Privacy Statement

Who we are and what we do

Loft Studios Limited is a limited company registered in England and Wales under company number 10808363. Our registered office is at 77-81 Scrubs Lane, Kensal Green, London, NW10 6QU. For information on how to contact us including names, email address and telephone numbers please see our “How to Contact Us” section below.

We offer machinery, equipment, tangible goods and studio space to our clients for hire. We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation, which applies across the European Union (including in the United Kingdom). We identify ourselves as a Data Controller and Data Processor under Data Protection law and we are registered with the UK Information Commissioner’s Office (ICO). In relation to the Services we provide to our Clients we are a Data Processor. You can lodge a complaint with the ICO in the event of our non-compliance with UK Data Protection law.

This Privacy Policy (“Policy”) relates to our website at http://www.loftstudios.co.uk (the “Site”), and all related downloadable software and other services provided by us and in or on which a link to this Privacy Policy is displayed, and all other communications with individuals by written or oral means, such as email or phone (collectively, together with the Site, (our “Service”).

This Policy describes the information that Loft Studios Limited (“we” or “us”) gathers on or through the Service, how we use and disclose such information, and the steps we take to protect such information. By visiting the Site, or by purchasing or using any Services, you consent to the privacy practices described in this Policy.

This Policy is incorporated into, and is subject to, our Terms of Business, Acceptable Terms of Use Policy and our Terms of Website Use and any other documents referred to in it.

Definitions

“Associated Companies” means Loft Studios Europe SL.
“Client” means a customer of ours who signs up to use a Service and/or purchase a product.
“Personal Data” means information that specifically identifies an individual or that is linked to information that identifies a specific individual.
“Public Area” means the area of the Site that can be accessed both by Users and Visitors, without needing to use an account, login ID and a password.
“User” means a Client or representative of a Client, who has set up an account with us.
“Visitor” means an individual other than a User, who visits our Site.
“Guest” means an individual attending an event for which we are providing venue hire or other Services ordered by a Client.

The Information We Collect on the Service:

Depending upon your use of our Site, we may collect some or all of the following personal and non-personal data as User-provided Information, such as:

  • Location;
  • Email address;
  • Telephone number;
  • Address;
  • name or business name;
  • your image
  • Job title;
  • Date of birth;
  • Gender;
  • Profession;
  • Payment information;
  • Information about your preferences and interests;
  • Data included in enquiries made by you;
  • Medical and health information and dietary requirements that may be relevant to the delivery of any goods or services about which you may be purchasing from us or about which you may be engaging with us.
  • CCTV footage around our premises and taken during events and shoots.

Certain personal data categories, such as race, ethnicity, religion, health and biometric data, fall into a special data category and require additional protection under EU data protection law, and are known as “sensitive personal data”. We always try to limit the circumstances in which we collect and process sensitive personal data.

We typically only collect sensitive personal data where it is required by us to deliver a product or service to you. When you provide personal information in relation to a Guest or child under 13 years old or other third parties we require so far as possible that such information be anonymised.

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

For example, we may be required to collect data relating to health such as, any allergies and intolerances of a Client or Guest for catering purposes or where a Client or Guest is disabled and requires disabled access. We may also be required to process other sensitive Personal Data depending on the nature of the event or shoot i.e. if a religious event or shoot is being held at a studio which you hire from us or we are providing services or equipment we may be required to collect and process data relating to religion/ religious beliefs. Such information does not usually need to be linked to an individual.

Personal Data also includes other information, such as geographic area or preferences, only when any such information is linked to information that identifies a specific individual.

You may provide us with Personal Data in various ways on the Service. For example, when you register for an Account, use the Service, post messages on the website, interact with other users of the Service through communication or messaging capabilities, or send us service -related requests or contact us by phone, email or otherwise.

How we use your Personal Information

We use your personal information to:

  • create and manage your account with us
  • verify your identity
  • provide goods and services to you
  • customise our Site and its content to your particular preferences
  • notify you of any changes to our Site or to our Services that may affect you
  • improve our Services

This website is not intended for use by children under the age of 18 and we do not knowingly collect or use personal information relating to children.

We may hold some of your personal data in electronic database form, including the use of cloud-based applications. We make sure to select cloud providers who provide suitable guarantees over the privacy and rights associated with your personal data.

Our legal basis for processing your Personal Data

When we use your Personal Data we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, and these will depend on the personal information in question and the specific context in which we collect it.
The legal bases we may rely on include:

  • consent: where you have given us clear consent for us to process your personal information for a specific purpose
  • contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
  • legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
  • legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)

“Automatically Collected” Information. 

When a User or Visitor uses the Service, we may automatically record certain information from the User’s or Visitor’s device by using various types of technology, including cookies. This “automatically collected” information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content the User or Visitor views or interacts with on the Service, and the dates and times of the visit, access, or use of the Service. We also may use these technologies to collect information regarding a Visitor or User’s interaction with email messages, such as whether the Visitor or User opens, clicks on, or forwards a message. This information is gathered from all Users and Visitors.

Integrated Services. 

You may be given the option to access or register for the Service through the use of your user name and passwords for certain services provided by third parties (each, an “Integrated Service”), such as through the use of your Google account, Facebook, Twitter or Linked-In or otherwise have the option to authorise an Integrated Service to provide Personal Data or other information to us. By authorising us to connect with an Integrated Service, you authorise us to access and store your name, email address(es), date of birth, gender, current city, profile picture URL, and other information that the Integrated Service makes available to us, and to use and disclose it in accordance with this Policy. You should check your privacy settings on each Integrated Service to understand what information that Integrated Service makes available to us, and make changes as appropriate. Please review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Service.

Information from Other Sources. 

We may obtain information, including Personal Data, from third parties and sources other than the Service, such as our partners, advertisers, credit rating agencies, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.

How We Use the Information We Collect

We use the information that we collect in a variety of ways in providing the Service and operating our business, including the following:

Operations

We use the information to operate, maintain, enhance and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions and to provide support to users of the Service.

Improvements

We use the information to understand and analyse the usage trends and preferences of our Visitors and Users, to improve the Service, and to develop new products, services, features, and functionality.

Communications

We may use a Visitor’s or User’s email address or other information to contact that Visitor or User (i) for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations or other issues related to Personal Data posted on the Service or (ii) with updates on promotions and events, relating to services or products offered by us and by third parties we work with. You have the ability to opt-out of receiving any promotional communications as described below under “Your Choices.”

Cookies and Tracking Technologies

“Cookies” are text-only pieces of information that a website transfers to an individual’s hard drive or other website-browsing equipment for record-keeping purposes. Cookies allow the Site to remember important information that will make your use of the Site more convenient. Please see our Cookie Policy for more information.

To Whom We Disclose Information

Except as described in this Policy, we will not intentionally disclose the Personal Data that we collect or store on the Service to third parties without the consent of the applicable Visitor, User or Client. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

Unrestricted Information

Any information that you voluntarily choose to include in a Public Area of the Service, such as on a chat forum or a banner advertisement, will be available to any Visitor or User who has access to that content.

Service Providers

We work with our Associated Companies and third party service providers including business partners, suppliers and sub-contractors who provide website, software solutions, application development, hosting, maintenance, event services and other services for us. These third parties may have access to, or process Personal Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information. See a list of our third party service providers and how we protect your Personal Data to which they have access.

Non Personally Identifiable Information

We may make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) and to assist such parties in understanding our Clients’, Users’ and Visitors’ interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Service.

Law Enforcement, Legal Process and Compliance

We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.

Transfer of Ownership

Information about Clients, Users and Visitors, including Personal Data, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the User or Visitor Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy.

Marketing

We would like to send you information about our products and services, and special offers, which may be of interest to you. Where we have your express consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call.

We would also like to share your information with selected third parties with whom you wish to share data so that they may send you information about their products and/or services, depending on what you agree with us.

Opting out from Commercial Communications

We will ask whether you would like us and other businesses to send you marketing messages when you tick the relevant boxes on our Site when you register for an account with us for the first time.

If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the “How to Contact Us” section below.

Please be aware that if you opt-out of receiving commercial emails from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to [fifteen (15)] business days for us to process your request. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.

For more information on your rights in relation to marketing, see ‘Your Rights’ below.

Your Privacy Rights

We will not share any Personal Data with third-parties for their direct marketing purposes to the extent prohibited by law. If our practices change, we will do so in accordance with applicable laws and will notify you in advance.

Your Rights

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

  • fair processing of information and transparency over how we use your use personal information
  • access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address.
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal information concerning you in certain situations
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal information concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise restrict our processing of your personal information in certain circumstances

If you are providing us with personal information relating to third parties (your Guests for example) they have a right to know and be aware of what personal information we hold about them, how we collect and use and may share that information. Please share this privacy policy with them as they will have the same rights as our Clients as set out in this “Your Rights” section in relation to personal information.

Your Options – Access, Correction, Deletion

We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Services. You may request such access by using our Subject Access Request Form. If you wish to access or amend any other Personal Data we hold about you, or to request that we delete any information about you that we have obtained from an Integrated Service, you may contact us as set forth in the “How to Contact Us” section. At your request, we will have any reference to you deleted or blocked in our database. We will delete, amend or block access to any Personal Data that we are storing only if we receive a written request to do so from the Client who is responsible for such Personal Data.

Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. If you request us to remove any data, we will respond to the request within fifteen (15) days.

You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Service.
At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

Navigation Information

You may opt out from the collection of navigation information about your visit to the Site by visiting Google Analytics and using the Google Analytics Opt-out feature.

Third-Party Services

The Services we provide may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.

Third Party Cookies

We are legally required to disclose whether other third parties may collect personally identifiable information about an individual’s online activities from our Site or Service. Please see our Cookie Policy for more information.

The information gathered by these third parties is used to make predictions about your interests or preferences so that they can display advertisements or promotional material on this Site and on other sites across the Internet tailored to your apparent interests.

The business partners and advertising networks that serve interest-based advertisements on the Services have limited access to a small amount of information about your profile and your device, which is necessary to serve you advertisements that are tailored to your apparent interests. It is possible that they may reuse this small amount of information on other sites or services.

We do not share with these third parties any information that would readily identify you (such as email address); however, these third parties may have access to information about your device (such as IP or MAC address). We do not have access to, or control over, the technologies that these third parties may use to collect information about your interests, and the information practices of these third parties are not covered by this Privacy Notice. Other than as discussed in this document, we have no control over these third parties.

Data Security

We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We use cloud applications and solutions provided by our Third Party Suppliers (see our Third Party Suppliers section for links to their privacy policies). We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorised alteration, unauthorised disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We will follow the Payment Card Industry Data Security Standard (PCI DSS) when handling credit card data.

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. All information you provide to us is stored on our secure servers. All Personal Data collected, processed and transferred by us shall be in a pseudonymised form, emails containing Personal Data shall be encrypted using Encrypted AES 256 bit disk image, All Personal Data stored electronically shall be backed up every month with backups stored on-site. All backups shall be encrypted AES 256 bit disk image.

All electronic copies of Personal Data shall be stored securely using passwords and Encrypted AES 256 bit disk image data encryption.

Any payment transactions will be encrypted.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

If you believe your Personal Data has been compromised, please contact us as set forth in the “How to Contact Us” section below. If we learn of a security systems breach, we will inform you of the occurrence of the breach in accordance with applicable law. We are creating and improving security features on an ongoing basis.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

How Long your Personal Data will be kept

We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes.

Please note that we have a legitimate interest in retaining your personal data for legal and financial record keeping purposes.

CCTV footage is erased every 30 days.

Privacy Settings

Although we may allow you to adjust your privacy settings to limit access to certain Personal Data, please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other users with whom you may choose to share your information. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Service. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorised persons.

Data Transfer

Where we store your personal data

We may transfer your personal information to locations outside the UK and the European Economic Area (EEA) (the EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details and the provision of support services. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR and we will ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

  • We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between the Europe and the US. See the information about we have provided about our Third Party Suppliers.
  • The transfer is made with your informed consent;
  • The transfer is necessary for the performance of a contract between you and us (or for pre-contractual steps taken at your request);
  • The transfer is necessary for important public interest reasons;
  • The transfer is necessary for the conduct of legal claims;

By submitting your Personal Data, you agree to this transfer, storing or processing.

If you would like further information please contact admin@loftstudios.co.uk.

Foreign Visitors

The Service is hosted in the UK. If you choose to use the Service from regions of the world with laws governing data collection and use that may differ from EU and UK law, then please note that you may be transferring Personal Data outside of those regions for storage and processing. By providing any information, including Personal Data, on or to the Service, you consent to such transfer, storage, and processing.

How to Complain

We hope that Neil Soni, our Data Protection Officer can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulations also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Changes to this Privacy Policy

This privacy policy was published on 25/05/2018 and last updated on 11/06/2018.

We may change this privacy notice from time to time, when we do we will make it available through the Service, and indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.


How to Contact Us

Please contact Neil Soni, our Data Protection Officer, if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact our Data Protection Officer, please send an email to admin@loftstudios.co.uk, write to 77-81 Scrubs Lane, London, NW10 6QU or call +44 208 969 0234.

Do you need extra help?

If you would like this notice in another format (for example: audio, large print) please contact us (see ‘How to contact us’ above).