Privacy Policy – Photo Printing & Processing

Effective Date: 02 September 2025

Scope

This privacy policy applies to individuals whose personal data we process through our WhatsApp and Instagram photo printing and processing service. This policy explains how we collect, use, and protect personal data sent to us via WhatsApp or Instagram for printing and processing.

For information about how we handle data collected through our website or other services, please visit https://squareshare.me or contact us directly.

1. Who We Are

SquareShare Media Limited (“we,” “us,” or “our”) is a data controller registered in England and Wales. We provide digital photo printing, processing and software services for events.

Contact Details:

  • Company: SquareShare Media Limited
  • Address: 86-90 Paul St, London, EC2A 4NE
  • Email: tom@squareshare.me
  • Phone: +44 (0) 207 112 8661

2. What Personal Data We Collect

When you use our photo printing and processing service via WhatsApp or Instagram, we collect:

  • Media content (photos, images, videos, documents, etc) that you send to us via WhatsApp or Instagram
  • Message content including any text, captions, or instructions you include
  • Profile and Contact Information such as your WhatsApp display name and phone number, or your Instagram profile information (including your username/handle).
  • Metadata including timestamps, message IDs, and delivery status

This data comes exclusively through Meta’s APIs (WhatsApp Cloud API or Instagram Graph API). We do not collect any additional personal information beyond what is transmitted through these platforms.

3. How We Collect Your Data

We collect your personal data through:

  • WhatsApp Cloud API messaging – when you send messages and media to our WhatsApp business number
  • Instagram Graph API – when you share images with us for printing via Instagram

Third Party Processing: We use both the WhatsApp Cloud API and Instagram Graph API (provided by Meta Platforms Ireland Limited) to receive your messages and media. Meta processes your data in accordance with their own data processing terms.

4. Why We Process Your Data

We process your personal data based on:

  • Performance of a Contract: When you send us your media for printing, we process it to fulfil our service agreement with you—the delivery of a printed photo.
  • Legitimate Interests: We process and store your data to provide our client (the event organiser) with access to the event’s collection of photos, which is a legitimate interest of our client and a core part of the service they have hired us to provide. We also rely on legitimate interests for maintaining system security and support records.
  • Consent: Where you provide explicit consent for your media to be used for marketing or promotional purposes by our client, we process it on the basis of that consent.

5. How We Use Your Data

We use your personal data solely to:

  • Print and process media content you send to us
  • Provide access to our clients who have hired our services
  • Provide technical support if printing or processing issues arise
  • Maintain historical records for future reference and access

Marketing consent: If you provide explicit consent, your media may also be used by our clients for marketing and promotional purposes. This consent is typically requested via an automated message to which you can reply with your agreement (e.g., by sending ‘YES’). This consent is separate and optional. You can use our printing services without providing marketing consent.

We do not use your data for our own marketing, advertising, or any other commercial purposes beyond providing the requested printing services.

6. Data Storage and Security

Security Measures:

  • Access is strictly restricted to authorised personnel only
  • Secure SSH access control encrypts data in transit
  • Images and media are encrypted at rest using cloud storage services
  • Application-level access controls ensure each client can only access their own data
  • Our technical infrastructure is regularly updated and continuously monitored.

7. How Long We Keep Your Data

We retain data for up to 7 years in accordance with our legal obligations to maintain proper business records. This is necessary to protect the business in case of legal action (the statute of limitations for contract disputes in England and Wales is 6 years), and enables client access for historical review, reprint or commemorative purposes. Data will be deleted upon request from data subjects where this does not conflict with our legitimate business interests in maintaining complete records for potential legal proceedings.

8. Data Sharing

We share your personal data only with:

  • The client who hired our services via a secure web portal. If downloaded by our client, they are responsible for their own use of the data under their privacy policy.
  • Our data processors (Meta for Meta APIs, DigitalOcean for hosting and storage) under appropriate data processing agreements.

We do not sell, rent, or share your personal data with any other third parties.

9. Your Rights

Under UK data protection law, you have the right to:

  • Access your personal data and receive a copy
  • Correct any inaccurate or incomplete data
  • Delete your data (subject to our legitimate interests in record-keeping)
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interests

To exercise any of these rights, contact us at tom@squareshare.me.

10. Third Party Data Processors

We work with the following data processors:

  • Meta Platforms Ireland Limited – WhatsApp Cloud API and Instagram Graph API (Meta may process data outside the UK/EU as part of their global infrastructure, subject to appropriate safeguards under their data processing agreements).
  • DigitalOcean, LLC – Web server hosting and secure image storage (UK/EU data centres, under appropriate data processing agreements)

All processors are bound by appropriate data processing agreements and security requirements.

11. Changes to This Policy

We may update this privacy policy from time to time. Any significant changes will be communicated to active clients via email or through our website.

12. Complaints

If you have concerns about how we handle your personal data, you can:

  1. Contact us directly at tom@squareshare.me
  2. Lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk

13. Data Breaches

In the event of a data breach that poses a risk to your privacy, we will notify the relevant authorities and affected individuals in accordance with UK data protection requirements.

14. Children’s Data

We do not knowingly collect data from children under 13 without parental consent. Parents or guardians can contact us to request deletion of their child’s data.

15. Contact Us

For any questions about this privacy policy or how we handle your data, please contact our Data Protection Contact: Tom Stayte | tom@squareshare.me | +44 (0) 207 112 8661