GDPR & Privacy
At JustPose, we take privacy seriously. We are fully compliant with the GDPR in all areas of our business. This page sets out how we use and protect personal information (including images captured in our products).
The GDPR stands for the General Data Protection Regulation and is a regulation in EU law on data protection and privacy for all individuals within the European Union.
Since it’s introduction in May 2018, the importance of handling data responsibly has never been more important, processors and controllers of data (like JustPose™ and sometimes our clients) have new responsibilities to adhere to. The good news is we’re ready for the GDPR and have worked hard to make keeping compliance simple. The information here is designed to answer frequently asked questions on the topic.
JustPose™ has a robust and regularly updated data protection management policy in place. From a practical perspective, we ensure compliance at your event or activation by adhering to these key principles:
- All Guests will be required to give their consent to a Privacy Notice. This Privacy Notice will be written specifically for your event/activation and will be written in plain English. The Privacy Notice will clearly set out who we are, exactly what data we’re collecting, how it will be used, who it will be shared with, for how long it will be retained, whether it will be shared outside the EEA, the Guest’s rights and who they can contact for further information or if they have a complaint.
- Data is then handled strictly in line with the Privacy Notice and our strict data protection policy. This includes only using and sharing data legitimately and legally for the purposes stated in the Privacy Notice.
- We put in place additional controls for protecting minors, we do this by restricting their participation which generally means only allowing them to participate if they’re accompanied by and/or have consent from a parent/guardian.
- Data is only retained for as necessary or for as long as we’re allowed as per the Privacy Notice.
- Records are kept to demonstrate compliance.
When JustPose™ are operating a Photo Experience of Photo Booth at your event or activation, we’ll ensure that the primary operation is compliant with the GDPR, this is our responsibility.
You too will have responsibilities if we’re sharing data with you, this is optional. If data is shared with you, we will require you to ensure that that data is processed and stored legally, in line with all relevant regulations and the Privacy Notice under which it was collected. If you need further advice on you your responsibilities on the GDPR, we recommend seeking independent advice from a professional such as a lawyer specialising in data protection.
Data can be collected from guests and shared with you providing that this is properly detailed in the Privacy Notice. This data can include the images captured along with a variety of useful other data such as email addresses, names, survey answers, opt-ins and more.
1. Who we are
JustPose is registered in England and Wales under the company name Just Pose Ltd. Our company number is 07828901. Our registered office is Regus House, Victory Way, Admiral’s Park, Crossways, Greenhithe, Kent, England, DA2 6QD. We are registered on the Information Commissioner’s Office Register, registration number ZA344394.
2. Information we collect
By “information” we mean all of the personal information about you that we collect, use, share and store. In this context, information can also include imagery (photos, animations and video footage, where you are identifiable, captured when using our products). The information we hold will vary according to the relationship you have with us.
3. How we use and share Information
Data Protection law requires us to have one or more of the following reasons for using your information:
- ‘Contract performance‘ – the information needed to deliver a product or service you have booked/ordered from us, e.g. we’ll use your email address to communicate with you if you make a booking for a photo booth with us.
- ‘Legal obligation‘ – we are required by law to process your information, e.g. to verify your identity.
- ‘Legitimate interest‘ – we’re allowed to use your information where, on balance, the benefits of us doing so are legitimate and not outweighed by your interests or legal rights, e.g. we have an interest in knowing what our customers do and don’t like so we can offer better products and services.
- ‘Consent‘ – in some cases we may obtain your consent to use information in a particular way or where the law requires consent to be obtained, e.g. if you use one of our products (like a photo booth) at an event and you consent to your email address being added to a mailing list in order for you to receive communications in the future. Whenever ‘consent’ is the only reason for us using the information, you have the right to change your mind and change or withdraw your consent.
Here are the circumstances under which we use and share Information:
- Managing and communicating with you about a booking or order for products or services
(Contract Performance, Legitimate Interest)
If you book services or buy products from us, we collect and use information like your email address, phone number and event details in order to deliver the products and services. We may also share information with third parties and contractors in order to do this. For instance, if we use a courier to deliver products to you, we will share your contact and delivery address details with them.
We also record some calls for training and quality assurance purposes; we may refer to call recordings to check the accuracy of information we hold.
- Sending you emails, SMS messages or other communication after using one of our products or taking part in one of our experiences at an event.
If you use one of our products or participate in an experience we’re running at an event, we may send you an email, SMS or other message that enables you to access your photo, animation or video. We’ll only do this where you ask us to by entering your contact information during your experience. We often use the services of third-party developers/software providers in order to do this.
- Providing our clients/sponsors with statistics and data captured from our products and experiences at their events.
(Legitimate Interest, Consent).
When we provide photo products and experiences to events, we’re usually doing it on behalf of a client or sponsor who has paid us to do so. Sometimes we will share anonymous statistics with our clients / sponsors in order for them and us to better understand how successful or popular the product or experience was. Clients/sponsors may also ask us to collect information for their own marketing or business purposes (such as subscribing you to an email newsletter or using your photo/animation/video for advertising purposes). We will always make you aware of this and obtain your consent before sharing any personal information with our Clients or sponsors.
- Taking photographs and/or recording video footage of our products in use at events for reportage and marketing purposes (including social media).
(Legitimate Interest, Consent).
We have a legitimate interest in being able to showcase our work and our products and services. We also have a legitimate interest in keeping our followers up to date on social media and building our following.
We sometimes do this by capturing photos and/or videos of our products and experiences in use at the events we work at. Sometimes we will publish these photos/video content publicly on platforms such as our website or via our own social media accounts.
We’ll always respect guests’ privacy and seek the required permissions before commencing any form of photography or filming for these purposes. In almost all cases, we’ll make guests aware of our photography/filming notices by at least prominently displaying notices; and we will gain consent where it is required.
- Improving our services, identifying products and services that you may find useful.
(Legitimate Interest, Consent).
We also have a legitimate interest in telling you about our products, services and any new developments that we think may interest you, but only where we are permitted to do so. For some marketing activity, we will need to ask for your consent to use your information. We don’t want to send you irrelevant or excessive information, so we’ll use the information we hold – particularly profile information – to decide what to tell you, and how and when to do this.
You have a legal right to tell us at any time that you don’t want us to use the information we hold in this way or to withdraw any consent that you have given to us.
We’ll only get in touch with the ways you’ve told us are acceptable to you. If you’ve said you don’t want to see marketing information, you won’t receive it. You can opt in to, or out of, receiving marketing information at any time by contacting us in the usual way.
- Recovering money that is owed to us
We have a legitimate interest in recovering debts that are due to us if there isn’t a satisfactory plan in place to repay them. We may instruct a debt collection agent or solicitor to act for us in recovering the debt, including by bringing legal proceedings in the courts, and we’ll provide relevant information to them to help recover any money that is owed to us.
- Preventing crime and protect our team & property
(Legitimate Interest, Legal Obligation).
We have a duty of care and legal obligation to protect our team and we have a legitimate interest in protecting our property. We store CCTV footage at our premises and may share Information we hold with relevant authorities in the event of a crime affecting us or one of our stakeholders has been committed or is suspected.
4. Your legal rights in relation to your information
- Access to information
You always have the right to ask whether or not we hold information about you; and if we do, what the information is, why we’re holding it and the ways in which it is being used. You’re also entitled to a copy of the information.
- Rectification of information
We always want the information we hold to be up to date and accurate. If any of the information we hold is either incorrect or out of date then please tell us and we’ll fix it.
- Erasure of information
You have the right to ask us to erase or delete information where you consider there is no longer any justification for us holding it, either because
- The information is no longer needed for the reason we collected it.
- We held and used the information based only on your consent, which you have now withdrawn.
- You have previously objected to a way in which we use information.
- We have been using the information unlawfully.
- There is a legal obligation on us to erase the information.
When you make a request for information to be erased we have up to one month to respond. If we reject your request we will tell you and set out the reasons why we won’t erase or delete the information.
- Contacting us for further Information about your rights
You can contact us at any time and in the normal way to discuss your rights and how we hold and use your information. You can also write to us at the address shown below.
- Who can I complain to?
If, for whatever reason, you are unhappy with any way in which we are using your personal information you should contact us in the first instance so that we can understand your issue and try to resolve it. If we can’t resolve the issue, you have the right to complain to the Information Commissioners Office (ICO). The ICO is the UK’s independent body set up to uphold information rights. For further information visit ico.org.uk
5. Safeguarding & Third Parties (including sharing information outside the European Economic Area (EEA))
All countries within the EEA, which includes the UK, have similar standards of legal protection for your personal information. To provide some products and services we transfer and process information in countries outside the EEA (e.g. the United States) where there aren’t similar standards.
In these cases, we’ll take all reasonable steps necessary to make sure your information is protected to UK standards. This may be through only allowing transfers to countries officially recognised as having an adequate legal framework for the protection of information (an ’adequacy decision’). It may be through having recognised safeguards in place with our commercial partners, such as using standard terms in the contracts we have with them that are recognised and approved by our regulators as imposing high standards for the protection of information, or where our commercial partner is a signatory to a recognised and binding code of conduct
We also take all reasonable measures to ensure that the information we process is stored, processed and deleted according to our own standards and the GDPR and any other relevant laws and legislation. This includes, but isn’t limited to:
- Confirming that third parties with whom we share information are compliant with these standards.
- Training our team on best information handling practices.
- Storing information securely and transferring information via secure connections.
6. Further Information
For any further information, please contact us in the usual way.
JustPose is registered in England and Wales under the company name Just Pose Ltd, our company number is 07828901. Our registered office is Regus House Victory Way, Admiral’s Park, Crossways, Greenhithe, Kent, England, DA2 6QD. We are registered on the Information Commissioner’s Office Register registration number ZA344394.