Passport-Photo.co.uk

Privacy Policy

This policy explains how we collect, use, store, and share personal data when you use Passport-Photo.co.uk and related checkout, delivery, and support services.

Last updated: 26 February 2026
We are an independent service provider. We are not affiliated with HM Passport Office or any government agency.

1. Data Controller and Contact

The controller for this website and service is the operator of Passport-Photo.co.uk ("Controller"). For privacy requests or questions, contact: support@passport-photo.co.uk.

2. Personal Data We Collect

  • Photos and image data: uploaded images and processed output files.
  • Order and transaction data: package choice, add-ons, order status, amount, timestamps, and payment references.
  • Contact data: email address used for delivery and receipts.
  • Technical and security data: IP address, device/browser information, job IDs, access logs, anti-abuse data.
  • Session/access data: security tokens/cookies used to protect job-level access.

3. How We Obtain Data

  • Directly from you (uploads, checkout fields, support requests).
  • Automatically through your use of the website (logs, session identifiers, security telemetry).
  • From service providers involved in payments and delivery confirmations.

4. Purposes and UK GDPR Legal Bases

  • Contract performance: processing photos, creating outputs, handling payment-linked delivery.
  • Legitimate interests: security, fraud prevention, service reliability, dispute handling, and support.
  • Legal obligations: accounting, tax, legal claims, and regulatory compliance duties.
  • Consent: where legally required for optional activities.

5. Automated Processing

We use automated image-processing systems to generate passport-photo outputs. These tools support service delivery but do not make solely automated legal decisions about your official passport application.

6. Data Sharing

We share personal data only where needed to provide and protect the service, including with:

  • cloud hosting and storage providers,
  • payment processors,
  • email/transaction delivery providers, and
  • specialized infrastructure providers used for code-based delivery flows.

We do not sell personal data.

7. International Transfers

Where personal data is transferred internationally, we apply appropriate safeguards required by applicable law, such as contractual protections and security controls.

8. Retention

We keep data only for as long as reasonably necessary for service delivery, anti-abuse controls, legal defense, and mandatory accounting or regulatory duties.

  • Operational files and logs are retained based on business need and security risk.
  • Order/payment records may be retained longer for statutory and dispute purposes.
  • Time-limited delivery codes include expiry metadata and are not perpetual.

9. Cookies and Similar Technologies

We use essential cookies/tokens required for secure session handling and protected file access. Disabling essential cookies may prevent core service features from functioning.

10. Security

We apply technical and organizational safeguards intended to reduce unauthorized access, misuse, and loss. No internet-based service can be guaranteed 100% secure.

11. Your Rights

Subject to law, you may request to:

  • access personal data,
  • correct inaccurate data,
  • delete data,
  • restrict or object to processing,
  • receive data portability where applicable, and
  • withdraw consent where processing is consent-based.

You may also complain to the UK Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint.

12. Children

This service is not directed to children under 13. If you believe data has been submitted in breach of this, contact us and we will review and take appropriate action.

13. Changes to this Policy

We may update this policy from time to time. Material changes become effective when posted on this page. Please check the "Last updated" date.

Related pages: Terms of Service | Refund Policy