We understand our moral and legal responsibilities to respect your privacy and take care of any personal data we hold about you, in compliance with the data protection legislation (the UK General Data Protection Regulation (the UK GDPR) and the Data Protection Act 2018).
We are Stanley Baker Studios Ltd. We provide portrait and group photography services to schools and other photographers.
Stanley Baker Studios Ltd is a private limited company registered in England & Wales 01800855. Our registered address is SBS House, Tyler Street, Parkeston, Harwich, Essex CO12 4SB. Our Data Protection Act registration number is Z7406931.
Data Protection Officer
We take our data protection responsibilities seriously and have a dedicated Data Protection Officer to oversee the handling of personal data. If you have any queries regarding our data protection compliance, you can contact our Data Protection Officer at DPO@firebirdltd.co.uk
We undertake annual GDPR compliance audits and Payment Card Industry (PCI) security audits to ensure our policies, procedures and practices remain up to date and compliant with legislation and best practice.
Policies and procedures
We have a comprehensive Data Protection Policy, Personal Data Breach Handling Procedure and Data Protection Request Handling Procedure. These are communicated to our employees during their on-boarding and when revisions are made. All employees (and where relevant contractors) must read and abide by our policies and procedures.
Training and awareness
Our employees and associates receive mandatory data protection and security awareness training during their on-boarding and refresher training annually. Training is supported by regular awareness raising communications and team discussions.
We have appropriate security in place to protect personal data against unauthorised or accidental access, disclosure, loss, destruction or damage. Here are some examples of the technical security measures we have in place to protect our network, equipment and the data they contain:
Here are some examples of the organisational security measures we have in place to protect personal data:
Personal data breach handling procedures
We have procedures in place to identify, report, investigate and manage personal data security (in the unlikely event they may occur). All incidents and suspected personal data breaches are reported to our Data Protection Officer. If a security incident occurs which involves our customers’ personal data, they will be notified without undue delay.
We sometimes use other companies or contractors to process personal data on our behalf, for example cloud storage providers, advertising and marketing companies, payment processing, printers, freelance photographers and photograph editing companies. We carry out due diligence checks on these ‘data processors’ to assess they have appropriate technical and organisational measures that are sufficient to implement the requirements of the data protection legislation and to protect the rights of data subjects and our customers. We have written contracts in place with our data processors which contain data protection clauses.
Where we act as a data processor for our customers’ personal data, our processing is covered by a Data Processing Agreement. This is available on our website: Data Processing Agreement
Data subjects’ rights
Our employees and associates are provided with training and guidance on how to recognise requests from data subjects exercising their data protection rights. We have a comprehensive Data Protection Request Handling Procedure and recording procedures to manage and monitor requests. If a request is received from one of our customers’ data subjects, we will ask the data subject to make their request directly to our customer or seek their consent to forward their request to the customer.