Sunbeam Photographic Limited (“we”, “us” “our”) is committed to protecting and respecting your privacy. This privacy and cookies policy (“Policy”) sets out the basis on which the personal data collected from you, or that you provide to us whether as customer, patron, patronship applicant, guest, visitor, performer or user of our websites, applications, services or facilities will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
In this Policy “Data Protection Laws” means all laws applicable to any personal data processed or collected by us including (as applicable) the UK Data Protection Act 2018, the EU GDPR, the UK GDPR, the Privacy and Electronic Communications Directive 2002/58/EC, and any laws which implement any such laws, and a ny laws that replace, extend, re-enact, consolidate or amend any of the foregoing. “EU GDPR” means the General Data Protection Regulation (EU) 2016/679 and “UK GDPR” means the UK GDPR (as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019/419).
For the purpose of the Data Protection Laws the Data Controller is Sunbeam Photographic Limited (company number 07171165). Our registered office address and correspondence address is 79 Barlby Road London W10 6AZ. In this Policy our exhibition and event space known as Ladbroke Hall is referred to as the “Venue”.
We collect and process some or all of the following types of information from you in the course of your use of our websites, applications, services or facilities in your capacity as a user, customer, patron, patronship applicant, guest, visitor or artist, designer, exhibitor at the Venue:
We may also obtain personal data from ticketing agencies, reservation agents and third party suppliers where they provide us with your personal data when you book one of our events through their platform.
We rely on your consent as the lawful basis where you have agreed to participate in a survey, and for the processing of such personal information as has been collected through that survey.
We rely on “performance of a contract” where we collect, use and share (in accordance with this Policy) your personal data in order to provide our products and services or to receive your products and services pursuant to an agreement with you.
We rely on “legitimate interest” where:
We use information held about you in the following ways:
We may anonymise, aggregate and de-identify the data that we collect and use such for our own internal business purposes. This may include sharing such data for commercial, statistical and market research purposes.
In addition to the above uses we may use your information, to notify you about goods or services which may be of interest to you. Where we do this, we will contact you by post, electronic means (e-mail, SMS or via social media). If you do not want us to use your data in this way please either (i) tick the relevant box situated on the form on which we collect your data (for example, the registration form); (ii) unsubscribe from our electronic communications using the method indicated in the relevant communication; or (iii) inform us at any time by contacting us at the contact details set out below.
We routinely disclose your personal data to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (e.g. to host our servers).
We may disclose your personal data to any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable).
We may also disclose your personal data to third parties:
Other than as set out above, and save as necessary in order for us to carry out our obligations arising from any contracts entered into between you and us, we will not share your data with third parties unless we have procured your express consent to do so.
We take appropriate measures to ensure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Payment is handled separately, and securely, through the payment processor you have selected during checkout (“Payment Processor”). Your payment card details are never collected by us. If you want to find out more about how the Payment Processor processes your personal data, you can refer to their own privacy notice. We may via our Payment Processor ask that payment card details or direct debit mandates you provide as part of a patronship application, joining fee or subscription fee payment obligation is stored for the purpose of processing your application, initiating patronship and collecting joining and patronship fees including renewals and to collect payment for goods and services provided by us. This information may be stored for later use whilst you are on any patronship waiting list. We will store this data in accordance with our legal obligations and only for so long as permitted in each case under applicable law. You may choose to opt out of us holding your payment information. If you do we may request further payment details in order to complete your patronship application and for you to pay any joining or patronship fees or to pay for goods and services provided by us.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the website/app; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
If your personal details change you may update them by contacting us using the contact details below. If you have any questions about how We use data collected which relates to you, please contact us by sending a request by email to the contact details below.
We will endeavour to update your personal data within seven (7) working days of any new or updated personal data being provided to us, in order to ensure that the personal data we hold about you is as accurate and up to date as possible.
The data that we collect from you may be transferred to, and stored at, a destination outside the United and/or the European Economic Area (“EEA“). We will take all steps reasonably necessary to ensure that your data is held securely and in accordance with this Policy. Countries outside the United Kingdom and/or the EEA do not have the same data protection laws as the United Kingdom and EEA and we have therefore ensured that any of our suppliers who may transfer your personal data outside the United Kingdom and/or the EEA has put in place appropriate measures to protect your data, for example by entering into a European Commission approved contract (as permitted under Article 46(5) of the General Data Protection Regulation).
We will not otherwise transfer your personal data outside the United Kingdom and/or the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries. If you would like further information please contact Us (see ‘Contact’ below).
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our patrons and customers (including contact, financial and transaction data) for six years after they cease being patrons or customers for tax purposes.
Under the Data Protection Laws you have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights.
If you would like to exercise any of those rights, please:
We hope that we can resolve any query or concern you raise about our use of your information.
The Data Protection Laws also give you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
We may collect information about your mobile phone, computer or other device from which you access the website including where available your IP address, operating system and browser type, for systems administration and to report aggregate information to third party affiliates. This is statistical data about our users’ browsing actions and patterns and does not identify any individual. We may, however, use such information in conjunction with the data we have about you in order to track your usage of our services.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device if you agree. Cookies contain information that is transferred to your device’s hard drive.
The cookies we use include:
All questions, comments and requests regarding this Policy should be addressed to us at Data Protection Enquires, Ladbroke Hall, Sunbeam Photographic Limited, 79 Barlby Road London W10 6AZ.