Privacy Policy
- Data controller
- Valorem Management, S.L.
- CIF
- B67581801
- Address
- Carrer Ferrán Agulló 22, ENT 2, 08021 Barcelona, Spain
- Contact
- photos@valorem.management
This Privacy Policy explains how Valorem Management, S.L. ("Valorem", "we", "us") processes personal data collected through the website photosbyhelmy.com and the booking platform photosbyhelmy-booking.netlify.app (together, the "Service"). We process your data in accordance with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
1. Who is the data controller
The data controller is Valorem Management, S.L., with CIF B67581801, with registered office at Carrer Ferrán Agulló 22, ENT 2, 08021 Barcelona, Spain. You may contact us at any time at photos@valorem.management.
2. What personal data we collect
We collect only the data necessary to provide the photography service and to comply with our legal obligations:
2.1 When you make a booking
- First name and last name
- Email address
- Phone or WhatsApp number (optional)
- Selected package, date, time and location of the shoot
- Any special wishes or requests you choose to share
- Payment information (handled directly by Revolut, see section 4 below; we do not store your card details on our servers)
3.2 When you contact us
- The contact channel you use (email, WhatsApp, KakaoTalk) and the contents of your message
- Any data you voluntarily share in the conversation
3.3 When you visit the website
- Technical data necessary to deliver the site (IP address, browser type, device type, pages visited, referring URL)
- Conversion measurement data from Google Ads when you arrive from an advertisement (see our Cookie Policy)
3. Purposes and legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Managing your booking and providing the photography service | Performance of a contract (Art. 6.1.b) |
| Issuing invoices and meeting accounting and tax obligations | Compliance with a legal obligation (Art. 6.1.c) |
| Sending you transactional emails about your booking (confirmation, receipt, reschedule, reminder) | Performance of a contract (Art. 6.1.b) |
| Responding to enquiries received via email, WhatsApp or KakaoTalk | Performance of pre-contractual measures at your request (Art. 6.1.b) |
| Operating and securing the website (technical logs, fraud prevention) | Legitimate interest (Art. 6.1.f) |
| Measuring conversions from Google Ads | Consent (Art. 6.1.a), where required |
| Using portfolio photographs of you on the website or social media | Consent (Art. 6.1.a); see section 8 |
4. Service providers and recipients
We share personal data only with the service providers needed to operate the Service. Each acts as a data processor on our behalf under a data processing agreement, or as an independent controller for their own legal purposes:
| Provider | Purpose | Location |
|---|---|---|
| Netlify, Inc. | Hosting of the booking platform | United States (with EU edge delivery) |
| Cloudflare, Inc. | Hosting and content delivery of the main website | United States (with EU edge delivery) |
| Revolut Bank UAB | Processing of card payments | Lithuania (EU) |
| Resend, Inc. | Delivery of transactional emails (booking confirmations, receipts) | United States |
| Google Ireland Ltd. (Google Workspace) | Email inbox and storage | Ireland (EU) |
| Google Ireland Ltd. (Google Ads) | Conversion measurement for advertising | Ireland (EU) |
| Quantum Economics | Accounting (invoices and tax records) | Spain (EU) |
We may also disclose personal data to public authorities when required by a court order or by law.
5. International data transfers
Some of our providers (Netlify, Cloudflare, Resend) are based in the United States. Where personal data is transferred outside the European Economic Area, the transfer is protected by the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework. You may request a copy of the safeguards in place by emailing photos@valorem.management.
6. How long we keep your data
- Booking and contact data: for the duration of the contract and a minimum of 5 years thereafter, as required by Spanish accounting and tax law.
- Invoices and tax records: 5 years (Spanish General Tax Act, Art. 66) and up to 10 years under Spanish commercial law for the supporting accounting documents.
- Enquiry messages (email, WhatsApp, KakaoTalk): kept while reasonably useful for follow-up, and removed on request.
- Technical logs: short retention by our hosting providers (typically up to 30 days).
- Conversion tracking data: retention defined by Google Ads (currently up to 13 months by default).
- Photographs of you: the original files are kept for up to 12 months after delivery so we can re-supply your gallery on request, then deleted unless you have given consent for portfolio use.
7. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you;
- Rectify data that is inaccurate or incomplete;
- Erase your data ("right to be forgotten") when there is no overriding legal reason to keep it;
- Restrict or object to certain processing;
- Portability: receive your data in a structured, machine-readable format;
- Withdraw consent at any time where processing is based on consent (without affecting the lawfulness of prior processing).
To exercise any of these rights, email us at photos@valorem.management. We will respond within one month.
You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos), C/ Jorge Juan 6, 28001 Madrid, www.aepd.es.
8. Photographs and image rights
The photographs taken during your session are delivered to you for your personal use through a private online gallery. We do not publish photographs of identifiable people on our website, social media or marketing materials without your explicit consent.
If you choose to give that consent (for example by signing or replying to a portfolio release after your session), you can withdraw it at any time by emailing photos@valorem.management. We will remove the images from our public channels within a reasonable time; we cannot guarantee removal of images that have already been shared, downloaded or indexed by third parties.
9. Cookies
Information about cookies and similar technologies (including Google Ads conversion tracking) is set out in our separate Cookie Policy.
10. Minors
Bookings are made by adults. Children may take part in a family session, in which case the parent or legal guardian making the booking is responsible for the data of the minors involved and authorises us to photograph them for the purposes of the session.
11. Updates to this policy
We may update this Privacy Policy from time to time, for example to reflect changes to our service providers or to legal requirements. The "Last updated" date at the top of this page indicates the latest version. We encourage you to review this policy periodically.