The terms “You,” “Your,” “Yours” and “User” refer to the entity/person/organization using our Site.
When this Policy mentions “We”, “Us,” and “Our” it refers to Heroic Headshots and its subsidiaries and affiliates.
For any questions regarding this Policy or any requests regarding the processing of personal data, please contact us at firstname.lastname@example.org.
1. INFORMATION WE COLLECT FROM YOU
We only collect the personal data that is absolutely necessary for the adequate performance of the contractual arrangement We have with You and allow us to comply with Our legal obligations.
- Account Signup Information. When You create the account, we ask You to provide the signup information, such as Email, Name, Surname, Phone.
- Data about you: your company/employer name, your headshot image, editing instructions
- Communications, Chats, Messaging. When You communicate with us through email or any other way, We collect information about Your communication and any information You choose to provide or disclose.
- Payment Information. To place orders on Our Site, We may require You to provide certain financial information in order to facilitate the processing of payments. We rely on Our card payment provider, Stripe, to process Your Credit or debit card number, Credit or debit card type, Credit or debit card expiration date, Billing address, Name and surname. Please note that Stripe is a PCI-DSS Level 1 Card Payment Processor, and Your card or payment details are not visible to anyone, including Us.
2. INFORMATION WE COLLECT AUTOMATICALLY
When you use our Site or contact us directly we may collect information, including your personal information, about the way you act in our Site, the services You use and how You use them.
This information is necessary for the adequate performance of the contract betWeen You and us, to enable us to comply with legal obligations and given Our legitimate interest in being able to provide and improve the functionalities of the Site.
- Log data and Device information. We automatically collect log data and device information when You access and use the Site, even if You have not created an Account or logged in. That information includes, among other things: Date/time stamp, Clickstream data, Referring/exit pages.
3. THE WAY WE USE YOUR INFORMATION
We process personal data in line with Data Protection Laws, including but not limited to the General Data Protection Regulations (UK and EU).
We may use the information We collect through Our Site for a number of reasons, including to:
- to create User account and identify users
- to create statistics and analyze User behavior on our Site
- to customize marketing
- to process billing information/invoicing
- to manage User orders
- to correspond with Users
- to improve our services
- to ensure data security and prevent fraud
- to comply with applicable laws
- to request feedback from clients and Users
- to post testimonials, with User’s consent
- to provide technical support
We will normally collect personal information from You only where We have Your consent to do so, where We need the personal information to perform a contract with You, or where the processing is in Our legitimate business interests. Where We rely on consent, We will inform You of such and You have the right to opt out at any time.
4. DIRECT MARKETING
Where You have consented for us to do so, We may use Your email address to serve direct marketing to You. If You wish to withdraw the consent for direct marketing, and refuse to receive information from us, You may exercise such an option at any time. Each marketing email You receive from us will include instructions on how to unsubscribe or amend Your marketing preferences, included at the bottom of Our emails with the newsletters.
Cookies permit us to recognize users and avoid repetitive requests for the same information.
Cookies from Our Site cannot be read by other Sites. Most browsers will accept cookies unless You change Your browser settings to refuse them.
Cookies We use on Our Site:
- Strictly necessary cookies – These cookies are required for the operation of Our Site. They help us to show You the right information, customize Your experience, and allow us to implement and maintain security features as Well as to help us detect malicious activities. Without these cookies operation of the Website would be impossible or its functioning may be severely affected.
- Functional cookies – These improve the functional performance of Our Website and make it easier for You to use. These cookies remember the settings selected by the Visitors (for example, the settings of language and time zone). With the use of these cookies, the Visitors may avoid the changes of settings during each visit of the Website. These cookies also remember changes made by You in the Website (for example, in case You leave a comment on the Website). These cookies do not track Your behavior on other Websites.
- Marketing, targeting, and advertising cookies – These cookies record Your visit to Our Website, the pages You have visited and the links You have folloWed. We will then use this information to make advertising displayed on it more relevant to Your interests. The advertising cookies let us know whether You have already seen the specific advertisement or a certain type of advertisement, and how much time has elapsed since You saw it. We may use the cookies set by another entity so that We could provide the advertisement oriented more specifically to You. They are also used so that We could see certain advertisements only a certain number of times and that it would help to measure the efficiency of advertising.
You may find more information about how to delete cookies, as Well as the other useful information related to the use of the cookies, on the Website allaboutcookies.org.
6. INFORMATION FROM MINORS
This site and Our Services are not intended for or directed to persons under the age of 18. We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use Our Site or Services.
We will delete any information immediately upon discovery of data collected from or about a minor. Please contact us using the contact details below if You believe We might have information about a minor.
7. PAYMENT INFORMATION
8. THIRD PARTY LINKS
Our Site may have links to other Websites. Whilst We perform reasonable due diligence on the links We provide, please review their privacy policies to learn more about how they collect and use Your personal data, because We do not control their policies and personal data processing practices.
We retain Your personal information exclusively to provide services to You and as otherwise necessary to comply with Our legal obligation, resolve disputes, and enforce Our contractual rights.
We will retain Your personal information for the duration that You access Your Headshots account, unless We are otherwise required by law or regulations to retain Your personal information longer.
If You would like to exercise Your Right to Erasure and request that We erase the data We hold about You, You may request that We close Your Account. Please note that even after deletion of Your account We may need to retain some of Your information strictly for tax, legal reporting and auditing purposes.
We have implemented technical and organizational security measures designed to protect the personal information You share with us from unauthorized or accidental disclosure, loss, theft, inaccessibility or destruction. Among other things, We regularly monitor Our systems for possible vulnerabilities and attacks. Headshot staff and freelancers are subject to confidentiality agreements within their contract for services/employment. Access to client personal data is restricted on a ‘least privilege’ basis, meaning only the necessary staff are given access to Your personal data. We enter into contracts with Our subprocessors, who process data on Our behalf, to ensure they are under an obligation to process data in line with Data Protection Laws.
Whilst We take all reasonable measures to protect Your data, the internet, in any event, is an open forum and its security cannot be guaranteed.
We therefore encourage You to avoid providing Us or anyone with any sensitive information of which You believe its disclosure could cause You substantial or irreparable harm.
If You have any questions regarding the security of Our Site or Services, You are Welcome to contact us at email@example.com.
11. Data Transfers
We do use some trusty third party providers to help us provide Our Services and We want to reassure You that these third parties are only allowed to access the information they need to do their job for Us. They’re not allowed to use it for any other purpose.
12. YOUR RIGHTS
Under Data Protection Laws, including the GDPR, You have 8 data subject rights regarding the protection of Your personal information. You may exercise these at any time. Please email us at firstname.lastname@example.org to do so. Your data subject rights are:
- The right to access (data subject access request) You are entitled to request an electronic copy of the personal information We hold about You, stemming from the beginning of Our relationship, within 30 days. To do this, please contact us at email@example.com to request a copy including full details of what You require. You may also be required to submit or demonstrate proof of Your identity.
- The right to object (right to be forgotten) to Your personal information being used for certain purposes. Where required, We ensure We will obtain Your consent before undertaking marketing and You will always have the ability to opt out at any time.
- The right to rectification: You may request that We correct any inaccurate and/or complete any incomplete personal information. You may review, update, correct and add or delete Your personal information in Your account.
- The right to withdraw consent: Where We are processing Your personal information on the basis that You have given us Your consent to do so, You may withdraw Your consent at any time.
- The right of erasure: You may request that We erase Your personal information and We will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for retaining Your personal information, such as a legal requirement to retain transaction data for a period of 6 years, or to protect Headshots in any legal disputes.
- The right to data portability: Under GDPR, in certain circumstances, You may request that We provide Your personal information to You in a structured, commonly used and machine readable format and have it transferred to another provider of the same or similar services to us. Where this right is applicable, We will comply with such transfer as far as it is technically feasible.
- The right to lodge a complaint with the supervisory authority. If You do have any questions or complaints then please do contact us first so We can try to resolve it for You. However, You do have the right to contact Your country’s relevant supervisory authority directly to lodge a complaint with them about Our data processing practices.
- The right to restriction. You could ask us to restrict Our use of Your personal information in certain circumstances including: where You have objected to Our use of Your information as described above; where You think the information We hold about You is inaccurate; and where We have unlawfully used Your information but You would like us to keep it.
13. APPLICATION OF POLICY
This Policy applies only to the Services offered by Our Company. Our Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to You in search results, sites that may include Our services or other sites linked from Our Site or Services.
Our Policy may change from time to time. We will post any Policy changes on Our Site and, if the changes are significant, We shall provide You with an explicit notice (including, for certain services, email notification of Policy changes).
15. ACCEPTANCE OF THIS POLICY
We assume that all Users of this Site have carefully read this document and agree to its contents. If someone does not agree with this Policy, they should refrain from using Our Site or Services. We reserve the right to change Our Policy at any time and inform by using the way as indicated in Section 13. Continued use of this Site implies acceptance of the revised Policy.
16. FURTHER INFORMATION
If You have any further questions regarding the data We collect, or how We use it, then please feel free to contact us at the details as indicated above.
UPDATED 09 11 2023