Privacy Policy
How We Collect, Use, and Protect Your Personal Data
Version 1.0 — March 2026 · Compliant with UK GDPR and the Data Protection Act 2018
1. Introduction
KAMERALENDS (trading as a sole trader) is committed to protecting the privacy and personal data of our customers. This Privacy Policy explains what personal data we collect, why we collect it, how we use and store it, who we share it with, how long we keep it, and what rights you have.
This Policy applies to all personal data collected through our website, our Instagram account, WhatsApp or SMS communications, and in-person interactions during the delivery and collection of rental equipment. For the purposes of UK data protection law, KAMERALENDS is the data controller.
2. Personal Data We Collect
| Category | Data Collected | How We Collect It |
|---|---|---|
| Identity data | Full name | Provided by you at booking |
| Contact data | Email address, phone number | Provided by you at booking |
| Social data | Instagram handle (optional) | Provided by you at booking |
| ID verification data | Government-issued photo ID document and a real-time selfie, used to confirm you are who you say you are | Collected digitally during the booking process via Stripe Identity. KAMERALENDS does not store the raw images — they are processed and retained by Stripe in accordance with their privacy policy |
| Payment data | Card type, last four digits of card number, billing address; a secure payment method token stored by Stripe for potential damage or loss charges | Processed and stored by Stripe. We do not see or store your full card number, CVV, or PIN. The token allows us to charge your payment method if damage or loss occurs during the Rental Period. |
| Booking data | Rental dates, camera model, rental history, booking reference numbers | Generated when you make a booking |
| Communication data | Messages sent via Instagram DM, WhatsApp, SMS, or email in relation to a booking or enquiry | Created during our interactions with you |
| Technical and usage data | IP address, browser type, device type, pages visited, time on site | Collected automatically via analytics tools when you visit our website |
We do not collect any special category data (such as health, race, ethnicity, religion, sexual orientation, or political opinions). We do not knowingly collect personal data from anyone under the age of 18.
3. How and Why We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| To process and fulfil your booking | Identity, contact, booking, payment data | Performance of a contract (Article 6(1)(b)) |
| To arrange pick-up and return of the camera | Contact data | Performance of a contract (Article 6(1)(b)) |
| To verify your identity before your rental and prevent fraud or theft | Identity data, ID verification data processed by Stripe Identity | Legitimate interest (Article 6(1)(f)) |
| To process payments and save the Customer's payment method for potential damage or loss charges | Payment data | Performance of a contract (Article 6(1)(b)) |
| To charge the Customer's payment method in the event of damage to or loss of the Equipment | Payment data, booking data | Legitimate interest (Article 6(1)(f)) — recovery of costs arising from damage or non-return |
| To assess damage and manage disputes | Booking data, condition photographs | Legitimate interest (Article 6(1)(f)) |
| To communicate with you about your booking | Contact data, communication data | Performance of a contract (Article 6(1)(b)) |
| To send marketing communications | Email address | Consent (Article 6(1)(a)) — only if you have opted in. You can withdraw at any time. |
| To improve our website and understand how customers use it | Technical and usage data | Legitimate interest (Article 6(1)(f)) |
| To comply with legal and tax obligations | Identity, booking, payment data | Legal obligation (Article 6(1)(c)) |
4. How Long We Keep Your Data
| Data Category | Retention Period | Reason |
|---|---|---|
| ID verification data | Raw document images and biometric data are retained by Stripe in accordance with their data retention policy. KAMERALENDS retains only the verification result (verified or failed) for the duration of the booking record. | Fraud prevention and identity verification |
| Booking and payment records | 6 years from the date of the transaction | HMRC requires retention of financial records for a minimum of 6 years |
| Communication records (emails, DMs, WhatsApp messages) | 12 months from the date of the last message | Customer service and dispute resolution |
| Marketing consent records | Retained while you remain subscribed; deleted within 30 days of unsubscribing | To evidence that consent was given |
| Website analytics and technical data | Anonymised after 26 months | Website improvement; once anonymised, data is no longer personal data |
5. Who We Share Your Data With
We do not sell your personal data. We will never share your data for marketing purposes with third parties without your explicit consent. We share your data only with the following service providers, solely for the purposes described:
| Third Party | Data Shared | Purpose |
|---|---|---|
| Stripe | Payment data; identity verification data (document images and biometric data processed via Stripe Identity) | To process rental payments, save payment methods securely, and verify customer identity before rental. Stripe is PCI-DSS compliant. Identity data is processed and stored by Stripe in accordance with Stripe's Privacy Policy — KAMERALENDS does not receive or store your raw document images. |
| Vercel | Technical and usage data | To host our website and provide anonymised analytics on site usage |
| Supabase | Booking data (name, email, dates, booking reference) | To store and manage booking records securely |
| Resend | Name, email address, booking details | To send booking confirmation, reminder, and cancellation emails |
| Law enforcement or regulatory authorities | Any data required by law | If legally compelled to disclose, or if disclosure is necessary to report theft, fraud, or other criminal activity |
6. How We Protect Your Data
We take the security of your personal data seriously. Our measures include:
- Identity verification (document scanning and selfie) is handled entirely by Stripe Identity — KAMERALENDS never receives, processes, or stores your raw document images or biometric data
- Access to personal data is restricted to the business owner
- Payment data is handled entirely by Stripe — KAMERALENDS never sees, processes, or stores full card numbers, CVVs, or PINs
- Our website uses SSL/TLS encryption (HTTPS) to protect data in transit
- We use strong, unique passwords for all business accounts and enable two-factor authentication where available
While we take all reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We are committed to addressing any data breach promptly and in accordance with our legal obligations.
7. Data Breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
8. International Data Transfers
Your personal data is primarily stored and processed within the United Kingdom and the European Economic Area. Some of our third-party service providers (such as Stripe and Vercel) may process data outside the UK and EEA. Where this occurs, we ensure appropriate safeguards are in place, such as the provider holding an adequacy decision or operating under Standard Contractual Clauses approved by the ICO.
9. Your Rights Under UK GDPR
| Right | What This Means |
|---|---|
| Right of access | You can request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one month. |
| Right to rectification | You can ask us to correct any inaccurate or incomplete personal data. |
| Right to erasure | You can ask us to delete your personal data in certain circumstances. This right is not absolute and may be subject to legal obligations (e.g. HMRC record-keeping requirements). |
| Right to restrict processing | You can ask us to temporarily stop processing your data in certain circumstances. |
| Right to data portability | You can ask us to provide your personal data in a structured, machine-readable format so that you can transfer it to another provider. |
| Right to object | You can object to processing based on legitimate interest. You can object to direct marketing at any time and we will stop immediately. |
| Right to withdraw consent | Where we rely on consent (e.g. marketing emails), you can withdraw at any time without affecting the lawfulness of prior processing. |
To exercise any of these rights, contact us at kameralends@gmail.com. We will respond within one month. We may ask you to verify your identity before processing your request.
10. Cookies
Our website uses cookies and similar technologies to improve your experience and analyse website traffic. See our Cookie Policy for full details. You can control cookies through your browser settings; disabling certain cookies may affect site functionality.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The updated policy will be published on our website with a revised version date. If we make significant changes to how we process your personal data, we will notify you by email (if we hold your address) or by a prominent notice on the website before the changes take effect.
12. Contact Us and Complaints
If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your data, contact us at kameralends@gmail.com.
If you are not satisfied with our response, or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk · 0303 123 1113 · Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. We encourage you to contact us first, as we would welcome the opportunity to address your concerns directly.