First of all, this photo is why you need to hire a photographer.
See how grainy and pixelated I am? That won't look good on the wall! But you see,
since I normally hold the camera, this is how my face looks in most photos...
Don't let this happen to you! Contact me for your next shoot!
Now go on, don't let my rant keep you from the exciting read that awaits you below.
I am a small, one-human business and I will do my utmost to uphold all of the regulations required of me. If you would like to chat about your data privacy, you may kindly contact me through the contact form on this site or by emailing firstname.lastname@example.org.
Privacy is serious, and as your friend, I commit to honoring your trust and keeping your information safe. The details you provide me are for the purpose of carrying out your requests in relationship to the job you’ve requested. In other words, I hold your data with “legitimate interest” toward performing my job. It would be very difficult to respond to your enquiry if I had no information on you.
When you contact me using my contact form, you voluntarily provide your information to me and I commit to only using it in response to an enquiry, in the performance of a contract between us and/or taking steps, at your request, to enter into such a contract. The little padlock icon in the address bar indicates that my site is secure and the information you enter in the contact form is inputted into my GDPR-compliant, password protect Customer Management software. I will not share your personal information with third parties for the purpose of their marketing, nor will you receive marketing emails from me if you have not opted in.
My website is hosted through Wix, a GDPR-compliant webhost whose regulations can be explored on their site. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers all over the world, including Europe and the United States, as well as backup servers in multiple locations, behind a firewall. Any and all transfers of data deemed necessary, will be conducted in compliance with all applicable data protection regulations. They have numerous data protection policies in place. Here is their wordy explanation of the certifications they hold:
“Wix.com is certified under the EU-US Privacy Shield Framework and the Swiss-US privacy Shield Framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, and therefore adheres to the Privacy Shield Principles.”
On my site, I have installed a plugin called Visitor Analytics which asses “usage data” including geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of website use. I use this data for the purposes of analyzing the use and efficiency of my website, and to find ways in which it can be improved upon. More information on Visitor Analytics, direct from the source can be viewed at the bottom of this policy.
Online Galleries and Customer Management
That sounds so formal! Basically, all that means that in order to process your information and keep me organized and on top of it I use a password protected GDPR-compliant client management software (Iris-Works), as well as a compliant online galleries service (Shootproof), which can be accessed both through my password-protected laptop and phone.
In order to make sure that I retain the images from our super fun shoot if something should happen (knock on wood) to my laptop AND external hard drive, I employ Backblaze, a GDPR-compliant cloud-based storage system based in the Western United States. They are extremely secure – first the files on my computer are encrypted, then they are transferred via an encrypted SSL connection and stored in the encrypted format. You can indulge in their GDPR statement if you would like.
I often use an online GDPR-compliant graphics and marketing material editor called Canva. The only thing Canva will have access to, other than MY personal information, is your face if I feature you in a custom piece of marketing material.
Below are your rights in regards to the personal deets I hold about you. These are in accordance with UK and EU law under GDPR. If you’d like to exercise any of the below, shoot me a message through my contact form stating your requests. You can read your fill of GDPR regulations on the Information Commissioner’s Office. It’s a real mouse clicker (as opposed to “page-turner…” Get it?)
The right to be informed – this means that you get to know what is being used and for what reason. Basically I use your contact details to contact you. I don’t really send marketing emails but you will receive one if you’ve opted in. Pretty simple, huh?
The right of access – you can totally ask for what information of yours I hold. As I mentioned before, as your friend, I commit to honoring your trust and keeping your information safe.
The right to rectification – of course, if any of your details are incorrect you absolutely have the right to fix them! Don’t want to be phoning the wrong Penelope about the wrong date of a different session.
The right to erasure – I’ll be sad to see you go but if that’s what you’d like, it’s well within your rights.
The right to restrict processing – this one is a little confusing – if you want a little shield to keep me from using your data, but want me to have it that’s a thing…you know what though, this really doesn’t apply to us.
The right to data portability – you can have a copy of your data that I have on file but it’ll be just the little bits you’ve shared with me. I’m not doing any additional creeping.
The right to object – you may object to the processing of your data, in which case, I’ll assume you do not want to carry on with your enquiry, shoot, etc. This will likely lead to another conversation.
Rights in relation to automated decision making and profiling – I am not a computer so none of my decisions are automated. This one’s not for us either.
You have the right to NOT be featured on my website or marketing materials, however, assuming our relationship has blossomed and you’ve received your gorgeous images, you’ll have signed a contract and model release, so I'll operate under the assumption that you are happy with me sharing unless I hear otherwise. Your face-data will be stored in my systems but not to worry - it’s not used for any biometrics (the things of airports and national security).
Marketing in photography is paramount. Literally no one would book me if they couldn’t view my past shoots. This is agreed to in my contract/consent and is necessary to my business, therefore is classified as ‘legitimate interest.” You’ll likely have a cameo on FB, Instagram, this site even, and who knows, maybe somewhere else someday. If there’s certain images you wish to remain private I will honor that - just reach out to discuss.
Sometimes, your face attracts attention. While, as the photographer I hold the copyright to the images, I do respect you. If a company would like to purchase a photo I shot of you, your consent would be requested.
Cookies are pretty much my favorite kind of dessert. I’m a BIG fan of vegan oatmeal raisin ones. But
in the less exciting sense of the word, a cookie is a miniature data file used for storing info. They are
confusing but regardless, the majority of websites use them for lots of purposes. They contribute to
analytics reports (how is the site being used?), and assist with security. By using my site you accept
that you’re a-okay with them.
I have not intentionally placed cookies on this site because I do not know how to. In fact, I have spent
many, MANY dreadful hours trying to understand what they are. And now I’m hungry. I do know that
my analytics tracker, Visitor Analytics employs cookies to help me tweak my website for the best user
experience possible, and to make sure I’m actually targeting the folks on the correct side of the globe. It’s very handy information. More can be read
about their cookie collection below.
Not to fear though, you do have some power in this cookie confusion. Deletion and control of cookies (even the ones already on your computer before our relationship began) is within your grasp. Some browsers even allow you the sacred opportunity to prevent them in the first place! This, however, may incur additional work or preference setting with each visit, and/or may render some site functions incapable. Basically, messing about with it may not give you the experience the site builder intended. It is your right to do what’s best for you. More information on that is available to you through the lovely ICO website.
Visitor Analytics is a simple website analytics service which measures the traffic and visitors' general details of the customers' websites. Collecting these statistics, a website can make their visitors' experience better (e.g. which pages they visit and when, where they are approximately located, where does a user land first or if they are coming from a specific referral).
Basically, as a website owner using Visitor Analytics, we are using cookies to collect data about visitors' device type and screen size, approximate location, browser, OS, page visits, bounce rate, conversions and popular content on the website. All this data is pseudonymized and Visitor Analytics will never use the collected data to identify individual users or to match it with additional information on an individual user. Each visitor has control over the cookies placement.
If you got through all of that, well done!
You definitely deserve a cookie. The edible kind.