This Data Protection Policy outlines how Picto Legacy ("we," "us," or "our") collects, uses, stores, and protects the personal information of our clients. By using our services, clients agree to the terms of this policy.
1. Scope of the Policy
This policy applies to all personal information collected, processed, and stored by [Your Business Name] in connection with providing photography services.
2. Data We Collect
We may collect the following personal information from clients:
- Contact Information: Name, email address, phone number, and physical address.
- Photography Details: Photoshoot preferences, dates, and locations.
- Payment Information: Payment details necessary for invoicing and order processing.
- Online Account Information: Login credentials for accessing photo galleries (if applicable).
3. Purpose of Data Collection
We collect personal information for the following purposes:
- To communicate with clients about their photoshoots and orders.
- To provide access to online photo galleries.
- To deliver final photos, invoices, and receipts.
- To ensure a seamless and personalized client experience.
We do not use personal information for unsolicited marketing or share it with third parties for any purpose.
4. Legal Basis for Processing
We process personal information only where necessary:
- To fulfill contractual obligations (e.g., delivering photos).
- To comply with legal obligations (e.g., maintaining accurate financial records).
- With the client’s explicit consent (e.g., sharing photos online or for promotional purposes).
5. Data Protection Measures
We implement appropriate technical and organizational measures to protect personal information, including:
- Secure servers and encryption for data storage and transmission.
- Access controls to restrict unauthorized access to personal information.
- Regular monitoring and audits to identify and mitigate data security risks.
6. Data Retention
We retain personal information only as long as necessary to fulfill the purposes outlined in this policy or comply with legal requirements. Once data is no longer required, we securely delete or anonymize it.
7. Client Rights
Clients have the following rights regarding their personal information:
- Access: Request access to their personal data.
- Correction: Request corrections to inaccurate or incomplete data.
- Deletion: Request deletion of their personal data, subject to legal obligations.
- Objection: Object to the processing of their personal data in certain circumstances.
To exercise these rights, clients can contact us at [Insert Contact Email/Phone Number].
8. Third-Party Services
We may use third-party services (e.g., payment processors, cloud storage providers) to support our operations. These third parties are required to comply with data protection regulations and use the information solely for the agreed-upon purposes.
9. Compliance with Laws
We are committed to complying with all applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and other relevant regulations.
10. Breach Notification
In the event of a data breach, we will notify affected clients and relevant authorities as required by law, providing details of the breach and measures taken to mitigate potential harm.
11. Updates to This Policy
We reserve the right to update this policy to reflect changes in our practices or legal requirements. Clients will be notified of significant changes through email or our website.