In very basic terms we totally respect your personal information and will only ask you for what information we really need from you.
Will look after it in the same way we would want ours looking after, keeping it secure! We will only share it with others where we need their help us deliver our service to you (such as our professional printing laboratory who may need your name and address to post your purchases).
The Data we collect As a data controller we collect a variety of data in order to deliver our services, and we will manage your personal data transparently, fairly and securely. We may ask you to provide us the following data – First and Last Name Address Postcode, Telephone Number(s) Email / IP Address etc.. We will also record a date of birth for all persons we photograph under the age of 13 and require the parent or a legal guardian to consent to photography.
Obviously being a photographic business we also create and manage images as per our contractual agreement(s).
We use the above data to -
To deliver our service to you For marketing purposes pre discussed in your contract when booking
Personalise your experience
To provide account access
We collect this data on the following lawful basis Consent by contract and clear terms and conditions
When you visit our website we also collect Cookies. These are small pieces of data that websites send to a user's computer and are stored on the user's web browser. They are designed to enable the website to remember information, such as what a user might have put in a shopping cart for example.
This helps us – Personalise your experience Deliver our service to you, Marketing Purposes .
Which third parties do we share Personal Data with?
We share personal data with the following third parties:
Website manager / Hosting company Smugmug
Printing Labs, Sim Lab, Loxely, Moo, Instaprint - Data is not transferred outside of the European Economic Area.
Pro Image Editors - Data is not transferred outside of the European Economic Area.
Back Up Providers are currently – Amazon drive, Google drive , SmugMug, CrashPlan - Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield
On and off site Blue-Ray disc back up. • - Data is not transferred outside of the European Economic Area. T
here are also certain situations in which we may share access to your personal data without your explicit consent; for example, if required by law, to protect the life of an individual, or to comply with any valid legal process, government request, rule or regulation.
Why do we share your Personal Data with the above?
We share your data in order to –
To deliver our service to you For marketing purposes
Personalise your experience
We may transfer personal data to a country outside of the European Economic Area (EEA) if necessary eg if a third party we utilise could have servers located outside of the EEA. If this is the case, we will either obtain your consent or otherwise ensure that the transfer is legal and your data is secure by following the EU's guidelines.
You can see above where we send data outside of the EEA and on what basis we do so.
How do we keep your personal data secure?
We keep your data secure By following internal policies of best practice and training for staff. Encryption In the unlikely event of a criminal breach of our security we will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, we will also inform you.
You have the following rights - • -
The right to be informed about the collection and use of your personal data • - the right of access to your personal data and any supplementary information • - the right to have any errors in your personal data rectified • - the right to have your personal data erased • - the right to block or suppressing the processing of your personal data • - the right to move, copy or transfer your personal data from one IT environment to another • - the right to object to processing of your personal data in certain circumstances, and • - rights related to automated decision-making (i.e. where no humans are involved) and profiling (i.e. where certain personal data is processed to evaluate an individual).
We also give you the option to manage your data via:
Phone – 07930 434107
Email - Elizabethkeates@mac.com
Writing to us – 21 Bradway , Whitwell, Herts, SG4 8BE
While we do not hold personal data any longer than we need to. The duration will depend on your relationship with us, and whether it is ongoing. We may keep some of your personal data for up to 7 years after our working contract with you has finished for Tax legislation purposes After this time we will archive your photographs indefinitely, excluding those used in portfolios, along with your relevant details and consent forms. This is due to requests for replacement images being made several years after being taken.
PRIVACY NOTICE - Further details on GDPR
Objective To describe how we collect and use personal data about you in accordance with the General Data Protection Regulation (GDPR)
EK Photography will only collect basic personal data about it’s customers and suppliers which does not include any special categories of personal information (Known as Special Category Data).
The data collected includes: Customers: • Name and address • Date and type of event photographed Suppliers: • Full Business name and address or registered address • Delivery or collection Address • Contact persons e-mail and telephone numbers • Company registration numbers • VAT number • Insurance Details • Society Details (for membership requirements)
Why EK Photography needs this information:
To fulfil our contractual obligation to you as our customer or supplier. EK Photography will not ask, or collect from you, any personal information we do not need to meet our agreed contractual obligation.
Lawful Processing Conditions: EK Photography will only use your personal data with your consent, or where applicable to: • Complete our contractual obligation • Comply with legal requirements • Protect your vital interests • For our own Legitimate interests Certain legitimate business principles may require us to process your personal data to comply with the some of, or all the following: • To identify and prevent fraud • In line with all legal and regulatory requirements • To comply with public tasks or Vital Interests EK Photography will not sell your data to any 3rd Party.
As part of our contractual agreement and in line with our business requirements, EK Photography will control to the best of our ability all photographs that are placed on our own websites that is within the public domain, to remain in line with the GDPR rules. • We will only put photographs on our website with either the Family name OR Christian names only, no other form of personal identification will be placed on our website in relation to your contract or photographs.
How long will we keep your data?
EK Photography will keep your data for the period agreed at the time of booking the photography shoot. We will continually review what information we hold and will delete the personal data that is no longer required. We will not retain your data for any longer than is necessary and the longest we will keep your data will be seven years (in-line with all accountancy, invoicing and tax regulations).
Your Rights: Individuals have the right to access any personal data that EK Photography may hold. You have the right to: • Request to rectify, restrict and delate any personal data held by EK Photography • Object to any data being held by EK Photography • Revoke Consent and any time • Complain If you wish to complain about the way in which EK Photography handle your personal information (and without prejudice to any other rights you may have), please contact EK Photography, so we can investigate the matter.