We know that there’s a lot of information here but we want you to be fully informed about your rights, and how Smiley Booth Ltd uses your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
Who are Smiley Booth Ltd?
- Smiley Booth Aberdeen
- Smiley Booth Glasgow
- Smiley Booth Lancashire
- Smiley Booth Merseyside
- Smiley Booth Peak District
- Smiley Booth Sheffield
- Smiley Booth Shropshire
- Smiley Booth Birmingham
- Smiley Booth Essex
- Smiley Booth Northamptonshire
- Smiley Booth Berkshire
- Smiley Booth Hampshire
- Smiley Booth Surrey
- Smiley Booth Sussex
- Smiley Booth Dorset
- Smiley Booth Ireland
- Smiley Booth Cote d’Azur
- Smiley Booth Cyprus
Explanation of the legal basis we apply to the processing of personal data
The law on data protection sets out six means in which a company may collect and process your personal data, having analysed our customer database and business model we have assess that Legitimate Interest is the primary basis for which we collect and process personal data.
Legitimate Interest is defined as: the processing necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
When do we collect your personal data?
Points at which your personal data will be collected include
Online: via the contact forms and live chat function on our web pages, contact and direct messaging facilities on our social media platforms and via third party directory websites e.g. hitched.co.uk
Offline: verbally over the phone during a telephone enquiry and in person at a wedding or trade fair, marketing event or other private hire.
What sort of personal data do we collect?
The personal data we collect is limited to the level we need to deliver our services and is made up of the following:
- Email Address
- Phone Number
- Event Date
- Event Venue
- Event Venue Contact
- Type of Event
- Home Address
- How many guests will be at the event
How and why do we use your personal data?
Your personal data is used to ensure the services we deliver are suitable and appropriate and any data collected is only used to inform, administer and deliver those services for example:
To respond to questions and queries
To add services as they relate to the event
To invoice and take payment for the services we provide
To comply with our contractual or legal obligations to share data with law enforcement.
In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 you are given the opportunity to opt out or unsubscribe at any time through an automated process displayed as a link in the footer of each email.
How we protect your personal data
We use a number of difference software which have data encryption and the providers have their own privacy policies in place. We use Office 365 which have data encryption and their privacy notice can be seen using the following link: Https//privacy.microsoft.com/en-gb/privacystatement
We also use Hubspot for our Customer Relationship management software, their privacy notice can be seen using the following link: https://legal.hubspot.com/privacy-policy?utm_campaign=GDPR%20Privacy%20Policy&utm_source=hs_email&utm_medium=email&utm_content=63125824
Xero and Zoho Books are our accounting and invoicing platforms the privacy policies for which can be see at the following links: Xero: https://www.xero.com/uk/about/terms/privacy/ and Zoho Books https://www.zoho.com/gdpr.html
In addition, we have internal processes for any employees or associates which clearly states their terms of reference and how personal data will be used and protected.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as it is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
We keep data for 12 months beyond the event date in order to be able to provide duplicate copies of photos to our clients and their guests.
Who do we share your personal data with?
Your personal data is only used to the purposes explained in section 5 of this document we do not share personal data with any third parties.
If during those processes you request any additional related services such as we may offer help with that through selected local companies with whom we have an existing relationship and only with your agreement. No personal data will be given or sold without the express written permission of the user.
Where your personal data may be processed?
Protecting your data outside the EEA. The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA such as Australia or the USA. This will only be done using the technology solutions highlighted in section 6.
What are your rights over your personal data?
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
If at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted. Any subject access will require proof of identity before any information is divulged. Where a request to “Be forgotten “is made that can only be complied with if there are no other legal frameworks that overrule GDPR. Examples would be HMRC, FCA, etc.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter. Our Data Protection Office is Kate Johnson: firstname.lastname@example.org
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO). You can contact them by calling 0303 123 1113. Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites) If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. Details can be found in Section 16.
Regulation changes and remedial actions
The GDPR is live from 25th May 2108 and the UK Data Privacy Bill does not have a final date as yet. Therefore, this Policy is based on the regulations as they exist with a review process set up to make any adjustments required to become and stay compliant. In the event of any changes or processes which need remedial action the review procedure will capture those issues and remedy them.
Website and Associated Company Social Media Platforms
Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and it’s external serving vendors.
This website uses tracking software to monitor its visitors to better understand how they use it.
Other cookies may be stored on your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected at any time.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
The collection of images are a necessary part of the service that Smiley Booth provides. These images are collected and stored via the Photo Booth hardware and software which is encrypted and may sometimes be provided on USB stick which is also encrypted. Photos are also uploaded to a password protected cloud based photo gallery.
The use of client data for marketing purposes
Smiley Booth Ltd may wish to use photographs, video footage or testimonials both written and visual for the purpose of the business marketing such as on the company website, social media platforms and physical marketing materials such as leaflets and brochures. In this instance express consent will be sought from the individual featured where possible, if not possible consent will be sought from the company’s client as detailed in the company’s terms and conditions. Individuals will not be identified with the exception of testimonials if express consent has been provided. Facial recognition software is never applied by Smiley Booth Ltd. In addition notices will be displayed to guests at an event that their photos may be used in marketing materials and anyone who expresses a wish not to be included in these materials at the time will be duly noted. Furthermore any request for imagery to be removed from any marketing materials will be actioned immediately.