I'm committed to ensuring that your privacy is protected. I am also committed to providing you with an informative and safe website, without the worry of your personal information being used inappropriately. While you are browsing my website (that's www.photographybygrace.co.uk in case you've forgotten already!) some information is collected about you. This information, which is typical of most websites, helps me to know how many people visit the site and how I can best serve you.
WHAT IS GDPR
I consider internet users' privacy and data protection to be of high importance, so let's talk about what I do (or don't do) to stay GDPR compliant.
'What's GDPR?' you ask? The General Data Protection Regulation (GDPR) comes into effect as of May 25th 2018, and effectively gives you lots of control over your personal data - in particular that of your digital personal data (i.e. anything you do online.) My website, and anything in relation to the processing of personal data supplied to me by users (that's you!) and other personal data in my possession for any reason - must be GDPR compliant. I have done my very upmost to ensure that it is.
what gdpr requires me to do
I promise not to collect, use or disclose your personal information for any purpose other than those identified below, except with your consent or as required by law.
SITE ACTIVITY DATA
Each time you visit my website (www.photographybygrace.co.uk) the web server (that's Squarespace) collects and logs certain information. I keep these access logs for up to seven days, where they are then deleted. Google Analytics is also connected to this website and it collects these access logs for up to 38 months. The digital logs Squarespace and Google Analytics collect include information about (but not limited to), things like: your computer’s IP address, your username (if applicable), the date, time and the files and pages accessed. These logs also contain information about referrer information, such as if you clicked on an external link (like Facebook, Instagram or an article you read somewhere) in order to access a web page here. I use these logs solely for performance, site administration and security reviews. I do not sell or share this information with any third party, and all access is via strict password protection which only I hold the information to (which, by the way, is never written down anywhere.)
Let's talk about cookies! Sadly not the edible kind we all know and love.
In general, cookies are used to retain user (that's you!) preferences, and to provide anonymous tracking data to third party applications like Google Analytics (aforementioned above). This website is connected to Google Analytics and Squarespace's own analytics (also mentioned above). The information on Google Analytics is deleted after 38 months, and on Squarespace host, is deleted after seven days. As a rule, cookies will make your browsing experience better, but you are welcome to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.
I collect personal information about you, such as your name (so I know who to call you by!), email address (so I can reply to your enquiry), telephone number (so I can text you briefly to let you know my reply hasn't gone awol!), date of your wedding or event (so we are on the same page about your enquiry), and I also like to know a bit more about your plans (don't worry - I won't share your soppy love story with anyone!) During the enquiry stage, this is only information that you voluntarily provide to me. For example, I may receive personal information about you when you send me an email through my website's contact form.
Later, if you decide to book, further information will likely be required so that I can do my job! This is information such as your address (so I can send you your contract and lovely photo delivery!), the address/es for your event location (so I know where to turn up!), names of your friends and family (helpful for weddings - if you'd prefer, just refer to people as 'aunt and uncle' for example) and any other personal things you might like to tell me.
All of this information is retained for a minimum of six years and a maximum of twenty years. Why six years? The legal minimum I have to keep information (for tax return purposes) is six years - both in digital form and in paper form (but that's more relevant to me and my receipts!). Any paper-based information is stored in a folder which I lock away if I am not at home.
I do not sell any personal information I receive through my website to any third party (such as Facebook, email or Instagram) nor will I add such information to any email list I may prepare. As of April 2018, Grace Elizabeth does not offer a newsletter service. If a newsletter service is created (to be honest I will likely never have time to do so!), your details will never be added to it without your permission.
YOUR DATA RIGHTS: THE DATA I HOLD ABOUT YOU
I am happy to discuss the information I have on record for you at any time, and, if at any time you request for this information to be deleted, I am happy to complete this request for you. Photographic identification (such as a passport or driving license) and proof of your current address (such as a recent utility bill) will usually be needed in order to confirm your identity prior to processing the removal or querying of your personal information. Please get in contact via emailing firstname.lastname@example.org for more information.
YOUR DATA RIGHTS: IMAGE USE
The ICO is a little unclear about what we photographers can do with photos of your face (because technically it is personal data) so I will explain my current process:
I love to share the beautiful images I take of my lovely wedding and portraiture clients, but I only do so once you have signed a contract with me. I do not undertake any work without the signing of a contract which covers many clauses to set out your expectations of me, and my expectations of you. I use Shootproof (a service which is becoming GDPR compliant) to deliver my contracts and online galleries (if you have opted for the latter), which is a password protected online service that allows me to input the data you voluntarily give me, so that I can send you a contract, or let you into your beautiful password-protected image gallery.
In signing a contract with me, there is a clause within my contract that states that you allow me to use the images for purposes such as marketing. This usually includes posting them on social media, on my website, printing them for products to take to fairs and events, sending them to wedding blogs for publication, and showing other clients who would like to see more of my work. If you are uncomfortable with this from the outset, let me know, and I will alter the contract clause to respect your wishes before you sign. If you are happy with the clause as it is, I will use your images in this way and we can all share them as we like! I usually always let people know if I plan to submit their wedding to wedding blogs (many of whom have published my work already!), as I know for some, this isn't their jam!
If at any stage you decide you no longer wish for me to use your images or want to alter which images I can or cannot use, let me know via contacting me at email@example.com and I will of course honour your request!
For work that I do on a model call basis, or for personal projects, a contract is not required, but you absolutely must sign a model release, allowing full use of the images. If you are over 18, you may legally sign, although an adult must sign for children under 18.
DATA STORAGE AND SECURITY
I take the storage and collection of your data really seriously. I for one do not like the idea of my own data being stolen, so I have implemented various technical and organisational measures to ensure the most complete protection of your personal information, to prevent loss, misuse or alteration of this data (whether it be personal data or images - as I said, the ICO is a bit fuzzy about images.) However, Internet-based data transmissions surrounding third-party websites may have security gaps beyond my control, so absolute protection may not be guaranteed. For this reason, every person is welcome to transfer personal data via alternative means, e.g. by telephone. Any personal data I store about you (always digitally) is secured via unique login and password information on secured devices and online where necessary. This security information is never written down or reused elsewhere to ensure secure processing and management of your data.
THIRD PARTY WEBSITES
From time to time, I may link to third party websites such as wedding blogs, and other cool places, but I do not take responsibility for the content of these websites. Of the ones I do use for my business (Drobpox, Shootproof and the like) these are all becoming (if not already) GDPR compliant.
CONTACT FROM GRACE ELIZABETH