Privacy Policy

Our privacy policy is based on the EU General Data Protection Regulations, which became enforceable in Denmark on 25th May 2018. The purpose of the regulations and the equivalent Danish legislation is to protect the citizens’ data in a market with increased exchange of data.

We truly wish to comply with the data protection rules in force at any time. This is the reason for our drawing up this policy, which entered into force on 25th May 2018. We have been following it ever since via internal, detailed guidelines.

Our primary aim is to render the best possible service to our customers – of course always taking due account of privacy data legislation in force at any time. Our customers will in all events be informed of their rights to access, rectification, and erasure, and finally also to transmission of relevant data (dataportability).

Merete Popp (MP) is data protection officer, and the sales staff of the shop, including owner Carsten Popp, processes data in connection with the daily activities of the shop. After MP’s proper and thorough introduction to the regulations of the new personal data legislation, an oral agreement between MP and the sales staff was made on the sharing of responsibilities.

We handle data within the following relevant areas:

  1. 1. Products and Relevant Data Handling

 PHOTOGRAPHY

 Passport Photos: photos are handed over or mailed directly to the customer in connection with payment. Shots will be erased the following morning. Photos edited for particular visa requirements will be saved at our server for approx. 1 year and subsequently erased.

Portraits: photos are handed over or mailed directly to the customer in connection with payment. Shots will be saved at our server for up to 1 year, then transferred to a hard disk, which is kept in our lockable cupboard.

Photos for Christmas Cards: photos are handed over or mailed directly to the customer in connection with payment. Shots will be erased the following morning. Based on acceptance by the customer, shots will saved at our server.

Confirmation Photos: In some cases shots are taken by an external, professional photographer with whom we have: entered into a data processing agreement. We hand over the photos directly to the customer (the contact person) or to the priest, who will subsequently handle handing over to the relevant contact persons.

As regards all 4 abovementioned types of photography, the relevant customers will be informed about our practice of saving/erasing the shots, and the customer’s right to insight, rejection of saving, to demand erasure of the shots, and to require transfer of the shots (data portability) – all in accordance with GDPR legislation in force.

School- and Kindergarten Photos:

Photos are handed over directly to the parent informed to us as being contact person. The shots will be saved in order for us to be able to execute the customers’ orders. Information on names, pupils, and school classes will be sent from the kindergartens/schools in question. In connection with placing of orders, the contact person logs on with his or her own user number and code, thus only getting access to the photos of his or her own child/children. This means that in connection with placing the order, the contact person him-/herself informs about name, address, tlph.no., and e-mail address, so that we can deliver the photos to the contact person in question. It requires a written acceptance by the contact person informed to us, for any other person to get access to the photos of the child/children. Thus, NO other person than the contact person, informed to us can, via us, gain access to the photos. Data are processed via “Fotolet” and can only be accessed with username and code. We have entered into data processing agreements with “Fotolet” and Kolding Kommune respectively. Prior to photographing the children, we always ask for permission from the person having parental responsibility for their child/children in question as to making photos of the child/children in question together with the fellow pupils of their class and for an individual portrait respectively.
Prior to photographing the child/children we always ask the parents, via “forældreintra” at the school in question, to let us or the school know if they do NOT agree to their child/children being photographed by us.
The shots will be saved at our server and will, after a relevant period, be transferred to a hard disk, which is stored in our lockable cupboard. We only register photos of each individual child by successive numbers. Processed orders will be saved at the server under kindergarten, school, class, and the name of the child in question. The information will be erased after 3 years. We consider this a fair and realistic period in order for us to be able to render the best possible service to our customers.

The shots are made by a professional photographer with whom we have entered into a data processing agreement.

Place of delivery of the photos will be agreed with each individual customer. Delivery may e.g. take place via local shopkeepers. We have entered into data processing agreements with the relevant shopkeepers.

PHOTOORDERS

Development of films from analog cameras and/or negatives, partly from our own customers, partly on behalf of a number of other shops within or outside the PhotoCare group of shops.We have entered into data processing agreements with the shops in question.

DIGITAL orders via the following electronic media:

e-mails to: lab®popp.dk photocare®popp.dk /
lab®poppphoto.dk / photocare®poppphoto.dk / foto®poppphoto.dk
and/or kolding®photocare.dk,

USB sticks,

mobile phones,

tablet,

memory card from digital cameras

our and/or the PhotoCare app for print/processing of photos,

ordering photos at our photostations.

Data for digital orders digitale ordrer are processed via an external company. We have entered into data processing agreement with this company.

Old/historic photos for scan and possible PhotoShop editing are saved at our server for approx. 1 year. They are subsequently transferred to a hard disk, which is stored in our lockable cupboard.

In all abovementioned cases of photography and photoorders we ONLY use the customers’ data and/or products if this is essential for our execution of the job in question. This is based on our wish to render optimum service to our customers. The data will typically be saved for 3-30 days and will then be automatically erased.

Possible use of the customers’ photos for marketing purposes will not take place without the prior, written consent of our customers. The customers will be informed of their rights according to the GDPR in force.

SALE OF PHOTOGRAPHIC EQUIPMENT, including electronic equipment

Copies of of service-/warranty vouchers, in connection with purchase of e.g. cameras (will be kept in order for us to render optimum service to our customers and also as technical documentation in connection with possible complaints and questions from customers about additional equipment). Customer information includes name of customer, address, and camera- and serial number. Copies of the service vouchers are kept both physically and electronically. Copies of service-/warranty vouchers are only kept after the customers' prior, written consent. Should the customers not consent to our keeping the information, we will solely keep information on product name and serial number, sales voucher, and date of sale.

ADDITIONAL Products

Photocopies of various documents. The photocopies are always handed over directly to the customer on payment. Consequently, we do NOT keep copies of the documents in question. Error copies are always shredded.

Video Copying - for our own customers as well as for a number of external photoshops. Ordered video copy(ies) is/are always handed over directly to the customer or to the relevant external photoshop. Consequently, we do NOT store copies of the video tapes in question. We have entered into data processing agreements with the relevant external photoshops.

Photobooks – are designed and ordered directly by the customer from the manufacturer of the photobooks. The books are then sent to us wrapped in plastic. Consequently, we do not even touch and/or see the photos in question.

Customers’ Rights in Relation to Personal Data Information

We are familiar with GDPR in force in relation to the customers’ right to insight, change and erasure of data, and transfer of data (data portability) – cf the above descriptions on all customer data processed by us. In addition to this the customer has the right to withdraw a given consent at any time.

Information on/link to our privacy policy is indicated on signs in the shop.

  1. Access to Data

No other persons than the employees/owner of the shop have access to relevant personal data. By virtue of their employment loyalty obligation the employees are NOT allowed to share any kind of personal data with others. Our external IT-manager has (theoretically speaking) access to the data. We have entered into data processing agreement with our IT-manager, who reacts to any imaginable, non-authorized activity in our network.

  1. Measures to Avoid/Minimize the Risk of Data Protection Breaches

The risk of data protection breaches is rated as LOW due to the following precautations taken by us:

BURGLARY in the shop room/THEFT of photo- and other data. We have entered into an agreement with a certified security guard company. In addition to that we have adopted a number of other precautionary measures.

We inform about the security guard via signs at the windows of the shop.

In case of suspicious activity during opening hours, we can call for guards, hired by City Kolding. The guards are bound to secrecy by virtue of their employment with a certified guard company.

Furthermore, we have surveillance cameras in the shop. At the entrance door we inform about these surveillance cameras.

DIGITAL THEFT: Our digital system has been secured via a firewall and relevant coding.

  1. 4. Updating of Our Privacy Policy

We update our privacy policy at regular intervals. We also update continuously, if relevant.

  1. 5. Various Other Data

We have entered into data processing agreements with the external experts, who assisted us in setting up a new cash register (2018). At regular intervals we clear the cash system in accordance with accounting regulations. This is also the case as far as debtor and creditor information is concerned. We ALWAYS keep relevant data on debtors until all financial outstanding issues have been settled.

  1. Cookies

We refer to the “cookie paragraph” on our home page
www.poppphoto.dk

  1. 7. Questions to Our Privacy Policy

In case you have any questions to our privacy policy, you are most welcome to contact Merete or Carsten Popp at data®popp.dk. We also refer to our home page www.poppphoto.dk, to the PhotoCare home page www.photocare.dk and/or to the home page of Datatilsynet (Danish data protection authority) www.datatilsynet.dk

  1. 8. Customers’ Right to Complain

Customers have a right to complain to Datatilsynet (abovementioned home page). Datatilsynet is the relevant authority within the field of personal data. Their home page is: www.datatilsynet.dk

Kolding, January 2019

Carsten Popp (Owner)

Most recent update was summer 2019