The GDPR (General Data Protection Regulation) seeks to harmonise data protection law frameworks across the European Union. It aims to give individuals more control of their personal data and imposes strict rules on those who host or process this data. It is not envisaged that these regulations will change after Brexit.
This statement has been developed in line with the GDPR and outlines what personal the Paul Grace Photography holds, why it is required and what will/will not be done with that data.
Personally Identifiable Information (PII) or personal data can be described as any information that can be used to identify an individual and could include (but is not limited to): names, addresses, telephone numbers, or more sensitive information such as religion, ethnicity and disability.
Paul Grace Photography holds information on clients who have engaged our services, individuals who have completed competition/enquiry forms and those who have supplied us with their business cards. This data is stored in a combination of paper and electronic formats.
In each case the individual/business representative has willingly supplied us with the information either directly or via a third party referral. We do not sell any data to third parties.
What data do we hold?
The different types of personal data we hold is listed below, the amount/type held will differ between individuals. This data is collected via, phone calls, face to face, website forms, social media responses and will be held in paper and/or electronic form:
Why do we need to hold this data?
There are three key reasons that we need to gather and hold this data:
Fulfilment of our contract: to ensure we can provide a bespoke photographic portrait session, event or commercial service, we need names and contact details of our clients. We do ask for consent to hold age/dob information for younger children, this is only so that we can ensure we have necessary props/aids available at a photographic session;
Marketing/promotion of our business: so that we can contact individuals from time to time to advise them of special offers/promotions around our services that may be relevant to them;
Legal reasons: to ensure that we can compile and evidence necessary returns to HMRC and other statutory bodies.
What we will do with your data?
Communicate with you about the services you are booking with us and any subsequent viewing or orders;
Communicate with you about any promotions/special offers we are running that may be relevant to you;
Provide applicable information to legal bodies, such as the police, should an incident occur or information come to light which we are ethically bound to report;
Provide relevant information to medical personnel in the event of an injury, illness or accident.
What we will not do with your data?
Hold any personal data for which we do not have a specific purpose;
Hold any details of credit/debit cards;
Divulge it to any persons outside The Image Mill without your explicit consent, with the exception of medical or legal bodies as outlined above;
Deliberately send you unwarranted communications which cannot demonstrate any relevance to you
What rights do you have with regards to your personal data?
Right to be informed – this means that you have the right to know what data Paul Grace Photography holds about you and how this is processed. This is outlined in this policy;
Right of access – if you wish to access any of the data that we hold on you, then you must place this request to Paul Grace Photography in writing. We are then legally obliged to collate all of this data and provide you with a copy of it within 1 calendar month of receipt of your request;
Right of erasure – as the subject of the data, you are able to request that all of your personal data be removed from our records. As above this request must be placed in writing and sent to Paul Grace Photography and will need to be considered in relation to information needed for statutory returns;
Requests to Paul Grace Photography should be made by contacting us in writing via firstname.lastname@example.org.
Removal of personal data from our records
Along with removing personal data when requested, Paul Grace Photography conduct an annual review of data held to consider the future relevance. Where there is no longer a need to hold the information for legal reasons and the individual / client has not interacted with us for a considerable length of time the information will be deleted. We may on occasions contact clients before deletion to check if they wish to place any further orders before we action the removal.
Other than when paper copies are used at a client session/viewing or being worked on by a member of Paul Grace Photography staff, all data held is kept secure in locked cabinets/property and password protected laptops/personal computers.
As stated before we do not hold very sensitive personal information, however if we had a data breach we would make every effort to contact the individuals whose data had been compromised to advise them of the incident.
The DPA & GDPR May 2018
This website complies with the DPA (Data Protection Act 1998) and already complies with the GDPR (General Data Protection Regulation) which comes into effect from May 2018. We will update this policy accordingly after the completion of the UK’s exit from the European Union.
What are cookies? Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.
Website Visitor Tracking
This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
Adverts and Sponsored Links
This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.
Downloads & Media Files
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti-virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti-virus software or similar applications.
Contact & Communication With us
Users contacting us through this website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
Where we have clearly stated and made you aware of the fact, and where you have given your express permission, we may use your details to send you products/services information through a mailing list system. This is done in accordance with the regulations named in ‘The policy’ above.
Email Mailing List & Marketing Messages
We operate an email mailing list program, used to inform subscribers about products, services and/or news we supply/publish. Users can subscribe through an online automated process where they have given their explicit permission. Subscriber personal details are collected, processed, managed and stored in accordance with the regulations named in ‘The policy’ above. Subscribers can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages. The type and content of marketing messages subscribers receive, and if it may contain third party content, is clearly outlined at the point of subscription.
Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
External Website Links & Third Parties
Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Policy & Usage
We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.