Privacy Policy

    This Privacy Policy governs the manner in which Space Shark Weddings collects, uses, maintains, and discloses information collected from users (each, a "User") of the spacesharkweddings.co.uk website ("Site"). This privacy policy applies to the Site and all products and services offered by Space Shark Weddings.

    Information We Collect

    We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, fill out a form, create an account, make a booking, sign contracts, make payments, and in connection with other activities, services, features, or resources we make available on our Site.

    We collect the following types of personal information:

    • Account Information: Name, email address, phone number, profile image, authentication data
    • Booking Information: Event dates, locations, special instructions, package preferences, payment history
    • Payment Information: Payment method details (processed securely by Stripe), transaction history, subscription data
    • Contract Information: Digital signatures, contract documents, signing timestamps (processed by BoldSign)
    • Communication Data: Contact form submissions, call booking requests, email correspondence
    • Technical Data: IP address, browser information, device information, usage analytics
    • Content: Images uploaded for portfolio management, questionnaire responses
    • Wedding Content: Wedding photos and videos for portfolio display (with explicit consent)

    We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in certain Site-related activities.

    Purposes of Information Collection

    We collect and use Users' personal information for the following purposes:

    • Service Provision: To provide wedding photography and videography services, process bookings, manage contracts, and deliver requested services
    • Payment Processing: To process payments, manage subscriptions, handle refunds, and maintain financial records
    • Contract Management: To create, send, and manage digital contracts for service agreements
    • Communication: To respond to inquiries, send booking confirmations, payment reminders, and service updates
    • Calendar Management: To check availability, schedule events, and manage our booking calendar
    • Customer Support: To provide technical support, resolve issues, and improve customer service
    • Account Management: To create and manage user accounts, authenticate users, and maintain profiles
    • Analytics and Improvement: To understand how our services are used, improve our website, and enhance user experience
    • Portfolio Display: To showcase our work with explicit client consent
    • Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our terms

    Data Processing Schedule

    Below is a detailed breakdown of how we process your data. For a comprehensive view of all our data processing activities, please refer to our Data Processing Register which provides detailed information in compliance with GDPR Article 30.

    Data TypePurposeLegal BasisRetention Period
    Account InformationUser authentication and account managementContract performanceUntil account deletion + 30 days
    Booking InformationService provision and contract managementContract performance7 years (legal requirement)
    Payment DataPayment processing and financial recordsLegal obligation7 years (tax/accounting)
    Contract DocumentsLegal agreements and service termsContract performance7 years (legal requirement)
    Analytics DataWebsite improvement and user experienceLegitimate interest2 years
    Portfolio ImagesShowcase work with consentConsentUntil consent withdrawal
    Communication DataCustomer support and service updatesLegitimate interest3 years

    Third-Party Services and Data Sharing

    We utilize several third-party services to provide our services effectively. Each service has its own privacy policy and data handling practices:

    • Stripe: Payment processing and subscription management. Stripe collects and processes payment information according to their privacy policy. We do not store full payment card details. Stripe is PCI DSS compliant and processes data in the EU/US with appropriate safeguards.
    • BoldSign: Digital contract signing platform. BoldSign processes contract documents and signatures according to their privacy policy. Data is processed in the EU with GDPR compliance.
    • UploadThing: File upload service for images and documents. Files are stored securely and processed according to their privacy policy. Data is stored in the EU/US with encryption.
    • Resend: Email delivery service. Resend processes email data according to their privacy policy. Data is processed in the EU/US with appropriate safeguards.
    • Google Calendar API: Calendar integration for booking management. Google processes calendar data according to their privacy policy. Data may be transferred outside EEA with Standard Contractual Clauses.
    • PostHog: Analytics and user behavior tracking. PostHog collects anonymous usage data to help us improve our services. Data is processed in the EU with GDPR compliance.
    • Intercom: Customer support chat platform. Intercom processes chat data according to their privacy policy. Data may be transferred outside EEA with appropriate safeguards.
    • Upstash Redis: Rate limiting and caching service. Upstash processes technical data according to their privacy policy. Data is stored in the EU/US with encryption.
    • Font Awesome: Icon library service. Font Awesome may collect usage data according to their privacy policy. Data may be transferred outside EEA.
    • Mapbox: Location services for travel calculations. Mapbox processes location data according to their privacy policy. Data may be transferred outside EEA with appropriate safeguards.

    We encourage you to review the privacy policies of these third-party services for more information on how they handle your data.

    Data Storage and Security

    We adopt appropriate data collection, storage, and processing practices and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal information. Our data is stored in secure databases with encryption at rest and in transit.

    Specific Security Measures:

    • All data is encrypted using AES-256 encryption at rest
    • HTTPS/TLS 1.3 encryption for all data in transit
    • Regular security audits and penetration testing
    • Access controls and authentication for all systems
    • Regular backups with encryption
    • PCI DSS compliance for payment processing

    Use of Cookies and Tracking

    Our website uses cookies and similar tracking technologies to enhance User experience. We use a granular cookie consent system that allows you to control which types of cookies are set:

    • Essential Cookies: Required for basic website functionality and security (always active)
    • Analytics Cookies: Help us understand how visitors use our website (PostHog) - requires consent
    • Functional Cookies: Remember your preferences and settings - requires consent
    • Essential Cookies: Required for website functionality, payments, support, icons, and location services
    • Optional Cookies: Analytics and functional preferences

    You can manage your cookie preferences at any time through our cookie settings panel. Users who prefer not to have cookies placed on their devices can adjust their browser settings to refuse cookies. However, please note that doing so may affect the functionality of certain parts of the website.

    Analytics and User Behavior Tracking

    We use PostHog, an EU-based analytics platform, to improve our website and user experience. PostHog helps us understand how visitors interact with our website through:

    • Product Analytics: Understanding how users interact with our website features and content
    • Web Analytics: Collecting anonymous usage data to improve website performance and user experience
    • Session Replays: Recording anonymous user sessions to identify and fix usability issues
    • Heatmaps: Visualizing user interaction patterns to optimize website layout and content

    All data collected through PostHog is processed in compliance with EU data protection regulations. We only collect anonymous usage data, and no personally identifiable information is tracked without your explicit consent. You can opt-out of PostHog tracking at any time by visiting our cookie preferences or using your browser's privacy settings.

    PostHog Data Processing:

    • Data is anonymized and aggregated where possible
    • Session recordings exclude sensitive form inputs
    • IP addresses are anonymized after 24 hours
    • Data is retained for maximum 2 years
    • You can request data deletion at any time

    Wedding Content and Portfolio Privacy

    As a wedding photography and videography business, we may display wedding content in our portfolio to showcase our work. We have specific policies regarding this content:

    • Explicit Consent Required: We will only display your wedding photos or videos in our portfolio with your explicit written consent
    • Consent Form: We provide a separate consent form for portfolio use that clearly explains how your content will be used
    • Withdrawal Rights: You can withdraw consent for portfolio use at any time by contacting us
    • Content Removal: Upon withdrawal of consent, we will remove your content from our portfolio within 30 days
    • Minors in Content: We require additional consent for displaying images featuring minors under 18 years of age
    • Content Control: You can specify which images/videos can be used and request blurring or cropping of sensitive content

    Payment Data and Security

    We take payment security seriously and follow industry best practices:

    • PCI DSS Compliance: All payment processing is handled by Stripe, which is PCI DSS Level 1 compliant
    • No Card Storage: We do not store full payment card details on our servers
    • Tokenized Payments: Payment methods are tokenized and stored securely by Stripe
    • Encrypted Transmission: All payment data is encrypted in transit using TLS 1.3
    • Fraud Protection: We use Stripe's advanced fraud detection systems
    • Audit Trail: All payment transactions are logged for security and compliance

    Children's Privacy

    Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. However, as a wedding photography service, we may capture images of minors at wedding events:

    • Parental Consent: For minors under 16 appearing in wedding content, we require parental or guardian consent for any portfolio use
    • Age Verification: We verify the age of individuals in wedding content before any portfolio display
    • Special Protection: Images of minors are given additional privacy protection and are never used for marketing without explicit consent
    • Removal Rights: Parents or guardians can request removal of images featuring minors at any time

    If you believe we have collected information from a child under 16, please contact us immediately.

    Your Rights and Choices

    Under GDPR and other applicable data protection laws, you have the following rights:

    • Access: Request a copy of the personal data we hold about you
    • Rectification: Request correction of inaccurate or incomplete data
    • Erasure: Request deletion of your personal data (subject to legal requirements)
    • Portability: Request transfer of your data to another service provider
    • Restriction: Request limitation of processing in certain circumstances
    • Objection: Object to processing based on legitimate interests
    • Withdrawal: Withdraw consent where processing is based on consent
    • Cookie Preferences: Manage your cookie and tracking preferences
    • Portfolio Consent: Withdraw consent for portfolio use of your content

    To exercise these rights, please contact us using the information provided below. We will respond to your request within 30 days.

    GDPR Compliance

    We are committed to complying with the General Data Protection Regulation (GDPR) and ensuring that your personal information is protected in accordance with its provisions. If you are located in the European Economic Area (EEA), you have certain rights under the GDPR, including the right to access, rectify, or erase your personal data. If you would like to exercise any of these rights, please contact us using the information provided below.

    Data Breach Notification

    In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

    International Data Transfers

    Some of our third-party service providers may be located outside the European Economic Area (EEA). When we transfer your personal data to these providers, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements:

    • Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses for data transfers to non-EEA countries
    • Adequacy Decisions: We only transfer data to countries with adequate data protection laws
    • Certification Schemes: We use providers with appropriate certifications (e.g., Privacy Shield for US transfers)
    • Risk Assessments: We conduct regular assessments of international data transfer risks

    Contact Us

    If you have any questions or concerns about our privacy practices or this Privacy Policy, please contact us:

    • Email: support@spacesharkweddings.co.uk
    • Response Time: We aim to respond to all privacy-related inquiries within 30 days
    • Data Protection Officer: For complex privacy matters, we have appointed a Data Protection Officer who can be contacted at the same email address

    Changes to this Privacy Policy

    We reserve the right to update or change this Privacy Policy at any time. Any changes will be effective immediately upon posting the revised policy on this page. We encourage Users to periodically review this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications.

    Notification of Changes: For significant changes to this policy, we will notify users via email or through a prominent notice on our website at least 30 days before the changes take effect.

    Last updated: 01/04/2025