DigiScan Privacy
Policy
Last Updated: Date - 5th June 2025. At DigiScan, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our photo scanning services. DigiScan is a trading name only, and not to be confused with any other other company or product using the same name. We are based in Flintshire, Wales, United Kingdom. For the purposes of data protection law, we are the data controller of your personal data.
1. What Personal Data Do We Collect?
We may collect and process the following types of personal data about you:
​
Contact Information:
Your name, postal address, email address, and phone number. This is essential for communicating with you about your order, sending back your photos, and invoicing.
​
Order Details:
Information related to your photo scanning order, including the type of photos (e.g., prints, slides, negatives), quantity, any specific instructions you provide, and the chosen scanning resolution or output format.
​
Payment Information:
If you pay directly through our website, payment details are typically processed by a third-party payment processor (e.g., Stripe, PayPal). We do not directly store your full credit card details. We may receive confirmation of your payment and relevant transaction IDs.
​
Correspondence:
Records of our communications with you, including emails, messages, and notes from phone calls, related to your orders or enquiries.
​
Technical Data (Website Usage):
When you visit our website, we may automatically collect data such as your IP address, browser type and version, operating system, referral source, length of visit, page views and website navigation paths. This data helps us improve our website's functionality and user experience.
​
Marketing Preferences:
Your preferences regarding receiving marketing communications from us.
We DO NOT store or access the content of your scanned photos beyond what is necessary to perform the scanning service and deliver the digital files to you. Your images are your property and are treated with the utmost confidentiality.
2. How Do We Collect Your Personal Data?
We collect personal data from you in the following ways:
​
Directly from You:
When you place an order via our website, email, or phone; complete an enquiry form; subscribe to our newsletter; or communicate with us directly.
​
Through Our Website:
Using cookies and similar technologies when you browse our website (please see our separate Cookie Policy for more details).
​
From Third Parties:
If you engage with us via a platform like a social media messenger, we may receive some public profile information, or if you use a third-party payment processor, we receive confirmation of your payment.
3. How and Why Do We Use Your Personal Data? (Lawful Bases for Processing)
​
We process your personal data for the following purposes and rely on the following lawful bases under UK GDPR:
To Provide Our Services (Contractual Necessity):
Processing your orders and enquiries.
Scanning your photos and creating digital files.
Sending you order confirmations, updates, and proofs.
Delivering your scanned digital photos and returning your physical photos.
Managing your account and providing customer support.
For our legitimate interests (and your interests/fundamental rights are not overridden):
Business Operations: Managing our business, including accounting, billing, and record-keeping.
Service Improvement: Analysing how our services are used to improve them and develop new offerings.
Website Improvement: Monitoring and analysing website usage to improve its functionality and user experience.
​
Security:
Protecting our website, systems, and data from fraud and security threats.
Legal Claims:
Establishing, exercising, or defending legal claims.
​
To Comply with Legal Obligations:
Maintaining records required by law (e.g., tax records).
Responding to lawful requests from public authorities.
​
With Your Consent:
Sending you marketing communications about our services, promotions, or news (if you have opted-in). You can withdraw your consent at any time.
4. Who Do We Share Your Personal Data With?
​
We do not sell your personal data to third parties. We may share your personal data with:
​
Service Providers:
Third-party companies that perform services on our behalf, such as: Payment Processors: To securely process your payments (e.g., Stripe, PayPal).
​
Delivery Services:
To ship your physical photos back to you and deliver digital files (e.g., Royal Mail, courier services, cloud storage providers for digital delivery).
​
IT and System Administration Services:
Providers who support our website, email, and internal systems.
Professional Advisers: Lawyers, accountants, and other professional advisers who provide services to us.
Law Enforcement or Regulators: If required by law, court order, or to cooperate with legal investigations.
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you if this occurs.
​
We ensure that all third parties we share your data with are obligated to protect your data and only use it for the specific purposes we instruct them to.​​
5. How Long Do We Keep Your Personal Data?
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Order-related data (Contact, Order Details, Payment Confirmation): Generally kept for [e.g., 6 years] after the completion of your order, to comply with tax and accounting regulations.
​
Correspondence:
Kept for as long as relevant to ongoing services or potential future enquiries.
​
Marketing Consent:
Your marketing preferences are retained until you withdraw consent.
​
Scanned Digital Photo Files:
We typically store your scanned digital photo files securely for a limited period (e.g., 30 days) after successful delivery to you, to allow for any download issues or queries. After this period, they are securely deleted from our systems. We strongly recommend you download and back up your digital files as soon as you receive them.
6. International Transfers of Your Personal Data
We primarily store and process your personal data within the United Kingdom. However, some of our service providers (e.g., cloud storage, email providers) may operate globally, which could involve transferring your data outside the UK or European Economic Area (EEA).
When such transfers occur, we ensure that appropriate safeguards are in place to protect your data, such as:
Transferring data to countries deemed to provide an adequate level of protection for personal data by the UK government.
Using standard contractual clauses approved for use in the UK which provide specific data protection obligations for the recipient.
Ensuring the recipient has binding corporate rules approved by supervisory authorities.
7. Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:
The Right to Be Informed: To know how your data is collected and used (as explained in this Privacy Policy).
The Right of Access: To request a copy of the personal data we hold about you.
The Right to Rectification: To request that we correct any inaccurate or incomplete personal data we hold about you.
The Right to Erasure ("Right to be Forgotten"): To request that we delete your personal data where there is no good reason for us to continue processing it (subject to certain legal obligations).
The Right to Restrict Processing: To request that we temporarily halt the processing of your personal data in certain circumstances (e.g., if you are disputing its accuracy).
The Right to Data Portability: To request that we transfer your personal data to another organisation in a structured, commonly used, machine-readable format.
The Right to Object: To object to the processing of your personal data where we are relying on a legitimate interest or for direct marketing purposes.
Rights in Relation to Automated Decision Making and Profiling: We do not use automated decision-making or profiling that would have a significant effect on you.
To exercise any of these rights, please contact us using the details below. We will respond to your request within one month. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
8. Security of Your Personal Data
We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. These measures include:
​
Using secure servers and encrypted connections (SSL/TLS) for our website.
Restricting access to personal data to only those employees, agents, contractors, and other third parties who have a business need to know.
Regularly backing up data.
Securely deleting digital image files after the specified retention period.
Securely handling and storing physical photos while they are in our possession.
Despite our efforts, no method of transmission over the internet or method of electronic storage is 100% secure.
9. Third-Party Websites and Services
Our website may contain links to third-party websites or services (e.g., social media links). This Privacy Policy only applies to our services. We are not responsible for the privacy practices of third-party websites or services, and we encourage you to read their privacy policies.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this policy will indicate when it was last revised. We encourage you to review this policy periodically. Significant changes will be communicated to you where appropriate.
11. How to Contact Us
If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise any of your rights, please contact us at:
​
DigiScan The Coach House, The Old Hall. Pentre Road, Halkyn, Holywell Flintshire, Wales, UK. Email: digiscanuk@hotmail.com Tel: 07359 785028
​12. Complaints
If you are not satisfied with how we have handled your personal data, you have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
Information Commissioner's Office (ICO) Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Helpline number: 0303 123 1113 ICO website: www.ico.org.uk