The website www.thepeoplespicture.com (“Website”) is operated by Helen Marshall Limited trading as The People’s Picture (“we”, “us” or “our”), a company registered in England & Wales under company number 11423615, whose registered office is at Acme Studios, Matchmakers Wharf, Homerton Road, London E9 5GP. Where you or the client decides the purpose or means for the processing of the personal data that you provide when using our services, we are the “processor” responsible for your personal data. We will comply with all applicable data protection laws, including the General Data Protection Regulation 2016/679 and the (UK) Data Protection Act 2018.
Pixcollect.com is co-created by The People’s Picture and Umbrella Dev and is maintained by UmbrellaDev, our partner online solutions provider for software management purposes. Pixcollect.com was developed for the collection and workflow management of your uploaded photography and other content and data for The People’s Picture Projects only, Your Basic Information and Your Content will be processed via this website securely to allow us to perform the Service contract with you.
Our Website may contain hyperlinks or embeds to third party websites. These websites operate fully independently from us, and we cannot accept any responsibility or liability for the privacy practices of such third parties nor the availability of these external sites or resources. The appearance of such links on our Website is not an endorsement. Should you use any of these websites, such use is at your own risk and we would recommend that you review their respective privacy policies.
1. What personal information are we likely to collect about you?
1.1 Information provided by you
1.1.2 If you wish to subscribe to our mailing list (or a mailing list of our clients and commissioning partners) or to participate in any of our projects, we may collect and process all or some of the following information:
- Your name;
- Your address;
- Your phone number;
- Your email address;
- Your age;
- Your gender;
- Your birthplace; and/or
- Your social media handles (together, “Your Basic Information“).
1.1.3 You may also submit photography and other content on our website and authorised partner and client websites, using embedded forms and via social media (using specific hashtags and tagging) including:
- Photographs of you or that you have permission to grant us a licence to use; and/or
- Stories and other information that you would like us to publish (together, “Your Content”).
- Other content including images, video, audio, writing, texts that you would like us to process (together, “Your Content”).
1.1.4 We do not actively collect any special categories of personal data about you (including details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic information or biometric information) (“Special Category Data”). Nor do we collect information about your criminal convictions or offences (“Criminal Offence Data”). Accordingly, please do not post or upload any of Your Content which may contain Special Category Data or Criminal Offence Data. In the event that you do upload or post Your Content and Your Content contains Special Category Data or Criminal Offence Data, you acknowledge and agree that such personal data has been manifestly made public by you and may be made available and/or communicated to the public for a photo mosaic project or the specific project in question both by us and the relevant commissioning partners. Similarly, please do not post or upload any of Your Content which contains images of children under the age of 18 (unless you are the parent or guardian) or any unlawful content. You agree that you will have a legal parent of guardian with you when you participate in our projects and cannot participate if you are under 13.
- number of visitors to our Website;
- pages visited while at the Website and time spent per page;
- page interaction information, such as scrolling, clicks and browsing methods;
- websites where visitors have come from and where they go afterwards;
- page response times and any download errors; and/or
- other technical information relating to end user device, such as IP address or browser plug-in
(together, the “Cookie Information”).
1.2.3 You can always choose to enable or disable cookies in your internet browser. By default, most internet browsers accept cookies but this can be changed. For further details, please consult the help menu in your internet browser. For further information about cookies, please see: www.allaboutcookies.org, and how to adjust your browser settings here: www.allaboutcookies.org/managecookies.
1.2.4 We use Google Analytics on our Website for anonymous reporting of Website usage. If you would like to opt-out of Google Analytics monitoring your behaviour on our Website please use this link: (https://tools.google.com/dlpage/gaoptout/).
2. Your personal data may be used for the following purposes
2.1 When you visit our Website, whether to browse our content or subscribe to our mailing list or contribute to a project or commission (the “Service”), or otherwise in connection with the Service, we may use the personal information that you provide for the following purposes:
Where we rely on legitimate interests as a lawful basis for processing your personal data, we will always consider whether or not our interests are overridden by your rights and freedoms.
2.2 When you visit our Website, whether to browse our content or subscribe to our mailing list or contribute to a ‘Private’ Project or commission (the “Service”), or otherwise in connection with the Service, we may use the personal information that you provide for the following purposes:
3. With whom we share personal data
3.2 In some instances, this data sharing may involve the transfer of information outside the EU; please see our section on International Data Transfers below for further information.
3.3 We may provide your personal information to the following third party service providers:
- Payment-processing services such as Paypal, Stripe or Xero;
- Delivery couriers and postal services;
- Email marketing using our dedicated CMS website pixcollect.com
- Event ticketing services;
- Marketing mailing houses;
- Social media platforms;
- Arts organisations, funders, sponsors, press, media or partners involved in our projects;
- Companies we subcontract to photograph, design, print or deliver our projects;
- Trained sub contractors arts assistants, interns and volunteers; and
- Software companies that we use to safely store and encrypt our data including Pixcollect, Google Suite, Dropbox and Site Ground.
3.4 This list is not exhaustive and may change from time-to-time in line with our business processes. If you have opted for a private commission, the third party service providers is limited to:
- Payment-processing services such as Paypal, Stripe or Xero;
- Delivery couriers and postal services:
- Companies we subcontract to photography, design, print or deliver our projects;
- Trained subcontracted arts assistants and interns; and
- Software companies that we use to safely store and encrypt our data including Umbrella Dev, Dropbox, Pixcollect, Google Suite and Site Ground.
3.5 If we are involved in a merger, acquisition, or sale of all or a portion of our business or assets, the information we hold may be included as part of that sale, in which case you will be notified via email and/or a prominent notice on the Website of any changes in ownership or use of your information, as any choices you may have regarding that information.
3.6 In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies), in connection with any legal proceedings or prospective legal proceedings and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
3.7 If you choose to participate in a project and submit Your Photography and Content (as defined above) to us, your Basic Information and Your Content will be a part of the project and, in accordance with our Contributor Terms and Conditions, be shared with our commissioning partners for their exploitation of the project. The processing of your personal data by such commissioning partners is subject to their respective privacy policies.
3.8 If you opt for a private project or commission and submit Your photography and content (as defined above) to us, your Basic Information and Your Content will be a part of the project and, in accordance with our Contributor Terms and Conditions, will not be shared with any third party partners so to exclude any exploitation or publicity of the artwork.
3.9 We will not pass your information on to third parties for marketing purposes unless you have provided your consent, in which event the advertisements that appear when you visit our Website may be targeted to provide you with more relevant advertising content and you may receive communications from third parties offering similar or related services to us. We require third parties to respect the security of your personal data and to process it only in accordance with applicable law
4. Your choices and rights in relation to personal data which we process relating to you
4.1 You have rights over the way we process personal data relating to you. We aim to comply with valid requests you might have in connection with your personal data without undue delay, and within one month at the latest. Your rights include:
- to ask for a copy of or access to personal data we are processing about you and have inaccuracies corrected;
- to withdraw your submission, in your email confirmation there is a ‘withdraw’ revoke link and you can also contact us at email@example.com. We will remove your data within 7 days as long as it is reasonably possible and not printed and published, and we will work and mitigate to reach a best solution. We cannot alter the act of the image and data that has entered the public domain, such as press articles and other platforms such as social media.
- if you consented to our processing of your personal data and have withdrawn that consent, you can ask us to restrict processing, stop processing or delete your personal data;
- if we are processing your personal data because it is in the public interest or it is in order to pursue a legitimate interest of ours or a third party, and you don’t agree with that processing, and there is no overriding legitimate interest for us to continue processing it, you can request that we restrict processing, stop processing or delete your personal data;
- to ask us to restrict, stop processing, or to delete your personal data. For example, where the processing of your personal data is for direct marketing purposes, where your personal data was unlawfully processed, where you need the personal data to be deleted in order to comply with your legal obligations or where the personal data is being processed in relation to the offer of a service to a child.
- if we are processing personal data in order to perform our obligations to you, because you have consented or if processing is being carried out by automated means, we will help – on request – you to move, copy or transfer your personal data to other IT systems. You can request a machine-readable copy of your personal data, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer; and
- if you are unhappy with the way we are processing your personal data, please let us know. Alternatively, you can make a complaint to the applicable supervisory authority. You can contact the Information Commissioner’s Office with the details available here: https://ico.org.uk/concerns
4.2 Subject to clause 7 below, we will delete your data after 5 years if we no longer require it for the purposes for which it was collected. If you opt for a private project or commission your photography and other content, your basic information will be a part of the project and, in accordance with our Contributor Terms and Conditions, will be securely destroyed as soon as the project is delivered. We will use reasonable efforts to, to the extent required by law, supply, correct or delete personal data held about you on our files (and with any third parties to whom it has been disclosed to).
4.3 To make a request in relation to any of the aforementioned rights, please email us at firstname.lastname@example.org
4.4 You are under no statutory or contractual obligation to provide any of your personal data to us. However, if you do not provide the personal data required for our performance of the Service, we will not be able to provide you with the Service.
4.5 If you are unhappy with the way that we are processing your personal data or would like to limit the use of your personal information to a particular purpose, please let us know. The best way to bring this to our attention is by emailing us at email@example.com
4.6 If you have previously consented to but now would prefer not to receive direct marketing, you can follow the opt-out links on any marketing message sent to you OR message us on social media platforms asking to opt out OR you can email us at firstname.lastname@example.org
We do not knowingly use the Website to solicit data from or market to children under the age of 18. Our Standard Terms state that anyone below the age of 18 must have a parent or guardians permission to take part in any project. Every image submitted via the Website to a project goes through a human compliance moderation process, we try to ensure that wherever reasonably possible we contact contributors who have submitted images containing children to check they are a legal parent or guardian as a double precaution. If a parent or guardian becomes aware that his or her child has provided us with information or may be receiving communications from us without consent of a parent or guardian, we ask that this be brought to our immediate attention. We will make it our priority to address this situation and delete information relating to a child as soon as practicable. In such an event, please contact us at email@example.com
6.1 We will take appropriate technical and organisational measures to ensure a level of security appropriate to the risk that could be encountered via the use of the Service. Except where otherwise described in this policy, we will limit access to your personal data to those employees, agents, contractors and third parties who need access. They will be subject to a service contract, duty of confidentiality and a data processing agreement. Confidentiality shall not apply to your personal data to the extent that it is: (a) made public by you; or (b) provided by you to us to be made public, such as for use in a project or on social media.
6.2 During a project (both public and private) your personal data will be collected via Pixcollect.com – our robust and secure cloud-based platform for the collection and workflow management of uploaded images and data. The GDPR compliant website uses an sha256 SSL certificate and is only accessible by admin (The People’s Picture and Umbrella Dev) and clients with their own secure password protected login for access to their data only. The user area is protected behind security, all passwords are hashed, SQL injection protection is present, and all server software is recent and maintained.
6.3 From here all content submitted during the project will be securely downloaded and stored on our secure servers only accessible through using 2-step verification. Our 2-step verification offers another layer of security by requiring an additional encryption log in to access all data. All hardware and back up hard drives containing your personal data supplied to us by you for the project are encrypted. Should these devices be stolen or go missing, no data will be accessible by third parties and all contents will be remotely wiped by us.
6.4 Any data transferred and stored digitally is also encrypted by default by Google’s G-Suite Encryption software. Should we request you to send files digitally, for the duration of the project these will be stored securely in our encrypted G-Suite database. Once the project is over and has been delivered, if you have opted for a private commission, your data will be destroyed.
6.5 All hard copies of printed material and digital files on external drives (for public projects only) related to the project containing potentially personal data (your images) is stored securely in a business address lock-up studio with additional concierge.
6.6 Please be aware that, while we make the security of our Website and your personal information a high priority, no security system can prevent all security breaches. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. How long we keep your data
7.1 In accordance with data protection laws and good commercial practice, we do not retain data in a form that permits identification of the person(s) to whom it relates for any longer than is necessary.
7.2 Once the purpose for which information has been collected has been fulfilled, we’ll either permanently delete it completely or remove all identifiers within it so that it is no longer personal data. We may use such anonymised data for research and/or business analysis purposes.
7.3 Where you have provided us with a photograph, image and/or story for use in an artwork or project and you have expressly granted us a licence to use it, it will remain in our artworks and archives and be used in accordance with the terms of the licence. If you have opted for a private commission, the artworks and archives will be delivered directly to you and we will not keep any copies of your project unless specified. We ask you to keep this content somewhere secure in case you wish to revive the project, or request alterations or additions.
7.4 Where we obtain your personal data in relation to the use or purchase of our services, including VAT or invoicing information, we are obligated by law to keep this for a minimum of 6 years.
7.5 If you contact us for a proposal or commission and you don’t consent to marketing, we’ll keep your data for a year in case you wish to proceed with the quote.
8. International Data Transfers
8.1 Our servers are located in the UK and EU and the information that we collect directly from you will be stored on these servers. We may also transfer your personal data to our third-party service providers, many of whom may be located outside of the UK and EU, operate from multiple locations including non-EU based operations or engage sub-processors located outside the UK and EU.
8.2 Where your personal data is transferred outside of the EEA to a territory not subject to an adequacy decision by the European Commission, we have agreements in place with the relevant parties which include either (i) standard data protection clauses adopted by the relevant data protection regulator and approved by the European Commission or (ii) standard data protection clauses adopted by the European Commission, to ensure that appropriate safeguards are used to protect your personal data. If you require more information about these safeguards, you can contact us at firstname.lastname@example.org
9.1 In all circumstances the maximum liability of the Company under the policy and this undertaking whether in contract or tort or otherwise shall be limited to the fee payable under the agreement.
9.2 The Company shall not be liable to you or the client for any indirect or consequential loss or for any loss of revenue, business or profits whatsoever arising (including in negligence) in relation to this Undertaking.
10. Force Majeure
The Company shall not be in breach of this Undertaking nor liable for any delay in performing, or failure to perform, any of its obligations under this Undertaking if such delay or failure result from events, circumstances or causes beyond its reasonable control including but not limited to strikes; lock-outs, or other industrial disputes; failure of a utility service or transport network; act of God; war; riot; civil commotion; malicious damage; compliance with any law or governmental order or World Health Organisation rule, regulation, or direction; accident; breakdown of plant or machinery; fire; flood; storm; disease; epidemic; pandemic; or default of suppliers or sub-contractors.
11. Changes to this Policy
We may update the terms of this policy at any time. We ask, therefore, all users to check for updates from time to time. We will endeavour to notify you of any significant changes in the way we collect and manage your personal data. This may be done by, without limitation, us displaying a notice on the Website following the update.
12. Contact Us
If you have any questions, comments or enquiries, please contact:
HELEN MARSHALL LIMITED (Company No. 11423615)
We are members of the ICO Information Commissioner’s Office (https://ico.org.uk/your-data-matters)
Organisation name: Helen Marshall Limited
Our Data Protection Officer is:
Helen Marshall Ltd
Acme Studios, Matchmakers Wharf, Homerton Road, London E9 5GP