top of page

Data Protection Policy

Last update 01/01/2022

 

Definitions: RGPD: means the General Data Protection Regulation.

Responsible: Julián NYC Photography

Register Systems: means a log of all systems or contexts in which Julian NYC Photography processes personal data on this website.

1. Data protection principles

A. Julian NYC Photography is committed to processing the data in accordance with its responsibilities under the GDPR. Article 5 of the RGPD requires that personal data be: a. treated in a lawful, loyal and transparent manner in relation to people;

B. collected for specific, explicit and legitimate purposes and not processed in a manner inconsistent with those purposes; further processing for archival purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered incompatible with the initial purposes;

C. adequate, pertinent and limited to what is necessary in relation to the purposes for which they are processed;

D. accurate and, where necessary, updated; All reasonable measures must be taken to ensure that personal data that is inaccurate, taking into account the purposes for which it is processed, deleted or rectified without delay;

E. kept in a format that allows the identification of the interested parties for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods to the extent that personal data will be processed solely for archival purposes in the public interest, scientific or historical research purposes or statistical purposes subject to the implementation of appropriate technical and organizational measures required by the RGPD to safeguard the rights and freedoms of people.

F. processed in a way that ensures adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures ”.

2. General provisions

A. This policy applies to all personal data processed on this website.

B. The Responsible Person will assume responsibility for continued compliance with this policy.

C. This policy must be reviewed at least once a year.

 

3. Lawful, fair and transparent treatment

A. To ensure that data processing is lawful, fair and transparent, this website will keep a systems registry.

B. The Systems Registry will be reviewed at least annually.

C. People have the right to access their personal data and any request of this type made.

4. Lawful purposes

A. All data processed must do so on one of the following legal bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see the ICO guide for more information).

B. The appropriate legal basis will be noted in the Systems Registry.

C. When consent is relied upon as the legal basis for data processing, evidence of acceptance The consent will be maintained with personal data.

D. When communications are sent to individuals based on their consent, the option for the individual to revoke their consent must be clearly available and systems must be in place to ensure that such revocation is accurately reflected in the systems.

 

5. Data minimization

 

It will ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed

6. Accuracy

A. Reasonable steps will be taken to ensure that personal data is accurate. B. Where necessary for the legal basis on which the data is processed, steps will be taken to ensure that personal data is kept up to date.

 

7. Archiving / deletion

A. To ensure that personal data is not kept longer than necessary, an archiving policy will be implemented for each area in which personal data is processed and this process will be reviewed annually.

B. The archiving policy will consider what data should be kept, for how long and why.

 

8. Security

A. You will ensure that personal data is stored securely using modern software that is kept up to date.

B. Access to personal data will be limited to personnel who need access and adequate security must be implemented to prevent the unauthorized exchange of information.

C. When personal data is deleted, this must be done in a secure manner, so that the data is irretrievable. D. Appropriate backup and disaster recovery solutions will be available.

 

9. Breach

In the event of a security breach that involves the destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data, accidentally or illegally, the risk to the rights and freedoms of individuals will be immediately assessed and, if corresponds, will report this violation to the ICO.

 

END OF POLICY

@2021 Created by Julián NYC Photography

bottom of page