The following privacy policy is for www.stephbrownphotography.co.uk and governs the privacy of its visitors. It explains how I comply with the EU’s GDPR (General Data Protection Regulation) legislation and the DPA (Data Protection Act).
This policy will explain areas of this website that may affect your privacy and personal details, how I process, collect, manage and store those details and how your rights under the GDPR and DPA are adhered to. THE DPA & GDPR MAY 2018 this website complies with the DPA (Data Protection Act 1998) and the GDPR (General Data Protection Regulation), effective from May 2018.
I take your data seriously and the below will outline how I comply with the General Data Protection Regulation. If you have any questions about anything at all please do get in touch.
HOW YOUR DATA IS COLLECTED:
Your data will be collected from your initial email to me or via the contact form on my website. I will then collect further data through my booking form along with my contract.
THE DATA I KEEP:
In order to be able to communicate with you and have all the required details, I store the following information. After your initial enquiry I hold on to:
· Your Names
· Date of shoot
· Shoot Location
· Email Address
· Phone Number
· How you found Steph Brown photography
· The names of the people taking part / contributing towards your shoot
If you choose to book me as your photographer then I also gather and store the following information, along with the data from your initial enquiry:
· Home Address
· Additional Information for your shoot
· Additional Emergency Contact Information for your shoot
After the event I store the following data, along with all the above data:
· Your pictures
HOW WILL I USE YOUR DATA:
I will only use your data to contact you and potentially let you know about future offers. I may also contact you if a third party has requested to use your images. I will only then pass on your images with your explicit consent.
Your personal data (email address, home address, phone number, emergency contact information, etc) will never be passed on to any third parties.
Basic information such as names and contact numbers may be passed on to Second Shooters if applicable but this will be. All Second Shooters I work with will also need to be GDPR compliant.
DURATION OF DATA USE:
Your initial enquiry will be held in my records for 12 months, and then if you choose to book with me your data will be stored and potentially used for 36 months.
HOW WILL I STORE YOUR DATA:
I will store all of your data on password protected computers and hard drives. All data that is stored online will also be secure with a password. Any data on my phone is also password protected. Hard drives and computers are all stored behind locked doors unless out and about with me.
BLOG COMMENTS:
All blog comments will be visible to the public so if you comment on it then that is solely your responsibility.
IMAGE USEAGE FOR SOCIAL MEDIA, WEBSITE AND MARKETING
I will share your images on all of my social media profiles, in printed marketing, in competitions, and of course on my website. Your images may also be shared with other GDPR compliant weddings blogs and wedding vendors, with your explicit permission.
By signing your contract, you will be confirming that you are happy with me sharing your images.
LEGAL:
If required, I may disclose your personal data to my insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
There could also certain situations in which I may have to share access to your personal data without your explicit consent; for example, if required by law, to protect the life of an individual, or to comply with any valid legal process, government request, rule or regulation.
YOUR RIGHTS:
Your Right to Confirmation: Please feel free to get in touch at any point to ask any questions about how your data is handle, stored and kept secure. I will be happy to answer any queries that you may have.
Your Right to Access: You can request a report on all data of yours that I hold. This will be supplied as an electronic document.
Your Right to Rectification: You can get in touch at any point to ask me to change any of your stored data. For example, if you have a change of address, phone number, etc please let me know so I can update my records.
Your Right to Deletion: Under EU law you have the right to request to have your data deleted by me. If you wish to go ahead with this please just email me at stephbrownphoto@gmail.com. Bare in mind that this will also mean I have no backup copies of your images anymore, so please ensure you have reliable backups of your pictures stored elsewhere.
USE OF COOKIES:
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. Cookies used for Steph Brown photography are to help analyse the use and performance of my website and services
CLIENTS AND WEDDING GUESTS CAPTURED IN PHOTOS:
Under GDPR legislation, a photograph may in some instances constitute a form of personal data where they can be processed to allow “the unique identification or authentication of a natural person”. Steph Brown Photography will never photograph an individual as a means of unique identification or authentication unless consensually contracted to do so. Guests at weddings appear in photos taken by Steph Brown Photography as a part of the visual recording of the event in photos. Guests captured in portraits or in group photos do so as part of the event and their rights are protected by Steph Brown Photography as detailed in this privacy policy.
In terms of explicit GDPR compliance, Wedding clients and guests are photographed within the parameters of GDPR legislation on the basis of ‘legitimate interests’. The taking of photographs of wedding guests when viewed as a form of processing personal data is necessary for the legitimate interests of Steph Brown Photography as a photography business unless there is a good reason to protect a given individual’s personal data which overrides those legitimate interests.
Operating within the parameters of legitimate interests as laid out in GDPR legislation, the disproportionate effort involved in providing privacy policy information to all wedding guests at the event and the degree to which it would distract us from performing our job renders it infeasible to do. Wedding clients are therefore requested in their contract to direct their guests to read this privacy policy in advance of the event and to advise them to contact us in advance with any concerns around the processing of their personal data, namely being photographed.
THIRD PARTY DATA USE:
As stated above your data may sometimes be shared with other third parties (Companies that I work with such as printers, my back end admin software, and wedding blogs/wedding suppliers). I ensure that all companies that I work with are also GDPR compliant, and will not use your data other than for it’s intended use. Your data will also only be passed on with your explicit consent.
This privacy policy has been prepared in line with the EU’s General Data Protection Regulation (GDPR), which promotes fairness and transparency for all individuals in respect of their personal data. This privacy policy applies to all data Steph Brown and by using Steph Brown and signing your contract, you consent to the collection and use of such data.
If you would like to get in touch about anything in this policy or about your personal data then please contact Steph Brown, the Data Protection Officer at stephbrownphoto@gmail.com