I Heart Studios Creative Image Solutions Limited and I Heart Studios Netherlands BV (“I Heart Studios”) understands that your privacy is important to you and that you care about how your personal data is used. We are committed to ensuring that your privacy is protected.
This privacy notice sets out how we look after your personal data and tells you about your privacy rights and how the law protects you. Personal data is any information about you from which you can be identified. It does not include data where your identity has been removed. This privacy notice applies when you have provided your personal data to us yourself or someone else has provided your personal data to us.
Please read this privacy notice in full, so that you understand how your personal data is used by us.
We may also provide you with other privacy notices on specific occasions when we are collecting or processing personal data about you, to make sure that you are fully aware of how and why we are using your personal data. This privacy notice is in addition to those other notices and is not intended to override them.
We may collect some or all of the following personal data about you which we have grouped together as follows (this may vary according to your relationship with us):
We use different methods to collect personal data from and about you, as follows:
Direct interactions. You may give us your Identity, Contact, Correspondence, Marketing and Communications Data, Financial and Transaction Data by filling in forms or by corresponding with us by post, phone, email, in person, via social media, via our website or otherwise. This includes personal data you provide when you:
Automated technologies or interactions. As you interact with our website or use our services, we may automatically collect Usage Data about your equipment, browsing actions and patterns. We collect this data by using cookies and other similar technologies. Please see Cookies in Part 4 below for more details.
Third parties or publicly available sources. We may receive personal data about you from various third parties (which may include public sources) as set out below:
In accordance with data protection laws, we will only process your personal data where we have a lawful basis for doing so. Most commonly, we will use your personal data in the following circumstances:
Sometimes we may ask you to consent to our collection and use of certain of your personal data. You have the right to withdraw your consent at any time.
Your personal data may be used for the following purposes. Note that we may process your personal data on more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal basis we are relying on to process your personal data:
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice, and for the establishment, exercise or defence of legal claims. Our lawful basis is our legitimate interests (proper protection of our business against risks, protection and assertion of legal rights).
What we can do?
We may send marketing communications to you:
We will not share your personal data with any company outside our group of companies for marketing purposes without your express opt-in consent.
You have the right to ask us to stop sending you marketing communications at any time.
You can do this by:
If you opt out of receiving some or all of our marketing, we will retain your Marketing and Communications Data for our records in order to ensure that we know that you have opted out.
If you change your mind after opting out, you can update your choices at any time by contacting us.
We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use using cookies that may be stored on your device when you visit our website. This information is used to create reports about the use of our website. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of anyone visiting our website.
For more information on Google Analytics please visit: https://support.google.com/analytics/answer/6004245
To opt out of being tracked by Google Analytics across all websites, please visit: https://tools.google.com/dlpage/gaoptout
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected, including for the purposes of satisfying any legal, accounting, or reporting requirements and obligations. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us.
In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We may share your data within the group of companies of which we are a part. This may involve transferring your data outside the European Economic Area (EEA) depending on the subsidiary.
Some of our external third parties are based outside the European Economic Area (EEA) so their processing and storage of your personal data will involve a transfer of data outside the EEA
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We may have to share your personal data with the parties set out below for the purposes set out in Part 4 above.
Internal Third Parties
Other companies in the I Heart Studios Group. Currently we operate in the UK, the Netherlands and Hong Kong.
External Third Parties
Requirements for our third party service providers
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Other disclosures we may make
We may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You have the right to request:
You have the right to withdraw consent at any time where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw consent. Please note that if you withdraw consent, we may not be able to provide certain products or services to you. We must comply with this request by law.
You also have the right to stop the use of your personal data for direct marketing through all or any channels, at any time. We must always comply with your request by law.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk) or Dutch Data Protection Authority (https:/autoriteitpersoonsgegevens.nl). We would, however, appreciate the chance to deal with your concerns before you approach the ICO or DDPA so please contact us in the first instance.
If you want to exercise your legal rights in relation to your personal data, please contact us using the contact details in Part 11.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Please note that we are not always required to comply with your request. For example, there may be specific legal reasons which will be notified to you, if applicable, at the time of your request and, in some cases, we may have compelling legitimate grounds to process your information which override your rights and freedoms.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you have any questions about this privacy notice including any requests to exercise your legal rights, please contact our Data Privacy Manager as follows:
We may change this Privacy Notice from time to time by publishing a new version on our website. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. We recommend that you check this page occasionally for any policy changes or updates.