Privacy Policy
We are committed to protecting and respecting your privacy. This privacy policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The website www.thepeoplespicture.com (“Website”) is operated by Helen Marshall Limited trading as The People’s Picture (“we”, “us” or “our”), a company registered in England & Wales under company number 11423615, whose registered office is at 7, Wadeson Street, London, E2 9DR. Where you or the client decides the purpose or means for the processing of the personal data that you provide when using our services, we are the “processor” responsible for your personal data. We will comply with all applicable data protection laws, including the General Data Protection Regulation 2016/679 and the (UK) Data Protection Act 2018.
Pixcollect.com is co-created by The People’s Picture and Umbrella Dev and is maintained by UmbrellaDev, our partner online solutions provider for software management purposes. Pixcollect.com was developed for the collection and workflow management of your uploaded photography and other content and data for The People’s Picture Projects only, Your Basic Information and Your Content will be processed via this website securely to allow us to perform the Service contract with you.
This policy applies to the uploading and sharing of content, photographs, and other related information on www.thepeoplespicture.com (the “Website“) and to all our (“Authorised Websites“) and (“Other Projects“). This policy should be read together with our Website Terms of Use (https://www.thepeoplespicture.com/terms-conditions), and our Contributor Terms and Conditions (https://www.thepeoplespicture.com/contributor-terms-conditions).
Our Website may contain hyperlinks or embeds to third party websites. These websites operate fully independently from us, and we cannot accept any responsibility or liability for the privacy practices of such third parties nor the availability of these external sites or resources. The appearance of such links on our Website is not an endorsement. Should you use any of these websites, such use is at your own risk and we would recommend that you review their respective privacy policies.
If you have any questions or comments about this privacy policy, please write to us at Helen Marshall Limited, 7, Wadeson Street, London, E2 9DR or email us here
1. What personal information are we likely to collect about you?
1.1 Information provided by you
1.1.1 Whether you or the client decides the purpose or means for the processing of the personal data that you provide when using our services, we are the “processor” responsible for your personal data. In almost all cases, unless we arrange otherwise with a client, we act as ‘data processors’ for all clients and commissioners who use our services. You and/or the client are the ‘data controller’ and therefore have overall control of the data submitted for each project. We will securely process this content in order to perform the Service contract with you. The clients and commissioners ‘privacy policy’ will be available for you to read on the project page if they are embedding it in their website/s and available when you upload and share your photography and other content for processing on our website/s as a hyperlink in the upload form. We build in an extra level of protection, you keep your rights to your photography and other content and we can only use it for the purposes of the project. You give us and those we authorise (the client or commissioner) a license to process it for the purposes of the project only.
1.1.2 If you wish to subscribe to our mailing list (or a mailing list of our clients and commissioning partners) or to participate in any of our projects, we may collect and process all or some of the following information:
- Your name;
- Your address;
- Your phone number;
- Your email address;
- Your age;
- Your gender;
- Your birthplace; and/or
- Your social media handles (together, “Your Basic Information“).
1.1.3 You may also submit photography and other content on our website and authorised partner and client websites, using embedded forms and via social media (using specific hashtags and tagging) including:
- Photographs of you or that you have permission to grant us a licence to use; and/or
- Stories and other information that you would like us to publish (together, “Your Content”).
- Other content including images, video, audio, writing, texts that you would like us to process (together, “Your Content”).
1.1.4 We do not actively collect any special categories of personal data about you (including details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic information or biometric information) (“Special Category Data”). Nor do we collect information about your criminal convictions or offences (“Criminal Offence Data”). Accordingly, please do not post or upload any of Your Content which may contain Special Category Data or Criminal Offence Data. In the event that you do upload or post Your Content and Your Content contains Special Category Data or Criminal Offence Data, you acknowledge and agree that such personal data has been manifestly made public by you and may be made available and/or communicated to the public for a photo mosaic project or the specific project in question both by us and the relevant commissioning partners. Similarly, please do not post or upload any of Your Content which contains images of children under the age of 18 (unless you are the parent or guardian) or any unlawful content. You agree that you will have a legal parent of guardian with you when you participate in our projects and cannot participate if you are under 13.
1.2 Analytics
1.2.1 Our Website uses cookies and other mechanisms to collect analytical information to help analyse how visitors use the Website and how each project is created. Such information includes:
- number of visitors to our Website;
- pages visited while at the Website and time spent per page;
- page interaction information, such as scrolling, clicks and browsing methods;
- websites where visitors have come from and where they go afterwards;
- page response times and any download errors; and/or
- other technical information relating to end user device, such as IP address or browser plug-in
(together, the “Cookie Information”).
1.2.3 You can always choose to enable or disable cookies in your internet browser. By default, most internet browsers accept cookies but this can be changed. For further details, please consult the help menu in your internet browser. For further information about cookies, please see: www.allaboutcookies.org, and how to adjust your browser settings here: www.allaboutcookies.org/managecookies.
1.2.4 We use Google Analytics on our Website for anonymous reporting of Website usage. If you would like to opt-out of Google Analytics monitoring your behaviour on our Website please use this link: (https://tools.google.com/dlpage/gaoptout/).
2. Your personal data may be used for the following purposes
[ninja_tables id=”12788″]
Where we rely on legitimate interests as a lawful basis for processing your personal data, we will always consider whether or not our interests are overridden by your rights and freedoms.
2.2 When you visit our Website, whether to browse our content or subscribe to our mailing list or contribute to a ‘Private’ Project or commission (the “Service”), or otherwise in connection with the Service, we may use the personal information that you provide for the following purposes:
[ninja_tables id=”19754″]
3. With whom we share personal data
3.1 We keep your information confidential but may disclose it to our partners, personnel, suppliers or subcontractors (including our cloud-based data processing, data analytics and payment service providers) insofar as it is reasonably necessary for the purposes set out in this privacy policy. Every subcontractor, freelancer, employee or anyone working for The People’s Picture and processing in Pixcollect is fully trained and has signed a contract & deed of confidentiality. This protects confidential information during discussions, proposals, reviews, and creation of artwork. The agreement allows us to share your personal data confidentiality to allow us to perform the Service contract with you. Every subcontractor, freelancer, employee or anyone working for The People’s Picture have also signed a ‘Data Processing Agreement’ by which they agree to engage in processing activities that are strictly limited to those necessary to fulfil the scope of the main contract. The subcontractor, and any person acting under its authority who has access to the personal data, shall not process your data unless acting upon instructions given by The People’s Picture unless they are required to do so by statutory law. If we sign a separate confidentiality deed with you this gives specified terms and builds an extra layer of protection for private commissions and clients when we handle sensitive content such as family photographs.
3.2 In some instances, this data sharing may involve the transfer of information outside the EU; please see our section on International Data Transfers below for further information.
3.3 We may provide your personal information to the following third party service providers:
- Payment-processing services such as Paypal, Stripe or Xero;
- Delivery couriers and postal services;
- Email marketing using our dedicated CMS website pixcollect.com
- Event ticketing services;
- Marketing mailing houses;
- Social media platforms;
- Arts organisations, funders, sponsors, press, media or partners involved in our projects;
- Companies we subcontract to photograph, design, print or deliver our projects;
- Trained sub contractors arts assistants, interns and volunteers; and
- Software companies that we use to safely store and encrypt our data including Pixcollect, Google Suite, Dropbox and Site Ground.
3.4 This list is not exhaustive and may change from time-to-time in line with our business processes. If you have opted for a private commission, the third party service providers is limited to:
- Payment-processing services such as Paypal, Stripe or Xero;
- Delivery couriers and postal services:
- Companies we subcontract to photography, design, print or deliver our projects;
- Trained subcontracted arts assistants and interns; and
- Software companies that we use to safely store and encrypt our data including Umbrella Dev, Dropbox, Pixcollect, Google Suite and Site Ground.
3.5 If we are involved in a merger, acquisition, or sale of all or a portion of our business or assets, the information we hold may be included as part of that sale, in which case you will be notified via email and/or a prominent notice on the Website of any changes in ownership or use of your information, as any choices you may have regarding that information.
3.6 In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies), in connection with any legal proceedings or prospective legal proceedings and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
3.7 If you choose to participate in a project and submit Your Photography and Content (as defined above) to us, your Basic Information and Your Content will be a part of the project and, in accordance with our Contributor Terms and Conditions, be shared with our commissioning partners for their exploitation of the project. The processing of your personal data by such commissioning partners is subject to their respective privacy policies.
3.8 If you opt for a private project or commission and submit Your photography and content (as defined above) to us, your Basic Information and Your Content will be a part of the project and, in accordance with our Contributor Terms and Conditions, will not be shared with any third party partners so to exclude any exploitation or publicity of the artwork.
3.9 We will not pass your information on to third parties for marketing purposes unless you have provided your consent, in which event the advertisements that appear when you visit our Website may be targeted to provide you with more relevant advertising content and you may receive communications from third parties offering similar or related services to us. We require third parties to respect the security of your personal data and to process it only in accordance with applicable law
4. Your choices and rights in relation to personal data which we process relating to you
- to ask for a copy of or access to personal data we are processing about you and have inaccuracies corrected;
- to withdraw your submission, in your email confirmation there is a ‘withdraw’ revoke link and you can also contact us here. We will remove your data within 7 days as long as it is reasonably possible and not printed and published, and we will work and mitigate to reach a best solution. We cannot alter the act of the image and data that has entered the public domain, such as press articles and other platforms such as social media.
- if you consented to our processing of your personal data and have withdrawn that consent, you can ask us to restrict processing, stop processing or delete your personal data;
- if we are processing your personal data because it is in the public interest or it is in order to pursue a legitimate interest of ours or a third party, and you don’t agree with that processing, and there is no overriding legitimate interest for us to continue processing it, you can request that we restrict processing, stop processing or delete your personal data;
- to ask us to restrict, stop processing, or to delete your personal data. For example, where the processing of your personal data is for direct marketing purposes, where your personal data was unlawfully processed, where you need the personal data to be deleted in order to comply with your legal obligations or where the personal data is being processed in relation to the offer of a service to a child.
- if we are processing personal data in order to perform our obligations to you, because you have consented or if processing is being carried out by automated means, we will help – on request – you to move, copy or transfer your personal data to other IT systems. You can request a machine-readable copy of your personal data, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer; and
- if you are unhappy with the way we are processing your personal data, please let us know. Alternatively, you can make a complaint to the applicable supervisory authority. You can contact the Information Commissioner’s Office with the details available here: https://ico.org.uk/concerns
4.2 Subject to clause 7 below, we will delete your data after 5 years if we no longer require it for the purposes for which it was collected. If you opt for a private project or commission your photography and other content, your basic information will be a part of the project and, in accordance with our Contributor Terms and Conditions, will be securely destroyed as soon as the project is delivered. We will use reasonable efforts to, to the extent required by law, supply, correct or delete personal data held about you on our files (and with any third parties to whom it has been disclosed to).
4.3 To make a request in relation to any of the aforementioned rights, please email us here
4.4 You are under no statutory or contractual obligation to provide any of your personal data to us. However, if you do not provide the personal data required for our performance of the Service, we will not be able to provide you with the Service.
4.5 If you are unhappy with the way that we are processing your personal data or would like to limit the use of your personal information to a particular purpose, please let us know. The best way to bring this to our attention is by emailing us here
4.6 If you have previously consented to but now would prefer not to receive direct marketing, you can follow the opt-out links on any marketing message sent to you OR message us on social media platforms asking to opt out OR you can email us here
5. Children
6. Security
6.2 During a project (both public and private) your personal data will be collected via Pixcollect.com – our robust and secure cloud-based platform for the collection and workflow management of uploaded images and data. The GDPR compliant website uses an sha256 SSL certificate and is only accessible by admin (The People’s Picture and Umbrella Dev) and clients with their own secure password protected login for access to their data only. The user area is protected behind security, all passwords are hashed, SQL injection protection is present, and all server software is recent and maintained.
6.3 From here all content submitted during the project will be securely downloaded and stored on our secure servers only accessible through using 2-step verification. Our 2-step verification offers another layer of security by requiring an additional encryption log in to access all data. All hardware and back up hard drives containing your personal data supplied to us by you for the project are encrypted. Should these devices be stolen or go missing, no data will be accessible by third parties and all contents will be remotely wiped by us.
6.4 Any data transferred and stored digitally is also encrypted by default by Google’s G-Suite Encryption software. Should we request you to send files digitally, for the duration of the project these will be stored securely in our encrypted G-Suite database. Once the project is over and has been delivered, if you have opted for a private commission, your data will be destroyed.
6.5 All hard copies of printed material and digital files on external drives (for public projects only) related to the project containing potentially personal data (your images) is stored securely in a business address lock-up studio with additional concierge.
6.6 Please be aware that, while we make the security of our Website and your personal information a high priority, no security system can prevent all security breaches. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. How long we keep your data
7.2 Once the purpose for which information has been collected has been fulfilled, we’ll either permanently delete it completely or remove all identifiers within it so that it is no longer personal data. We may use such anonymised data for research and/or business analysis purposes.
7.3 Where you have provided us with a photograph, image and/or story for use in an artwork or project and you have expressly granted us a licence to use it, it will remain in our artworks and archives and be used in accordance with the terms of the licence. If you have opted for a private commission, the artworks and archives will be delivered directly to you and we will not keep any copies of your project unless specified. We ask you to keep this content somewhere secure in case you wish to revive the project, or request alterations or additions.
7.4 Where we obtain your personal data in relation to the use or purchase of our services, including VAT or invoicing information, we are obligated by law to keep this for a minimum of 6 years.
7.5 If you contact us for a proposal or commission and you don’t consent to marketing, we’ll keep your data for a year in case you wish to proceed with the quote.
8. International Data Transfers
8.2 Where your personal data is transferred outside of the EEA to a territory not subject to an adequacy decision by the European Commission, we have agreements in place with the relevant parties which include either (i) standard data protection clauses adopted by the relevant data protection regulator and approved by the European Commission or (ii) standard data protection clauses adopted by the European Commission, to ensure that appropriate safeguards are used to protect your personal data. If you require more information about these safeguards, you can contact us here
9. Liability
9.2 The Company shall not be liable to you or the client for any indirect or consequential loss or for any loss of revenue, business or profits whatsoever arising (including in negligence) in relation to this Undertaking.
10. Force Majeure
11. Changes to this Policy
12. Contact Us
If you have any questions, comments or enquiries, please contact:
HELEN MARSHALL LIMITED (Company No. 11423615)
We are members of the ICO Information Commissioner’s Office (https://ico.org.uk/your-data-matters)
Organisation name: Helen Marshall Limited
Reference: ZA575447
Our Data Protection Officer is:
Helen Marshall Ltd
7, Wadeson Street, London, E2 9DR