Privacy Policy — Dear Photogram | Jose Penm

Privacy Policy

Dear Photogram — Eindhoven Analogue Experience · Effective date: 15 August 2025

Controller: Dear Photogram and Jose Penm are brands of Jose Luis Peña Martinez, KvK 71980091, Eindhoven, The Netherlands. · Contact: [email protected]

1) Personal data we collect

  • Identity & contact: name, email, phone (if provided), preferred date/time.
  • Booking & participation: plan selected, group size, media preference (opt‑out/opt‑in), special requests.
  • Communications: emails, messages, feedback, support inquiries.
  • Media: optional behind‑the‑scenes photos/video; only used per your preference (see Promotional Use).
  • Technical/usage: IP address, device/browser data, pages visited, referrer/UTMs and cookies (see Cookie Policy).
  • Payments: if you pay via a secure link, the payment is processed by a third‑party provider; we receive limited information necessary for reconciliation (e.g., amount, status), not full card details.

2) Sources

We collect data directly from you (forms, email), automatically via our website (cookies/UTMs), and from third‑party booking or marketing platforms you use to contact us.

3) Purposes & legal bases (GDPR)

  • Provide the Experience (scheduling, communications, deliverables) — performance of a contract (Art. 6(1)(b)).
  • Customer support & safety (instructions, incident handling) — legitimate interests (Art. 6(1)(f)).
  • Payments (via secure link) — performance of a contract and legitimate interests.
  • Marketing (updates, new dates) — consent where required or legitimate interests with opt‑out.
  • Analytics (site performance, traffic sources) — consent for non‑essential cookies.
  • Legal obligations (tax/audit, regulatory requests) — legal obligation (Art. 6(1)(c)).

4) Sharing & processors

We share personal data with trusted service providers (processors) only as necessary:

  • CRM & forms: GoHighLevel (via our partner domain) to manage forms, contacts and follow‑ups.
  • Hosting & infrastructure: website hosting, security and content delivery providers.
  • Email & communications: email service providers for transactional and support emails.
  • Payments: third‑party payment processor for secure checkout via link.
  • Analytics/ads (if enabled): privacy‑aware analytics and/or ad platforms; only after consent for non‑essential cookies.

We require processors to implement appropriate security and to process data solely under our instructions.

5) International transfers

Your data may be processed outside the EEA by some providers. Where this occurs, we rely on appropriate safeguards such as the EU Commission’s Standard Contractual Clauses (SCCs) and additional measures as necessary.

6) Retention

  • Contacts & bookings: typically retained up to 24 months after your last interaction, unless longer is required for legal reasons.
  • Transactional records: retained per tax/audit rules (generally 7 years in NL).
  • Media preferences & consents: retained while relevant to honour your choices.
  • Analytics cookies: per our Cookie Policy and your consent settings.

7) Security

We apply reasonable technical and organisational measures to protect personal data. No online service can be guaranteed 100% secure, but we continuously improve our safeguards.

8) Your rights (GDPR)

You have the right to access, rectification, erasure, restriction, data portability, and to object to processing (including direct marketing). Where processing relies on consent, you may withdraw it at any time without affecting prior processing.

To exercise your rights, email [email protected]. We will respond within the timelines set by law. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

9) Cookies & tracking

We use cookies and similar technologies. Essential cookies are required for the site and embedded forms to function. Non‑essential (analytics/marketing) cookies are used only with your consent. See our Cookie Policy for details and how to change your preferences.

10) Children

Our services are not directed at children under 16. If you believe we have collected personal data from a minor without proper consent, contact us to delete it.

11) Changes

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. We will post the updated version with a new effective date and, where appropriate, notify you.