Privacy Policy & Data Protection
ICO Registered: Reference ZA474861 | Valid until 27 August 2026
UK GDPR Compliant | Data Protection Act 2018
Document Version: 2.1 | Last Updated: 4 December 2025
Applicable to: Super Photo Cam Ltd business operations, commercial clients, and corporate services
1. Company & Compliance Information
Legal Entity
Company Name: Super Photo Cam Ltd
Company Number: NI655628
Registered in: Northern Ireland
VAT Status: Not currently VAT registered
Registration & Compliance
ICO Reference: ZA474861
ICO Valid Until: 27 August 2026
Registration Date: 28 August 2019
Verify Registration:
ICO Register Entry
Contact Information
Registered Office:
Unit 869A, Moat House
54 Bloomfield Avenue
Belfast BT5 5AD
Northern Ireland, UK
Email: info@superphotocam.com
Phone: 07533823338
Website: https://superphotocam.com
Data Controller Information
For the purposes of UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018,
Super Photo Cam Ltd is registered as the data controller.
Data Protection Officer: Lukasz Małec
DPO Contact: info@superphotocam.com | 07533823338
2. Scope of This Policy
This Privacy Policy applies to all business operations of Super Photo Cam Ltd, including but not limited to:
Commercial Services
- Corporate photography services
- Event photography contracts
- Commercial licensing agreements
- Business portrait sessions
Business Operations
- Client relationship management
- Contract negotiations and management
- Invoice and payment processing
- Business development activities
Communication Channels
- Business website: superphotocam.com
- Professional email communications
- Contractual documentation
- Business social media accounts
3. Business Data Processing Activities
3.1 Types of Business Data Processed
Business Client Data
- Company/organization details
- Business contact information
- Authorized representative details
- Billing and payment information
Contractual Data
- Service agreements and contracts
- Licensing agreements
- Project specifications
- Delivery requirements
Financial Data
- Invoice and payment records
- Bank account details (for payments)
- Tax and accounting records
- Expense and revenue tracking
Operational Data
- Project management information
- Service delivery records
- Quality assurance documentation
- Client feedback and reviews
3.2 Lawful Basis for Processing (UK GDPR Article 6)
| Processing Activity | Lawful Basis | Purpose | Retention Period |
|---|---|---|---|
| Contract fulfillment | Contract (Art. 6(1)(b)) | Delivering photography services | 7 years post-contract |
| Financial transactions | Legal obligation (Art. 6(1)(c)) | Tax and accounting compliance | 6+1 years for HMRC |
| Business communications | Legitimate interests (Art. 6(1)(f)) | Client relationship management | 3 years post-engagement |
| Marketing to businesses | Legitimate interests (Art. 6(1)(f)) | Business development | Until opt-out requested |
| Service improvement | Legitimate interests (Art. 6(1)(f)) | Quality enhancement | 2 years |
4. Data Sharing with Third Parties
We only share business data with third parties when necessary for service delivery:
Service Providers
- Accounting software: Financial record keeping
- Cloud storage: Secure file management
- Email providers: Business communications
- Project management tools: Service coordination
Professional Advisors
- Accountants: Financial compliance
- Legal counsel: Contract review
- Insurance providers: Risk management
Regulatory Bodies
- HMRC: Tax compliance
- Companies House: Corporate reporting
- ICO: Data protection compliance
International Data Transfers
All data is processed within the UK unless specific international services are required.
Any international transfers comply with UK International Data Transfer Agreement (IDTA) requirements.
5. Security & Protection Measures
Technical Security
- Encrypted data storage and transmission
- Secure access controls and authentication
- Regular security updates and patching
- Data backup and disaster recovery
Organizational Security
- Data protection policies and procedures
- Employee confidentiality agreements
- Regular security awareness training
- Incident response planning
Physical Security
- Secure premises access controls
- Locked storage for physical records
- Secure disposal of confidential waste
- Visitor management procedures
Compliance Monitoring
- Regular data protection audits
- Privacy impact assessments
- Contractual compliance reviews
- Regulatory change monitoring
6. Business Client Rights & Procedures
Right to Information
Request details of data processing activities relevant to your business relationship.
Right of Access
Access business data we hold about your organization (Subject Access Request).
Right to Rectification
Request correction of inaccurate business information.
Data Portability
Receive business data in structured, commonly used format.
Right to Restriction
Request limitation of processing in specific circumstances.
Right to Object
Object to processing based on legitimate interests.
6.1 How to Exercise Business Rights
Step 1: Formal Request
Submit written request to Data Protection Officer including:
- Business name and reference number
- Specific right being exercised
- Details of data concerned
- Authorized representative details
Step 2: Identity Verification
We will verify the requesting party’s authority to act on behalf of the business.
Step 3: Processing
We will respond within 30 calendar days of verified request receipt.
Step 4: Resolution
Provide requested information or explanation of any limitations.
Submission Channels
Email: info@superphotocam.com (Subject: Data Protection Request)
Post: Data Protection Officer, Super Photo Cam Ltd, Unit 869A, Moat House, 54 Bloomfield Avenue, Belfast BT5 5AD
Phone: 07533823338 (Business hours: Mon-Fri 9am-5pm)
7. Data Breach Response Protocol
Detection & Containment
Immediate isolation of affected systems and assessment of scope.
Notification
ICO notification within 72 hours if required. Affected business clients notified without undue delay.
Investigation
Root cause analysis and vulnerability assessment.
Remediation
Implementation of corrective measures and security enhancements.
Documentation
Complete incident logging for compliance and improvement.
Review
Policy and procedure review to prevent recurrence.
8. Policy Governance & Review
Review Schedule
Annual review or following significant regulatory changes.
Change Management
Version control and change logging maintained.
Stakeholder Communication
Significant changes communicated to ongoing business clients.
Document Control
Document Reference: PP-SPCL-BUS-2024-v2.1
Owner: Data Protection Officer
Approval: Company Director