– Right to Restrict Processing: You may request that we limit the processing of your data in specific situations.
– Right to Data Portability: You may request the transmission of your data to another controller in a structured, commonly used, machine-readable format.
– Right to Object: You can object to processing carried out on the basis of legitimate interests or for direct marketing purposes.
To exercise any of these rights, please contact [email protected]. We will assess and respond to your request in accordance with applicable legal requirements.
If you are a California resident, you may also have additional rights under the CCPA, including the right to opt-out of the sale of your personal information (please note, we do not sell personal data), and the right to non-discrimination for the exercise of your privacy rights.
6. Security Measures
We implement robust technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. Our protections include:
– End-to-end encryption of data in transit using HTTPS/TLS
– Secure storage with access controls based on the principle of least privilege
– Regular data backups and integrity checks
– Employee training and confidentiality agreements
– Firewalls, intrusion detection systems, and multi-factor authentication on critical systems
Despite our best efforts, no security system is infallible, and we cannot guarantee absolute data security.
7. International Transfers
Where necessary, we may transfer your personal data to countries outside the European Economic Area (EEA). In such cases:
– Transfers will only be made to jurisdictions recognized as providing adequate protection or through the use of Standard Contractual Clauses approved by the European Commission.
– We ensure that appropriate safeguards are implemented to protect your data consistent with this Privacy Policy.
8. Data Retention
We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected or to meet our legal, regulatory, tax, accounting, or reporting obligations.
Retention periods by data category:
– Usage Data: Retained for up to 12 months.
– Account and Profile Data: Retained while your account is active and up to 2 years after inactivity or deletion.
– Communication Data: Retained for up to 3 years for customer service and legal purposes.
– Transaction Data: Retained for 6 years in compliance with tax and transactional recordkeeping laws.
– Preference Data: Retained until the withdrawal of consent or a maximum of 2 years after the last interaction.
9. Cookie Policy
The Website uses cookies and similar technologies to enhance your browsing experience and analyze usage.
Types of Cookies:
– Essential Cookies: Required for the Website to function (e.g., session authentication).
– Functional Cookies: Used to remember your preferences, such as language or location.
– Analytics Cookies: Help us understand Website usage patterns to improve services using aggregated, anonymized data (e.g., Google Analytics).
– Performance Cookies: Measure site performance for optimization purposes.
No personal data is collected from you by non-essential cookies unless you have consented via our Cookie Banner. You can find detailed information on our use of specific cookies within our Cookie Preferences Center available on the Website.
10. Cookie Management and Compliance
We provide a granular cookie consent mechanism in accordance with GDPR and CCPA standards. You can opt in or out of specific cookie types when you first visit the Website, and you may adjust your preferences at any time via our Cookie Settings panel.
Most browsers also allow you to manage cookies manually through settings. Be aware that disabling essential cookies may limit functionality on the Website.
11. Special Protections for Children
Our Website and services are not directed to or intended for children under the age of 13. We do not knowingly collect personal data from anyone under 13. If we become aware that personal data of a child under 13 has been collected inadvertently or without verified parental consent, we will take appropriate action to delete the information from our systems.
If you believe we may have collected such data, please contact us at [email protected].
12. Policy Updates
We reserve the right to amend or update this Privacy Policy as necessary to reflect changes in our practices, technology, or legal obligations. Any significant changes will be communicated prominently on the Website or via direct communication where appropriate. Your continued use of photowalksoflondon.com following such updates constitutes acceptance of the revised policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us:
Email: [email protected]
We are committed to addressing and resolving any privacy-related concerns promptly and transparently.
Compliance Statement
Photo Walks of London is fully committed to upholding data privacy under applicable international laws including the GDPR and CCPA. We encourage users to contact us with any questions about how their personal information is handled.