PRIVACY POLICY

Indigo and Violet Photography’s Updated GDPR Compliant Privacy Policy

Version 1 – Date: 24th May 2018

 

Indigo and Violet Photography respects your personal information and will only ask you for the information really needed from you in order to photograph your event and keep in touch with you about it. 

Indigo and Violet will look after it in the same way that I would want mine looking after, keeping it secure. 

Indigo and Violet will only share parts of your information with others where their help is needed in delivering my service to you (such as my second shooter who is working with me on your wedding day, or my professional printing laboratory). 

Be assured that I will never share your information in any other circumstances – nor will I ever sell it on elsewhere.

Here are more details:

 

Introduction

Indigo and Violet Photography takes your privacy very seriously. This privacy policy has been prepared in line with the EU’s General Data Protection Regulation (GDPR), which promotes fairness and transparency for all individuals in respect of their personal data. This privacy policy applies to all data I process, and by using Indigo and Violet Photography you consent to my collection and use of such data.

 

1. The Data I Collect

As a Data Controller I collect a variety of data from you in order for me to deliver my service(s) to you, and I will always manage your personal data transparently, fairly and securely.

Explicit Data Collected:

I collect your name so that I don’t have to call you Sir/Madam, your email address so I can communicate with you, your mobile number so I can call you as and when required, your address so that I can post your wedding gallery and photos to you, and I take photographs of you and your wedding guests because that’s what you’ve commissioned me to do.

All of this information is necessary for me to do my job for you.

I will also record a date of birth for all persons I photograph under the age of 13 and require the parent or a legal guardian to consent to photography.

I collect this data on the lawful basis of arranging and fulfilling a contract to you.

Implicit Data Collected:

When you visit my website you will see that I also collect Cookies. A notification is provided to you when visiting. Cookies are small pieces of data that websites send to a user’s computer and are stored on the user’s web browser. They are designed to enable the website to remember information for you, such as what a user might have put in a shopping cart, for example. 

This helps us personalise your experience and deliver a smooth service to you. It is worth noting here that my website is SSL encrypted for your piece of mind. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

My client management system (Sprout Studio) also automatically collects your IP address for me in a couple of situations – emails and your online galleries – to let me know that my email to you has been read your galleries have been viewed.

 

2. Which Third Parties do I share Personal Data with?

I share personal data with the following third parties:

 

My Email Providers; Gmail and Hotmail (for sending emails to you relevant to the service you have commissioned from me. These may contain data such as invoice information, addresses and such) 

Mailchimp (for sending emails to you relevant to the service you have commissioned from me – Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield.)

My Client Management software; Sprout Studio (for managing all aspects of your commissioned service, such as emails, invoicing, online galleries, and questionnaires – Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield.)

Google analytics (for data regarding my website views – Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield.)

My Accountant; Elm Financial Solutions Ltd. (Katie manages my end of year tax return and she might see names and payments on my accounting spreadsheets – Data is not transferred outside of the European Economic Area.)

My Printing Labs (I send your photographs to be printed by a professional printing lab. They don’t receive any other data about you other than your faces in your photographs – Data is not transferred outside of the European Economic Area.)

My contracted Second Shooter for your wedding day. (Your second shooter would receive information such as your names and wedding day details in order to perform their job for you and I. They will not have access to any other private personal data such as your address, etc. – Data is not transferred outside of the European Economic Area.)

My Website and my Social Media (In order to ruin my business I need to share my work, which for me is my photographs. I share my photographs on my website, instagram, Facebook, and occasionally, Pinterest. You have the right to agree to your images being shared in this way via my questionnaire that you complete when booking me. – Data may be transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield.)

Wedding Blogs. (Sometimes your wedding photographs appeal to an independent wedding blogger and they may ask my permission to share them. Nothing can or will happen though without your explicit agreement and consent. – Data may be transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield.)

Photographic Competitions (Sometimes I like to submit photos to my photographic society’s competitions to check on the continued high standard of my craft and workmanship. I would only use photos that you have already given permission for me to use on my own website. – Data may be transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield.)

Website manager and Hosting company, Creative Horizons Ltd. (Paul hosts my website and thus might see names and wedding details including photographs of you – Data is not transferred outside of the European Economic Area.)

There are also may be certain situations in which I may share access to your personal data without your explicit consent; for example, if required by law, to protect the life of an individual, or to comply with any valid legal process, government request, rule or regulation.

 

3. Why do I share your Personal Data with the above?

Essentially I share your data in order to deliver my best service to you. Sometimes this may also be for marketing purposes, to personalise your experience, to provide account access etc.

I may transfer personal data to a country outside of the European Economic Area (EEA) if necessary eg if a third party I utilise could have servers located outside of the EEA. If this is the case, it is ensured that the company and transfer is legal and your data is secure by following the EU’s guidelines. You can see above where I might send data outside of the EEA and on what basis I do so.

 

4. How do I keep your Personal Data Secure?

I keep your data secure by following internal policies of best practice and training, by the use of encryption, by using Secure Socket Layer (SSL) technology when information is submitted to us online.

In the unlikely event of a criminal breach of our security I will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, I will also inform you.

 

5. Changes to our Privacy Policy and Control

I may change this privacy policy from time to time. When I do, I will let you know by changing the date on this policy, notifying customers of only significant changes. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised privacy policy.

 

6. You have the Following Rights

– the right to be informed about the collection and use of your personal data

– the right of access to your personal data and any supplementary information

– the right to have any errors in your personal data rectified

– the right to have your personal data erased

– the right to block or suppressing the processing of your personal data

– the right to move, copy or transfer your personal data from one IT environment to

another

– the right to object to processing of your personal data in certain circumstances, and

– rights related to automated decision-making (i.e. where no humans are involved) and

profiling (i.e. where certain personal data is processed to evaluate an individual).

I also give you the option to manage your data via Emailing me – 

contact hello@indigoandvioletphotography.co.uk

While I do not hold personal data any longer than I need to. The duration will depend on your relationship with us, and whether it is ongoing.

I will retain your full collection of final JPEG images for up to 3 years after your wedding so that I may be able to restore your images for you should you lose them.

I may keep some of your personal data for up to 7 years after our working contract with you has finished for Tax legislation purposes. 

I will also continue to retain some photographs I have taken of you and your event potentially indefinitely. This is so that I can maintain my photography portfolio. You still retain the right to ask this data to be ‘forgotton’ at any stage however.

After this time I will archive your photographs indefinitely, along with your relevant details and consent forms.

 

7. Right of Confirmation, Access, Rectification, and Deletion

If you have questions about how your personal data is handled by me, then you are welcome to  email me and I will be happy to show you the information I have stored on you. 

If some of the information is incorrect, then you have the right to correct it.

If you’d like me to delete all your personal data, you have the right to request it, however this wouldn’t be recommended before your commissioned contract with me has been fulfilled. 

If you would like to fully close your account with me in it’s entirety, just let me know and I can remove all information related to you, your wedding, and our contract that I keep.