Last updated: 15 March 2026
sparkpassage-base Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations and explains your rights regarding personal data.
As a photography business, we handle personal data including contact information and visual images of individuals. We recognise the sensitive nature of this information and maintain robust practices to protect it.
sparkpassage-base Ltd acts as the data controller for personal information we collect. This means we determine the purposes and means of processing your personal data and bear responsibility for doing so lawfully.
sparkpassage-base LtdWe only process personal data where we have a valid legal basis. The grounds we rely upon include:
When you book our services, we process your contact details, project requirements, and payment information to fulfil our contract with you. Without this processing, we could not provide the photography services you have requested.
We may process data for our legitimate business interests where this does not unduly affect your rights. Examples include maintaining security, improving our services, and managing client relationships. We conduct balancing tests to ensure our interests do not override your fundamental rights.
Where we use photographs for promotional purposes beyond the specific project, or send marketing communications, we obtain your explicit consent. Consent is always freely given, and you may withdraw it at any time without affecting services you have already received.
Certain processing is required by law, such as maintaining financial records for tax purposes or responding to valid legal requests from authorities.
Under the UK GDPR, you have specific rights regarding your personal data. We are committed to facilitating these rights:
You may request a copy of the personal data we hold about you. We will provide this within one month of receiving your request, free of charge for reasonable requests.
If any personal data we hold is inaccurate or incomplete, you have the right to have it corrected. We will update records promptly upon receiving verified corrections.
In certain circumstances, you may request deletion of your personal data. This right applies when the data is no longer necessary for its original purpose, you withdraw consent, or you object to processing and we have no overriding legitimate grounds. Note that legal and contractual requirements may require us to retain certain information.
You may request that we limit how we use your data while a complaint or query is being resolved, or where you contest the accuracy of data we hold.
Where technically feasible, you may request that we transfer your data to another service provider in a commonly used, machine-readable format.
You may object to processing based on legitimate interests or for direct marketing purposes. For marketing objections, we will cease processing immediately. For legitimate interest objections, we will review whether compelling grounds exist to continue.
We do not currently use automated decision-making that produces legal or similarly significant effects. Should this change, we will inform you and provide appropriate safeguards.
To exercise any of these rights, contact us at [email protected]. Please provide sufficient information to verify your identity and specify which right you wish to exercise. We will respond within one month, though complex requests may take up to three months with prior notification.
There is no fee for most requests. However, we may charge a reasonable fee for manifestly unfounded or excessive requests, or refuse to act in such cases.
Photographs that identify individuals may constitute biometric data in certain contexts. We process such images only with explicit consent for specific purposes outlined in our client agreements. Where photographs reveal racial or ethnic origin, we apply enhanced protections and process such images only with your informed consent.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk:
In the event of a personal data breach, we will:
We primarily process data within the United Kingdom. When working with international clients or using service providers located outside the UK, we ensure appropriate safeguards are in place. These may include:
Information about specific safeguards for your data is available upon request.
Where we engage third parties to process data on our behalf, we ensure they:
When photographing individuals under 18, we obtain consent from a parent or guardian. Additional care is taken regarding the storage and use of such images. Parents and guardians may exercise data rights on behalf of minors.
If you have concerns about how we handle your personal data, please contact us first at [email protected]. We take all complaints seriously and will investigate thoroughly.
You also have the right to lodge a complaint with the supervisory authority:
Information Commissioner's OfficeThis GDPR compliance information may be updated periodically. Significant changes will be communicated through our website. We recommend reviewing this page periodically to stay informed about how we protect your data.