Michelle Boza

Welcome to my website.

This page sets out the Terms & Conditions of use and the various policies that apply to my website, and is divided into the following sections:

1. Terms and Conditions
2. Privacy Policy
3. Cookie Policy
4. Web Analytics Policy
5. Copyright Policy
6. Acknowledgements
7. Business Information

Definitions

The terms "I", "Me", "Owner" refers to Michelle Boza as the owner of this website.

The term "Operator" refers to Mike Tubby as the operator of this website on behalf of Michelle Boza.

The terms "We", "Us" or "Our" refers to the Owner and Operator of the website collectively.

The terms "You" or "User" refers to you as the user of this website regardless of whether the user is a natural person, sole-trader, partnership, charity, government department, govenment agency, body corporate, computer system or robot.

The term "Agent" refers to Mike Tubby who represents Michelle Boza and her business interests.

The term "Website" means this website located at the URL address: https://michelle-boza.uk

Agreement

These Terms & Conditions govern all interactions between the you as the User and me as Owner of this Website.

By accessing information on the Website you agree to be bound by these Terms & Conditions in full and as far as permitted by law.

1. The content of this website are provided for general information only and are subject to change without notice.

2. Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials provided on this website for any particular purpose.

3. You acknowledge that the information and materials on this website may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.

4. Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements.

5. This website contains material which is owned by us and or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance, graphics and photographs as defined in the Copyright and Acknowledgements sections of this notice.

6. You may not use, publish, redistribute, sell, rent, license, sub-license, reproduce, duplicate, copy or otherwise deal in or exploit material from this website for any purpose whatsoever without written permission of the Owner.

7. You may not use, publish, upload or post photographs from this website to any other website or social media site anywhere in the world including but not limited to Facebook, Instagram, Twitter, TikTok, Snapchat, WhatsApp, LinkedIn, etc.

8. We may include or embed digital fingerprints, watermarks, metadata or forensic information ('Watermarks') in photographs on this website to protect our assets and Copyright material. Any watermarks that we embed in photographs or images may be overt (visible) or covert (invisible) and are intended to protect our assets.

9. This website may use 'Cookies' to ensure the correct operation of this website or to monitor pages viewed and browsing preferences. Our use of Cookies is set out in our Cookie Policy below.

10. We may use 'Analytics' to monitor pages viewed and understand how users intereact with the website. Our use of analytics is set out in Website Analytics policy below.

11. Any and all trademarks reproduced in this website which are not the property of, or licensed to, me are duly acknowledged.

12. We may include links to other websites for your convenience or to provide further information on relevant topics. Any links provided by us do not signify that we endorse the website(s) to which we link and we are not responsible for the content these websites.

13. Other websites may link to this website and prior permission is not required as long as this website is not misrepresented or misused in any way.

14. You may not use this website to upload, transmit, distribute or deal in any form of computer virus, trojan, malware, harmful software or for cross-site scripting, denial of service or other forms of attacks on this or any other computer on the Internet or anywhere in the world.

15. You must not use this website in any way that causes, or may cause, damage to the website or impairment of the availability or accessibility of the website; or in any way which is unlawful, illegal, fraudulent or harmful, or in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

16. Unauthorised use of this website, its contents and its associated server may give rise to a civil claim for loss or damages and may constitute a criminal offence.

17. No part of these Terms & Conditions are intended to be part of an offer to provide goods or services or to form any part of a contract outside these Terms & Conditions of use.

18. No part of these Terms & Conditions are intended to transfer any rights to a third-party.

19. Your use of this website and any dispute that may arise out of such use shall be subject to the laws of England & Wales and the jurisdiction of the English Courts.

If you do not agree with the Terms & Conditions then you should not use this website.

This Privacy Policy sets out how we collect and use your data, and how we comply with the Data Protection Act (2018) and UK's General Data Protection Regulations (UK GDPR).

Information we collect

We aim to collect the minimum information necessary for the operation of the website and my legitimate business interests. How you use the website determines the type of information that we collect and how it is used.

Casual browsing

If you access the website on a casual basis to view my content such as my photographs, articles or blog then we collect no personal information about you or information that identifies you and use only an essential cookie needed for the website work correctly as described in our Cookie Policy. We use a light-weight web analytics system that is described in our Web Analytics policy that collects no personal information.

Customer enquiries

If you contact me about providing goods or services then we collect the following information:

1. Your name
2. Your company name (if you have one)
3. Your address
4. Your email address
5. Your telephone number
6. Information about the project, assignment, goods or services required

If an enquiry proceeds to prospective business then we will send you various business-to-business (B2B) documentation by email or post such as quotations, booking forms and professional services contracts that are part of a business relationship and which do not form part of this website and are outside the scope of the GDPR.

Customer details

If you place an order with me for goods or services then I, or my agent, will request further information from you as a customer, including:

1. Your company registration details (registered office, company registration number)
2. Your billing details (where we send invoices)
3. Your banking details
4. Your VAT registration number (if you have one)
5. Commercial references (if we have not dealt with you before)
6. Name of your client
7. Name of the project or assignment
8. Type and nature of the work
9. Location of the venue or assignment (address and contact details)
10. The dates, times and duration of the work

and ask you for B2B documents like booking forms and purchase orders that are part of our business relationship and which do not form part of this website.

How we obtain personal information and why we have it

The information we process is provided by you for one of the following reasons:

1. Customer Enquiry - when you contact me or my agent via telephone, email or by using the contact form on this website
2. Customer Order - when you place an order for my goods or services
3. Booking Work - where you provide the full details for a project or assignment
4. Customer Invoices - when I send you an invoice for goods or services I have provided

We may also receive personal information indirectly, from the following sources in the following scenarios:

• Agency referals - when a agency that you use refers you to us or an agency we use refers us to you
• Recommendations - when a client, photographer, model or artist that you know refers you to us or refers us to you

Customer enquiries

When somebody contacts me or my agent by email, telephone or by using the contact form on this website we collect sufficient information to process this as a Customer enquiry.

Customer details

If you book me for work on a project or an assignment then you become a customer and we request additional information in order to define he scope of work, issue a quotation, complete a booking form, accept your purchase order, perform the work and invoice for the work so we request your Customer details for these business processes.

Business records

We collect and maintain copies of contracts, purchase orders, booking forms and invoices as required by HMRC and DWP however these are off-line (paper records) rather than being recorded in a computer.

I retain business related information for minimum of six years and a maximumn of seven years in order to comply with HMRC requirements for record keeping in line with my employment status.

Lawful bases for processing data

The lawful bases for processing your information under the UK GDPR are as follows:

Consent - if you fill out my contact form, send me email or telephone we consider this consent to collect and use your information as a Customer enquiry so I can respond to your request.

Contract - if you place and order for the provision of goods or sevices, directly or via my agent, then we enter into a contract we need your Customer details in order to fulfil the contract.

Legal Obligation - I am required to maintain business records for HMRC and/or DWP purposes related to employment or provide information to the Police or another competitent body.

How we store your personal information

We use reasonable endeavours to maintain security of your information in electronic or paper forms.

Electronic storage of business-related information

When you send me an message via the 'contact' form or an email it is sent securely to my laptop using a modern email system that employs Transport Layer Security (TLS) for data in transit.

Information is stored securely on my laptop via disk encryption (protection of data at rest) and I follow NCSC Cyber Essentials information security practices.

Non-electronic storage of business-related information

When you telephone me or when I raise a printed invoice and send it to you these are written records that are non-electronic - they are written or printed.

Non-electronic (printed) information is stored in a lockable filing cabinet at the business address shown below.

Web server logs

Our webserver collects logs for the purposes of detecting and preventing fraud and unauthorised accesses for the maintaining of the security of our systems inline with the GDPR. The webserver logs include:

1. IP address of each device that accesses our servers
2. You username (only if you have a login on the website)
3. Date and time stamp for the access request
4. HTTP request type and details of the page or resources requested
5. HTTP response code (outcome) for the request
6. Size of the page, resource or object transmitted to your device
7. HTTP referer (name of the website that referred you to our site) if any
8. Information about the type of device, operating system and web browser that made the request, known as the 'User Agent' string

Access to server logs

The server logs are only accessible to the operator of the website and their technical support staff are secured by two-factor authentication (2FA).

Retention time for server logs

Server logs are retained for at least six months and up to twelve months in order to detect security threats or trends, perform security audits and to respond to security incidents in line with NCSC Guidelines.

Secure destruction and disposal of information

Where electronically stored data has reached the end of its retention period it is deleted using processes in line with ISO27001.

Where printed materials has reached the end of its' retention period it is destroyed via secure document destruction in line with ISO27001.

Where a computing asset is decommissioned at end-of-life the storage device (hard disk drive, SSD drive) is removed and destroyed in line with ISO27001.

Your data protection rights

Under data protection leglislation, you have rights that include:

• Right of access - You have the right to ask us for copies of your personal information.
• Right to rectification - You have the right to ask us to update personal information you think is inaccurate or incomplete.
• Right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
• Right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
• Right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at privacy@michelle-boza.uk if you wish to make a request.

Right to access

You can request a copy of the information that I hold on you, however I may require proof of identity before providing this information.

Right to rectification

You can ask me to amend the information that I hold on you if it is incorrect or incomplete but I may require proof of identity or evidence of alternative details before updating this information.

Right to erasure of information

You can request me to delete information that I hold on you but this may be subject to legal obligations or restrictions - for example I have to maintain records as set out by HMRC requirements for record keeping in line with my employment.

Right to restriction of processing

You can request me to cease sending you email messages or to not call you.

Right to object to processing

While you can object to us processing your information in limited circumstances, we have legal obligations to maintain records for compliance with employment and tax reasons.

Website Security

This website is hosted in the UK and maintained in line with NCSC Cyber Essentials and ISO27001 best current practice.

The webserver employs Transport Layer Security (TLS version 1.2 or later) with 256-bit AES encryption for secure transmission of data in transit.

This website is is secured via a Domain Validated (DV) SSL Server Certificate issued by Comodo/Sectigo in the UK.

Webserver administrative functions use strong passwords and two-factor authentication (2FA).

This website scores A+ on the Qualys SSL Labs Website Security test suite - click here to verify.

For any queries or concerns in respect to operation of the webserver or website security please email webmaster@michelle-boza.uk.

Compliance

We have used the ICO's How well do you comply with data protection law: an assessment for small business owners and sole traders checklist to ensure we comply with the GDPR and the ICO guidelines.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at privacy@michelle-boza.uk.

If we are unable to resolve your complaint about how we have used your data you can also complain to the ICO:

Overseas and international users

I live and work in the United Kingdom (UK) and the intended audience for this website and clients are based in the UK.

I do not transfer any information outside of the UK or EEA and do not process any information outside of the UK or EEA.

If you have any issues in respect of this privacy policy in your jusrisdiction please contact privacy@michelle-boza.uk.

The data protection supervisory authority in the UK is the Information Comissioners Office (ICO).

About Cookies

Cookies are small pieces of data that are downloaded to your computer to improve operation of a website and your user experience, however Cookies can also pose a risk to privacy if mis-used.

For information about Cookies, what they are and how they work see the Wikipedia article HTTP Cookies.

Our Cookie Policy

Our policy is to use the minimum number of cookies possible to make this website functional and secure while at the same time respecting user privacy. We acheive this by using a single, essential cookie that is strictly necessary for the operation of this website.

We do not use any Cookies that are non-essential, optional or from third-parties such as advertisers, trackers or from other websites.

Cookies On This Website

The Cookie that we use is called a 'Session Cookie' - a cookie that lasts only as long as you are browsing the website (a browings session). Session Cookies are automatically discarded by your browser when you finish using our website.

The session cookie is part of the PHP programming language and is called PHPSESSID and it's purpose is to link various pages and requests together to make the site work and implement essential security features like user logins and protection from several types of attacks.

The session cookie contains an identifier that simply allows our webserver to process requests from multiple users and know which requests and responses belong to which user. The identifier we use is a random string of characters and contains no Personally Identifiable Information.

We do not display a warning about the use of Cookies or an opt-in/opt-out page because we use a single cookie that is essential to the operation and is 'strictly necessary' as described in the ICO Guidance for use of cookies.

How to check our use of Cookies

You can check cookies used by a website by clicking on the padlock symbol next to the website address in your browser and then follow the path Cookies where your browser will tell you the number of cookies in use and allow you to explore the cookies, their type and view their contents.

About Analytics

Website analytics is the collection, analysis and reporting of data generated by users visiting and interacting with a website. The purpose of website analytics is to measure and understand popularity of material including pages, articles, images, links, etc. in order to understand user behaviour, optimise the website’s user experience and gain insights that help meet business objectives like increasing sales.

Analytics vs. Privacy

Traditionally, website analytics has been provided by third-party companies like Google to the website owners for free, with an implied trade between information gathering and user privacy, since the analytics provider typically gained personal information about the user(s) of the website in the process of providing its analytics service and as a result could profile the user(s) and target advertising at them.

With the advent of the GDPR, CCPA, and PECR regulations, traditional website analytics provided on teh basis of 'surveillance capitalism' have become increasingly incompatible with user privacy.

Analytics on this Website

This website uses an analytics system called Plausible that has been designed to provide light-weight analytics to website operators while maintaining privacy for users.

Plausible Analytics is different to analytics from traditional suppliers such as Google for several important reasons:

• it is event driven and does not make use Cookies or user tracking technologies
• it collects anyonmous information about our website like page views and click events
• it does not collect Personally Identifable Infomation (PII) such as your name, address, telephone number, email address, etc.
• it does not collect or record cookies from other websites that you may have visited (cookies from other websites might identify you)
• it does not share your use of this website with third-party companies like Google, Facebook, etc.
• is 'self hosted' on the same webserver as the main website and is located in the UK
• it does not export any information outside the UK or EEA

Plausible has been designed to be a Privacy focused Google Analytics alternative that is fully compliant with GDPR, CCPA and PECR regulations.

Our Plausible Analytics system is 'self-hosted' in the same data centre as the website so we do not export any information outside the UK or EEA.

We do not provide a warning or opt-in for our use of analytics on this website as it does not make use of cookies, does not track users, does not use or collect PII and is compatible with the UK GDPR.