Updates to this policy
We reserve the right to amend or change this policy from time-to-time. Where this policy has been changed a notice will be placed on our website.
Date of this policy
This policy was last updated on 1st May 2021.
About us and what we do
This website is operated by Carl Quinn trading as factorxphoto.com. Our contact details are set out at the end of this policy. We are the data controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise).
We operate a website at www.factorxphoto.com which provides both free and paid membership (subscription) photographic galleries and other physical goods such as photographic books.
The purposes for which we collect personal data
We collect and process personal data as follows:
If you purchase a membership to one of our online subscription galleries or purchase physical goods (e.g books).
We will collect your personal information only to the extent necessary to allow us to provide the goods or services that you have purchased, specifically your name and email address. If you make a purchase through eBay, we will also be provided with your shipping address. We do not have access to any financial information which you provide to eBay for the purposes of making payment to us.
We may use your contact information to contact you in connection with your purchase / membership subscription including emails to confirm your purchase and to provide support in the event of any technical issues or problems with your order. We do not send marketing or promotional emails.
If you wish to model for us (or contact us with a view to modelling for us).
If you contact us with a view to modelling for our website we will collect the information you have provided to us via the contact form or the initial contact email and any subsequent emails. This will include your name, email address and may also include a personal photograph or photographs that you share with us for the purposes of determining your suitability. If you proceed with modelling for us we will also collect your date of birth. By modelling for us you agree that the images we take may be used on our website.
If you browse our website.
We may collect non-identifiable information on how visitors use our website and how users move around different sections of our website for analytics purposes to understand how users use our website so that we can make it more intuitive.
Where we process your personal data.
Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
Wix can store your site-visitors' data in a number of locations. Your site-visitors ́ personal information may be stored in data centers located in the United States of America, Ireland, South Korea, Taiwan and Israel. We may use other jurisdictions as necessary for the proper delivery of our services and/or as may be required by law.
Wix is a global company that respects the laws of the jurisdictions it operates within. The processing of your data may take place within the territory of the European Union, Israel or a third country, territory, or one or more specified sectors within that third country, of which, the European Commission has decided that it ensures an adequate level of protection (transfer on the basis of an adequacy decision).
Any transfer to a third country, outside the European Union, that does not ensure an adequate level of protection according to the European Commission, will be undertaken in accordance with the Standard Contractual Clauses (2010/87/EU) set out in Appendix 1 of the Wix Data Processing Agreement (DPA)
The security of sensitive data is of extreme importance to Wix and we are 100% committed to data protection. See all the security certifications received by Wix.com.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Security of your personal data.
All personal data processed by us is stored securely (the level of security being appropriate to the nature of the data concerned and the other relevant circumstances).
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.
Sharing your personal data with others.
We will never sell or share your personal data with third parties for the purposes of marketing or advertising. However, we may where appropriate share your personal data with:
Appropriate third parties including:
our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for;
our auditors, legal advisors and other professional advisors or service providers;
appropriate legal authorities or other authorised agencies for the purposes of fraud and crime prevention in relation to transactions or proposed transactions that you enter into with us.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements with you or the person that you work for; or to protect the rights, property, or safety of our business or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection, or credit risk reduction.
The legal basis for our processing of personal data
The legal basis on which we process your personal data is as follows:
Where it is necessary to obtain your prior consent to processing in order for us to be allowed to do it, we will obtain and rely on your consent in relation to the processing concerned (in relation to any processing we are carrying out with your consent, see below for how to withdraw your consent).
Otherwise, we will process your personal data where the processing is necessary:
for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract (for example, where you buy a membership subscription or physical goods from us);
for compliance with a legal obligation to which we are a subject.
How long we keep your personal data.
We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.
Your rights in relation to your personal data.
You have the following rights in relation to personal data relating to you that we process:
You may request access to the personal data concerned.
You may request that incorrect personal data that we are processing be rectified.
In certain circumstances (normally where it is no longer necessary for us to continue to process it), you may be entitled to request that we erase the personal data concerned.
We do not use your data for marketing or promotional purposes and we do provide your data to third parties for such purposes.
To exercise any of your rights, you should contact us as set out below.
If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal complaint with the Information Commissioner.
Contacting the regulator.
The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
You can contact us at any time by emailing email@example.com
Appendix – Essential Cookies