Anonymous user data is collected by the BIPP.
The BIPP takes the privacy and security of your data seriously. We have published this data protection guide to ensure that our members and and third parties are fully informed on what data we hold and how it is used. The BIPP operate within the requirements of the Data Protection Act 1998 and the General Data Protection Regulations (“GDPR”).
Personal data protection principles
We adhere to the principles relating to processing of personal data set out in the GDPR which require personal data to be:
- processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency);
- collected only for specified, explicit and legitimate purposes (Purpose Limitation);
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (Data Minimisation);
- accurate and where necessary kept up to date (Accuracy);
- not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed (Storage Limitation);
- processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality);
- not transferred to another country without appropriate safeguards being in place (Transfer Limitation);
- and made available to data subjects and data subjects allowed to exercise certain rights in relation to their personal data (Data Subject’s Rights and Requests).
We are responsible for and must be able to demonstrate compliance with the data protection principles listed above.
Lawfulness and fairness
The GDPR restricts our actions regarding personal data to specified lawful purposes. These restrictions are not intended to prevent processing, but ensure that we process personal data fairly and without adversely affecting the data subject.
The GDPR allows processing for specific purposes, some of which are set out below:
- the data subject has given his or her consent;
- the processing is necessary for the performance of a contract with the data subject;
- to meet our legal compliance obligations;
- to protect the data subject’s vital interests; or
- to pursue our legitimate interests for purposes where they are not overridden because the processing prejudices the interests or fundamental rights and freedoms of data subjects. The purposes for which we process personal data for legitimate interests need to be set out in applicable privacy notices or fair processing notices.
Your Rights Under GDPR
You as an individual have rights as follows:
- The right to be informed about processing of your personal data.
- The right to have your personal data corrected in case of inaccuracy and to have incomplete personal information completed.
- The right to object to processing of your personal data.
- The right to restrict processing of your personal data.
- The right to erasure of your personal data.
- The right to request access to your personal data and information about how we process it.
- The right to move your personal data (Data Portability).
- The right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
What information do we hold and how do we obtain it?
In general, we receive information directly from members & third parties. The amount of data held will vary according to professional status and employment situation.
For what purpose do we use your information?
- To provide you with necessary communications
- To provide you with information on joining or qualifying
- To administer your membership
- To provide you with membership benefits
- To provide you with details of relevant events & products
- To administer professional conduct issues
Caring for your data
We undertake that we have in place a level of security appropriate to the nature of the data and the harm that might result from a breach of security. Data is held on our central membership database.
We further undertake that we will:
- Not hold information about you that is excessive in relation to the purpose(s) for which it is used.
- Use only the very latest data provided by you. To help us do this, please keep us informed if any of your details change. Qualified corporate members are responsible for maintaining the accuracy of the information on their own BIPP web pages.
- Not keep information for any purpose longer than is necessary. We may retain your records (for example upon cancellation of membership) to enable us to solve any subsequent queries and comply with legislative requirements.
- Not transfer personal data outside of the EU unless we have entered into a DPA agreement with the supplier that is outside of the EU.
Qualified members’ contact information is held on the website for visitors to access via the ‘Find a Photographer’ search engine.
Certain links on this site will lead to websites not under the control of the BIPP. They are provided solely for your convenience and so do not constitute any endorsement of any third party products or services. The BIPP accepts no responsibility for any loss or damage you sustain by visiting these websites.
Accuracy of information
The BIPP do not represent or warrant that the material comprised on this site is completely accurate or up to date and the BIPP have no liability in respect of such material or for any use of any such information by any person. Any information regarding availability of merchandise or books is subject to suppliers’ stock levels.