Because of the type of images we deal with, your privacy is pivotal for your peace of mind and enjoyment.
Who are we?
Faby and Carlo LTD is registered in England and Wales No. 10574514, with its office registered at 20-22 Wenlock Road, London, England, N1 7GU.
What information do we collect?
When using our website, we may process data about your use of our website. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics and Hubspot. This usage data may be processed for the purposes of analysing the use of the website and services.
If you decide to contact us, we may process the data you decide to share with us. The data may include your name, email address, phone number and any information you decide to share with us.
If you decide to subscribe to our offers or newsletter, we may process the data you decide to share with us. The data may include your name, email address and preferences you specify during the registration.
Should you decide to become one of our customers, we may process information relating to our customer relationships, including customer contact information. The customer relationship data may include your name, email address, phone number, your photographs and any information you decide to disclose to us. The customer relationship data may be processed for the purposes of managing our relationships with you, keeping records of those communications and promoting our products and services.
We may process information relating to any transactions, including purchases of goods and services, that you enter into with us and/or through our website. The transaction data may include your contact details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions.
The legal basis for this processing is to provide you with our information or services and to serve you at our best.
We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
In addition to the specific purposes for which we may process your personal data, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
How do we use personal information?
Every personal information we hold about you may be used for:
- providing any services you requested
- the personalisation of content, business information or user experience
- account set up and administration
- delivering marketing and events communication
- carrying out polls and surveys
- internal research and development purposes
- providing goods and services
- legal obligations (eg prevention of fraud)
- meeting internal audit requirements
When do we share personal data?
Your data is considered private and confidential. We won’t share any information about you, including your name and photographs, if not specifically requested by you or to provide the service you requested.
An exception to this is when the data we collect are processed through third party services, as Google Analytics, Hubspot, Mailchimp. The data collected as such will be shared with the service provider and none other.
We may disclose your photographs as reasonably necessary with selected service providers whose role is to provide photo manipulation. These service providers do not receive any additional personal information.
Financial transactions relating to our website and services handled by our payment services providers, PayZone and Barclays. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Where do we store and process personal data?
Your data may be saved on cloud systems which are not based in the UK or EU. The providers are fully GDPR compliant and our contract with them is on an EU/GDPR compliant basis.
How do we secure personal data?
Your data are secured in such ways to prevent any unauthorised access. These may include:
- storing data with high level of encryption
- storing data in cloud services under strong password protection
We commit to a high standard of security measures to protect your personal information. These may be measures:
- to protect data against accidental loss
- to prevent unauthorised access, use, destruction or disclosure
- to ensure business continuity and disaster recovery
- to restrict access to personal information
- to conduct privacy impact assessments in accordance with the law and your business policies
- to train staff and contractors on data security
- to manage third-party risks, through use of contracts and security reviews
How long do we keep your personal data for?
We will store your personal data for a period which is defined by the earliest between:
- your request for deletion of such information
- our decision to stop using our current data providers
- our decision to remove the information from our system
Your data will be securely disposed of after they are no longer needed.
Your rights in relation to personal data
Under GDPR, we respect your right to access and control which personal data we host about you. You can ask us to:
- be notified of the information we hold about you
- correct or delete any information related to you
- lodging a complaint with the Information Commissioner’s Office
You can exercise your rights by contacting us directly through any of the methods listed on our website.
Please note, we confirm nor deny we have any information about you to any third party without your written consent.
How to contact us?
For any questions or concern about our privacy practice, or to file a complaint you can contact us via email at firstname.lastname@example.org