I'm committed to ensuring that your privacy is protected. I am also committed to providing you with an informative and safe website, without the worry of your personal information being used inappropriately. While you are browsing my website (that's www.photographybygrace.co.uk in case you've forgotten already!) some information is collected about you. This information, which is typical of most websites, helps me to know how many people visit the site and how I can best serve you.
WHAT IS GDPR
I consider internet users' privacy and data protection to be really important, so let's talk about what I do (or don't do) to stay GDPR compliant.
'What's GDPR?' you ask? The General Data Protection Regulation (GDPR) comes into effect as of May 25th 2018, and effectively gives you lots of control over your personal data - in particular that of your digital personal data (i.e. anything you do online.) My website, and anything in relation to the processing of personal data supplied to me by users (that's you!) and other personal data in my possession for any reason - must be GDPR compliant. I have done my very upmost to ensure that it is, and I have put this policy in place to assure you of the ways I use your data.
what gdpr requires me to do
I promise not to collect, use or disclose your personal information for any purpose other than those identified below, except with your consent or as required by law.
SITE ACTIVITY DATA
Each time you visit my website (www.photographybygrace.co.uk) the web server (that's Squarespace) collects and logs certain information. I keep these access logs for up to seven days, where they are then deleted. Google Analytics is also connected to this website and it collects these access logs for up to 38 months. The digital logs Squarespace and Google Analytics collect include information about (but not limited to), things like: your computer’s IP address, your username (if you have one), the date, time and the files and pages accessed. These logs also contain information about referrer information, such as if you clicked on an external link (like Facebook, Instagram or an article you read somewhere) in order to access a web page here. I use these logs solely for performance, site administration and security reviews. I do not sell or share this information with any third party, and all access is via password protection which only I hold the information to (and, by the way, is never written down anywhere.)
Let's talk about cookies! Sadly not the edible kind we all know and love.
In general, cookies are used to retain user (that's you!) preferences, and to provide anonymous tracking data to third party applications like Google Analytics (aforementioned above). This website is connected to Google Analytics and Squarespace's own analytics (also mentioned above). The information on Google Analytics is deleted after 38 months, and on Squarespace host, is deleted after seven days. As a rule, cookies will make your browsing experience better, but you are welcome to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.
I collect personal information about you, such as your name (so I know who to call you by!), email address (so I can reply to your enquiry), telephone number (so I can text you briefly to let you know my reply hasn't gone awol!), date of your wedding or event (so we are on the same page about your enquiry), and I also like to know a bit more about your plans (don't worry - I won't share your soppy love story with everyone!) During the enquiry stage, this is only information that you voluntarily provide to me. For example, I may receive personal information about you when you send me an email through my website's contact form.
Later, if you decide to book, further information will likely be required so that I can do my job! This is information such as your address (so I can send you your contract and lovely photo delivery!), the address/es for your event location (so I know where to turn up!), names of your friends and family (helpful for weddings - if you'd prefer, just refer to people as 'aunt and uncle' for example) and any other personal things you might like to tell me. I collect this information via an online form, which you won't have the link to unless I send it to you and I only send you this link once you've booked, so that I collect as little personal data as possible, and only when necessary.
All of this information is retained for a minimum of six years and a maximum of twenty years. Why six years? The legal minimum I have to keep information (for tax return purposes) is six years - both in digital form and in paper form (but that's more relevant to me and my receipts!). Any paper-based information is stored in a folder which I lock away if I am not at home.
I do not sell any personal information I receive through my website to any third party (such as Facebook, email or Instagram) nor will I add such information to any email list I may prepare.
Up until May 2018, Grace Elizabeth did not offer a newsletter service. As of June 2018, Grace Elizabeth now has a newsletter service, offered via the GDPR compliant service MailChimp. To sign up, you must enter your first name and email address, and an email will then be sent to you automatically by MailChimp to ask you to click a link to confirm that you signed up. This is known as a double opt-in and makes sure you didn't sign up accidentally. If you do not click the confirmation link in your automatic email to double opt-in, you will not be signed up.
I never use your information unlawfully, and you may unsubscribe at any time (the button is at the bottom of any email you receive from me.) I will not spam you with emails, and access to my MailChimp account is via a password which only I know.
YOUR DATA RIGHTS: THE DATA I HOLD ABOUT YOU
I am happy to discuss the information I have on record for you at any time, and, if at any time you request for this information to be deleted, I am happy to complete this request for you. Photographic identification (such as a passport or driving license) and proof of your current address (such as a recent utility bill) will be needed in order to confirm your identity prior to processing the removal or querying of your personal information. Please get in contact via emailing firstname.lastname@example.org for more information.
YOUR DATA RIGHTS: IMAGE USE
The ICO is a little unclear about what we photographers can do with photos of your face (because technically it is personal data) so I will explain my current process:
I love to share the beautiful images I take of my lovely wedding and portraiture clients, but I only do so once you have signed a contract with me. I do not undertake any work without the signing of a contract which covers many clauses to set out your expectations of me, and my expectations of you. I use Shootproof (a service which is, as of June 2018, GDPR compliant) to deliver my contracts and online galleries (if you have opted for the latter), which is a password protected online service that allows me to input the data you voluntarily give me, so that I can send you a contract, or let you into your beautiful password-protected image gallery.
In signing a contract with me, there is a clause within my contract that explains how I like to use the images I take for purposes such as social media and marketing. This usually includes posting them on social media, on my website, printing them for products to take to fairs and events, sending them to wedding blogs for publication, and showing other clients who would like to see more of my work. I do not presume that you give me your consent for this, so after you have booked, you will be linked to one of my online questionnaires (specific to whether you are booking a wedding or lifestyle session) with explicit tick boxes, where you are able to select how I may or may not use your images. Each use is clearly outlined. This data is retained in relevance to your wedding or session.
If at any stage you decide you no longer wish for me to use your images or want to alter which images I can or cannot use, let me know via contacting me at email@example.com and I will of course honour your request!
For work that I do on a model call basis, or for personal projects, a contract is not required, but you absolutely must sign a model release, allowing full use of the images. If you are over 18, you may legally sign, although an adult must sign for children under 18.
DATA STORAGE AND SECURITY
I take the storage and collection of your data really seriously. I for one do not like the idea of my own data being stolen, so I have implemented various technical and organisational measures to ensure the most complete protection of your personal information, to prevent loss, misuse or alteration of this data (whether it be personal data or images - as I said, the ICO is a bit fuzzy about images.) However, Internet-based data transmissions surrounding third-party websites may have security gaps beyond my control, so absolute protection may not be guaranteed. For this reason, every person is welcome to transfer personal data via alternative means, e.g. by telephone. Any personal data I store about you (always digitally) is secured via unique login and password information on secured devices and online where necessary. This security information is never written down or reused elsewhere to ensure secure processing and management of your data.
THIRD PARTY WEBSITES
From time to time, I may link to third party websites such as wedding blogs, and other cool places, but I do not take responsibility for the content of these websites. Of the ones I do use for my business (Drobpox, Shootproof and the like) these are all becoming (if not already) GDPR compliant.
CONTACT FROM GRACE ELIZABETH