Privacy Policy

At last! Creative Ltd is committed to protecting and respecting your privacy.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, stored and disclosed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting https://www.atlastcreative.com or using any services offered through or associated with our Site , you are deemed to have accepted and consented to the practices described in this policy.

The Site is owned and operated by At last! Creative Ltd (Company No. 09472301) of Unit C 21, The Old Imperial Laundry, 71-73 Warriner Gardens, London, United Kingdom, SW11 4XW The Site contains links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

1. Data We Collect About You

We collect and process personal information so we can provide our Services to you. It’s important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
The data we collect and process about you is explained in the sections below.

1.1 Data You Give Us

You give us information by corresponding with us by phone, e-mail or otherwise. The aforementioned are our primary means of obtaining information from you, and we ask you for your consent when you submit your name, email address, and other information you choose to provide to us. We use this information to contact you about our Services and to fulfill our contractual obligations to you.
We also collect your photographs and videos, and any other information you choose to provide. Your photographs and videos are necessary for us to be able to provide our Services and fulfill our contractual obligations to you.
Once you become a client of At last! Creative Ltd , we will keep information about your purchases, services used, records of conversations and agreements and payment transactions. This data is necessary for our legitimate interests and we rely on this as a lawful basis to use and process it.
We also maintain an archive of the personal data, videos, images and text that you share with us while creating a project for you so you can order reprints and further copies of the completed projects.

1.2 Data We Automatically Collect

Each time you visit or use our Site, we automatically collect the following information:

technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, location, network data, browser plug-in types and versions, languages, operating system and platform;
information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Site (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

We use this information as statistical data about your browsing actions and patterns, for system administration, and to evaluate, provide, protect or improve our Services (including by developing new products and services). Because we collect, use and share this information in the aggregate, it does not identify any individual.

2. How We Use Your Data

We use your data to carry out our Site and Services in the following ways:

To administer and manage your account, to provide you with information you request from us, and to carry out any other obligations arising from any contracts entered into between you and us.
To ensure that content from our Site is presented in the most effective manner for you and for your device.
To respond to communications from you and to provide you with information about our Services, including notifying you about changes to our Site or Services.

We also use your data to make our Site and Services better in the following ways:

To administer the Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
As part of our efforts to keep the Site safe and secure, e.g. by conducting analysis required to detect malicious data and understand how this may affect your IT system.
To measure or understand the effectiveness of advertising we serve to you and others, deliver relevant advertising to you and make suggestions and recommendations to you and other users of the Site about goods or services that may interest you or them.

We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under applicable data protection laws. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about services similar to those which were the subject of a previous enquiry by you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have expressly consented to this.

We will not share any information about you with Third Parties unless required in order to carry out our Services.

3. How We Secure Your Data

All of your personal information is protected and we have put in place appropriate physical, electronic, and management procedures to safeguard and secure the data we collect. We use the following security measures:

Physical & Managerial Security Procedures, including limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies); implementing access controls to our information technology; encryption, anonymisation and archiving techniques to safeguard your information across all our computer systems, networks, offices and stores.
HTTPS – This website is secured via Hyper Text Transfer Protocol Secure (HTTPS). It means all communications between your browser and this website are securely encrypted. This means that even if somebody managed to break into the connection, they would not be able decrypt any of the data which passes between you and the website.
Secure Update Process – Inline with the security processes of our website development partner agency, this website application’s code-base is administered and updated via a password and FTP free process. All code-changes are deployed via a secure process that does not rely on the storage and visible access of passwords.
Password Authentication – Where possible, the administration interface to this website application and any personally identifiable information herein, is secured behind a password authentication to all staff who have access to it. Additionally, our website development agency can only access the same interface via their secure Google GSuite accounts and hold no password records for accessing the platform at super-admin level.
Web Application Maintenance – Our organisation, working in collaboration with our website development agency, regularly monitor the security of this website and consistently update the core CMS platform and supporting extensions and plugins.
Cloudflare – Our website’s DNS is managed through CloudFlare who provide our content delivery network (CDN), DDoS attack mitigation, Internet security and distributed domain name server services.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we use strict procedures and the security features described above to try to prevent unauthorised access.

4. How Long We Store Your Data

We only keep your personal information for as long as it’s necessary for our original legitimate purpose for collecting the information and for as long as we have your permission to keep it. Unless otherwise required by law, your data will be stored for a period of 2 years after a project has been completed, unless you advise us otherwise, by emailing us at the address below.

5. Disclosure to Third Parties

5.1 Parties with whom we share your information

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We use third parties such as WeTransfer, Dropbox, Google Drive and Apple iCloud (for cloud storage and file transmission), Vimeo (for video sharing), Photobox (for photo printing and sharing), MailChimp (for monthly MailShot and general marketing) and other third-party contractors (such as IT consultants, printers, and companies we use to bind our photobooks and create our DVDs). These third parties have access to data we share with them.

The only other circumstances under which we would share your personal data are:

If the third party is a member of our group (which means any subsidiaries or ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006).
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If the Company or substantially all of its assets are acquired by a third party, in which case personal data will be one of the transferred assets and the purchaser will be permitted to use the data for the purposes for which it was originally collected by us.
If we’re under a duty to disclose or share your personal data in order to comply with any legal obligation, enforce or apply our Terms & Conditions and other agreements, or to protect the rights, property, or safety of the Company, our customers, or others (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

5.2 Parties with whom you may choose to share your information

You may choose to share any information, photographs or other content that you voluntarily submit to the Site. Such data will become available and viewable by us and our third parties.
If you choose to connect to social media networks from the our Site or post any of your content on our Site to those networks, then in accordance with your social media privacy settings, the personal information that you post, transmit, or otherwise make available on the social media platform may be viewed and/or used by other users of those networks and we have no control over such viewing and use and cannot prevent further use of such information by third parties. When you interact with us through social media networks, you acknowledge that we may access your information that is held by that account, solely in accordance with your social media privacy settings. Any links to social media are not under our control and remain solely your responsibility. You acknowledge that any information posted via social media through our Site, or any third party you allow to access your content, is done entirely at your own risk and that by posting to a public platform you make that information visible to third-parties who can use that information at their discretion.
You may review, modify, update, correct or remove any personal data you have submitted to the Site at any time. If you remove information that you posted to the Site, copies may remain viewable in cached and archived pages of the Site.
Always think carefully before disclosing personal data or otherwise posting personal data on the Site. You must respect the privacy of others and you must not disclose any personal details about other people including your family, friends, acquaintances, or other persons that may be misleading or cause them harm or offence. It is your responsibility to obtain their prior express permission in respect of any submission of their data at any time.

6. International Transfers

Because we use suppliers that operate outside the European Economic Area (EEA), data we collect from you may transferred to, and stored at, destinations outside the EEA. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated as securely as it would be within the EEA and under the GDPR. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. You can obtain more details of the protection given to your personal data when it is transferred outside Europe by contacting us as described in the Contact paragraph below.

7. Your Rights

7.1 Lawful Bases

We will ensure that your personal data is processed lawfully, fairly, and transparently and that it will only be processed if at least one of the following bases applies:

You have given your clear consent to the processing of your personal data for a specific purpose.
Processing is necessary for the performance of a contract to which you are a party (or for us to take steps at your request prior to entering into a contract with you).
Processing is necessary for our compliance with the law.
Processing is necessary to protect someone’s life.
Processing is necessary for us to perform a task in the public interest or in the exercise of official authority and the task/function has a clear basis in law.
Processing is necessary for our legitimate interests or the legitimate interests of a third party, except where there is a good reason to protect your personal data which overrides those legitimate interests, such as allowing us to effectively and efficiently manage and administer the operation of our business, maintaining compliance with internal policies and procedures, monitoring the use of our copyrighted materials, offering optimal, up-to-date security and obtaining further knowledge of current threats to network security in order to update our security.

7.2 Data Subject Rights

Under the GDPR, you have the right to:

Withdraw your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so (such as to comply with a legal obligation).
Be informed of what data we hold and the purpose for processing the data, as a whole or in parts.
Be forgotten and, in some circumstances, have your data erased by ourselves and our affiliates (although this is not an absolute right and there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it).
Correct or supplement any information we hold about you that is incorrect or incomplete.
Restrict processing of the information we hold about you (for example, so that inaccuracies may be corrected—but again, there may be circumstances where you ask us to restrict processing of your personal data but we are legally entitled to refuse that request).
Object to the processing of your data.
Obtain your data in a portable manner and reuse the information we hold about you.
Challenge any data we use for the purposes of automated decision-making and profiling (in certain circumstances—as above, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request).
Complain to a supervisory authority (e.g. the Information Commissioner’s Office (ICO) in the UK) if you think any of your rights have been infringed by us. (We would, however, appreciate the chance to address your concerns, so please contact us prior to taking this step).

You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

You have the right to ask us not to process your personal data for marketing purposes. We will get your express opt-in consent before we use your data for such purposes or share your personal data with any third parties for such purposes, but you can exercise your right to prevent such processing by contacting us at the Company Address, via email at the address below, or by unsubscribing using the links contained in the marketing emails.

You may revoke your consent for us to use your personal data as described in this Privacy Policy at any time by emailing us at the address below, and we will delete your data from our systems. To enforce any of the above rights, please contact us at our Company Address or via email at the address below.

We will notify you and any applicable regulator of a breach of your personal data when we are legally required to do so.

Cookies

A cookie is a small file of letters and numbers that we store on your browser. Cookies contain information that is transferred to your computer’s hard drive (or the hard drive of another relevant device). We use cookies to distinguish you from other users on the Site, to tailor your experience to your preferences, and to help us improve the Site.

Some of the cookies we use are essential for the Site to operate. If you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Site.

Before any non-essential cookies are placed on your device, you will be shown a pop-up message requesting your consent to setting those cookies. By default, most internet browsers accept cookies, but you can choose to enable or disable some or all cookies via the settings on your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. For further details, please consult the help menu in your internet browser.

We use the following categories of cookies:

Strictly necessary cookies. These cookies are required to save your session and to carry out other activities that are strictly necessary for the operation of the Site. They include, by way of general example, cookies that enable you to log into secure areas of the Site, use a shopping cart, or make use of e-billing services. These cookies are generally session cookies, which means they’re temporary and will expire when you close your browser. Strictly Necessary Cookies are highlighted with a double asterisk (**) in the tables below.
Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around the Site when they’re using it. These cookies help us improve the way the Site works by, for example, ensuring that users are finding what they’re looking for easily.
Functionality cookies. These cookies are used to recognise you when you return to the Site. They enable us to personalise our content for you, greet you by name and remember your preferences.
Targeting cookies. These cookies record your visit to the Site, the pages you visit, and the links you follow. We use this information to make the Site and the advertising displayed on it more relevant to your interests. We also share this information with third parties for the same purpose.
Social Media cookies. These cookies work together with social media plug-ins. For example, when we embed photos, video and other content from social media websites, the embedded pages contain cookies from these websites. Similarly, if you choose to share our content on social media, a cookie may be set by the service you have chosen to share content through.
Third Party cookies. We use third party cookies on the Site as described below. Please note that we do not control cookies placed by third parties and our Site does not block them. Please check the relevant third-party website for more information about these cookies.

You have the right to opt out of social media cookies and third-party cookies and to object to automated profiling. To enforce either of these rights please contact us at the email address below.

The specific cookies we use are provided below:

Cookies set by WordPress

Cookie Name	Description	Duration
wordpress_<hash> **	On login, wordpress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the admin console area, /wp-admin/	2 years
wordpress_logged_in_<hash> **	After login, wordpress sets the wordpress_logged_in_<hash> cookie, which indicates when you’re logged in, and who you are, for most interface use.	Session
wp-settings-<time>-<UID> **	WordPress also sets a few wp-settings-<time>-<UID> cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.	Session
WordPress_google_apps_login **	This cookie is set by the plugin ‘Google Apps Login for WordPress’ and may be present for users who login to WordPress via their Google or GSuite account.	Session
wordpress_test_cookie	Used to check whether your web browser is set to allow, or reject cookies.	Session
wpe-auth

Cookies set by Google Analytics

Cookie Name	Description	Duration
_ga	Used to distinguish users.	2 years
_gid	Used to distinguish users.	24 hours
_gat	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.	1 minute
AMP_TOKEN	Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.	30 seconds to 1 year
_gac_<property-id>	Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. Learn more.	90 days
_gaexp	Optimize 360 – Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.	90 days

Cookies set by CloudFlare

Cookie Name	Description	Duration
__cfduid **	The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.	1 years

Miscellaneous Cookies

Cookie Name	Description	Duration
complianceCookie	Used to distinguish your acknowledgement of our website’s Cookie Banner and subsequent policy (this document).	14 days

Changes To Our Privacy & Cookie Policies

Any changes we may make to our Privacy & Cookie Policies in the future will be posted on this page and, where appropriate, notified to you by email. You will be deemed to have accepted the terms of the updated Privacy & Cookie Policies on your first use of the Site following the alterations. Please check back frequently to see any updates or changes to our Privacy & Cookie Policies.

Contact

Questions, comments and requests regarding this Privacy & Cookie Policy are welcomed and should be addressed to our Company Address or to our email at office@atlastcreative.com.