1. PURPOSE OF THIS NOTICE
This notice describes how I collect and use personal data about you, in accordance with the guidelines of the data protection regulations. Please read the following carefully to understand my practices regarding your personal data and how I will treat it.
2. ABOUT ME
Heather Neilson Photography Limited (“I” or “me”) is a company providing photography services.
For the purpose of the data protection regulations and this notice, I am the data controller. This means that I am responsible for deciding how I hold and use personal data about you. I am required under the data protection regulations to notify you of the information contained in this privacy notice.
3. HOW I MAY COLLECT YOUR PERSONAL DATA
I obtain personal data about you, for example, when:
you fill in and submit the online contact form on heatherneilson.com to contact me;
you contact me by telephone, email or social media;
you engage me to provide my services and during the provision of those services; for example, by filling out a booking form on heatherneilson.com, making payment via my website or making payment via my online gallery (provided by pixieset.com).
4. WHAT INFORMATION IS BEING COLLECTED
your personal details (such as your name, email, phone number and address) so that I can communicate with you and provide you with photographic services;
details of the communications I have had with you;
details of the services provided to you (for example, the date and location of a photoshoot);
details of family members being photographed (for example, the names and ages of any children you wish to be photographed);
the photos taken of you;
your payment information (for example, credit card and debit card details); and
any other personal data that you choose to give me.
5. HOW I USE THE PERSONAL DATA I HOLD ABOUT YOU
I may use your personal data in the course of my business, for example, in order to:
respond to your enquiry and provide you with information about my services;
provide you with any requested services;
contact you about a previous order;
send you a gift card, fine art prints or photographic albums;
seek your feedback on my services;
comply with my accounting and legal obligations;
ensure the efficacy of my services;
improve my services; and
market my business to other potential clients (for example, by including photos in my online portfolios).
6. DATA RETENTION
I may retain your personal data in order to operate my business, for example, in order to keep a record about your enquiry or the services provided to you and comply with my legal and accounting obligations. The length of time I retain it is determined by a number of factors including the purpose for which I use that information and my obligations under other laws.
7. DATA SHARING
I will never give your data to third parties for that third party to use, unless required to provide you with the services you have requested and in the ordinary course of my business. For example, I use third party services to:
process your online payments;
edit and retouch photos;
provide you with a way in which to view your digital images via a private password-protected online gallery;
send you your digital images once purchased;
print your fine art prints and albums;
design your photographic albums;
store your photographs and communications with me;
provide me with an online calendar of my client bookings and appointments;
back up your photographs securely;
host my website heatherneilson.com; and
comply with my tax, accounting and legal obligations (for example, by providing data to my accountant).
I will always make sure that the third party providers are reputable and secure, that your data is only used for specified purposes, and that your data is kept safe. I will never sell your data to third parties.
Some of the third party providers used for the above purposes are based outside the European Economic Area. Where information is transferred outside of the EEA, I will use my best endeavours to ensure that appropriate safeguards are in place to protect your information to the same or an equivalent level as would be found in UK and EU data protection legislation.
8. DATA SECURITY
I maintain strict security measures in order to protect personal data, for example by using encryption and password protection measures.
9. RIGHTS OF ACCESS, CORRECTION, ERASURE AND RESTRICTION
You have the right to access your personal data and may request that I rectify or erase personal data or restrict the processing of your personal data or object to the processing (unless I can demonstrate legitimate grounds for the process which overrides your interest and rights or due to legal claims). In order to exercise your rights, please contact me at firstname.lastname@example.org.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office
When someone visits heatherneilson.com I collect standard internet log information and user behaviour details to help determine the number of people visiting various parts of the site. This data does not personally identify any site users.
Cookies are also set when you use any of the social media sharing buttons on my site (for example, to post on Facebook or Instagram); I have no control over the cookie policies of third-party social media sites.
Your web browser allows you to control which cookies your computer will and won’t accept – use the Help menu in your browser window to find out more.
11. CHANGES TO THIS NOTICE
Any changes I may make to our privacy notice in the future will be provided to you by updating my website. This privacy notice was last updated on 25 May 2018.
12. CONTACT ME
If you have any questions regarding this notice or if you would like to speak to me about the manner in which I process your personal data, please email email@example.com or telephone 07482 786754.