Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we process, collect, manage and store your personal information. It explains how we comply with the GDPR (General Data Protection Regulation) legislation and the DPA (Data Protection Act) effective from May 2018.
Your rights under the GDPR
Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows:
– Right to be informed about the collection and use of your personal data.
– Right to access your personal data, and any supplementary information which constitutes personal data.
– Right to have your personal data rectified; this means you can ask me to correct your personal data if it changes, turns out to be inaccurate, or is incomplete.
– Right to have your personal data deleted; this means that you have the right to request the deletion or removal of your personal data. There are some circumstances when you do not have this right.
– Right to restrict me processing your personal data.
– Right to data portability.
– Right to object to me processing your personal data.
– Rights related to automated decision making including profiling.
Most of these Rights will apply to your personal data and how it is processed by J S Robertson Photography, but some (such as the right to data portability and rights related to automated decision making including profiling) are not relevant to this business at the time of writing.
If you want to know more about your rights, please click here. For other information relating to data protection legislation, please visit the ICO website directly.
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognise your browser and capture and remember certain information.
We do not collect any personal information through cookies however they are used for authentication and occasionally used for offering you a better site experience. You may disable cookies by adjusting your browser settings.
This website makes use of several cookies, most notably ones relating to Google Analytics and Facebook Pixel. We also make use of a plugin that enables us to defend against malicious attacks, which uses a cookie to understand whether you are a genuine user or a robot.
Client Contact Information
We use personal data, provided directly and voluntarily to us by our clients, for two purposes. The first is to carry out my contractual obligations. This means that it’s information we need to deliver our services. This personal data includes, names, addresses, email addresses, phone numbers and further information which we need to complete your photography requirements.
The second purpose is to analyse and understand behaviour of our clients to assist us in relation to sales and marketing exercises. For example, to better understand where you heard about us and whether or not you choose to book our services. This is a legitimate interest and a reasonable expectation that most people would have about a business. We collect personal data and perform this analysis using simple spreadsheets.
To deliver images to clients, we make use of a gallery and proofing service: Pixieset Media Inc. When clients share their galleries with friends and family, they will need to enter their email address to gain access to Pixieset, with the email address acting as a login. This allows users to create favourite lists, leave comments and also share images effectively. This is also necessary for the ordering of prints.
For further information about how Pixieset collects and processes personal data please visit the Pixieset website.
Occasionally emails will be sent out with album discounts or promotional offers relating to other photography shoots.
Please email [email protected] if you do not wish to be included in this. Your personal details will never be passed on to third parties for external marketing purposes.
Sharing Information with Third Parties
Other than those third parties mentioned in this Policy and listed below, J S Robertson Photography shall not pass your personal data to any third party.
Your personal data may, subject to my obligations to comply with data protection legislation, be shared with the following third parties:
– Pixieset Media Inc;
– Sprout Studio, CRM software for contract and invoice management;
– Second photographers who join me on wedding shoots and need information to be able to do their job;
– Data aggregators and platform providers as part of an analysis of user metrics or sales performance (including but not limited to Google and Facebook).
– Having taken precautions to maintain the security of such personal data, we may in certain circumstances share personal data with the ICO, and other legal, regulatory and law enforcement bodies;
In certain circumstances we may also share your personal data with third party media businesses for the purposes of marketing our offerings, improving our services, and running a profitable business. These third-party businesses may include, wedding magazines/publications, wedding websites, social media sites, or other outlets, with the aim of raising public awareness of my business.
External Website Links & Third Parties
Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note that they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Clients and Wedding and Wedding Guests Captured in Photos
In terms of explicit GDPR compliance, Wedding clients and guests are photographed within the parameters of GDPR legislation on the basis of ‘legitimate interests’. The taking of photographs of wedding guests when viewed as a form of processing personal data is necessary for the legitimate interests of J S Robertson Photography as a photography business unless there is a good reason to protect a given individual’s personal data which overrides those legitimate interests.
When the images are processed in Lightroom and Photoshop no facial recognition data is added to the image.
Social Media Policy
We adopt a safe and responsible Social Media Policy. While we may have official profiles on social media platforms users are advised to verify the authenticity of such profiles before engaging with or sharing information with such profiles. We will never ask for personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
Display of Images
Security, Storage and Data Retention
J S Robertson Photography stores your personal data in the EEA and we retain full details of your personal data for a maximum of six years after completion of your contract, after which time, it will be deleted. If you would like us to delete your personal data before this time, you have to right to request us to do so.
J S Robertson Photography holds soft copies of your contracts; including, but not limited to, personal details (such as name, email and phone number) and other documents relating to the commission (such as photography lists and day plans). These are safely stored within our encrypted password protected home office PC and encrypted external hard drives. Hard copy contracts are filed in our secure home office. Client photos are safely stored within our password protected home office PC, within your Client Gallery and backed up to encrypted external hard drives. An additional cloud copy of all images is stored on GDPR compliant systems, such as Dropbox or Livedrive.
You have the right to withdraw your consent to be bound by this Notice at any time. If you wish to do so, please use the contact form on our website or complete the attached consent form below and email a copy to [email protected]. You also have the right, as set out above, to withdraw your consent to my processing your personal data.
As well as the right to withdraw consent and exercise any of the above rights mentioned under ‘Your rights under the GDPR’, you also have the right to raise a complaint with a regulatory body. In the United Kingdom, this is the Information Commissioner’s Office (ICO). If you have concerns about the way your data is being processed by an organisation, you can find out more here.
If you want to contact us with questions about your personal data, wish to exercise any of your rights or ask us further detailed questions, please use the contact form on our website or complete the attached consent form and email a copy to [email protected].