Privacy policy

I take your privacy very seriously, and will only use your personal information to administer your account and to provide you with the products and services you have requested from me. In GDPR terminology, I collect your data when: the data subject has given consent to the processing of his or her personal data for one or more specific purposes; and where processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

This Privacy Policy provides an explanation as to what happens to any personal information that you provide to me, or that I collect from you, and your options regarding the ways in which your personal data is used. Please read the following carefully to understand the practices regarding your personal information and how I will treat it. By visiting the Website you are accepting and consenting to the practices described in this policy. If you have any requests concerning your personal information or any queries with regard to my data processing practices, please contact me.

For the purpose of the Data Protection Act 1998 (“the Act”), the data controller (“I” or “me”) is Louise Downham of Louise Rose Photography.

As a data controller, I am registered with the ICO.

I do update this Privacy Policy from time to time so please do review this Privacy Policy regularly.

  1. What information is being collected, who collects it, why is it collected and how is it being collected?
    1. Basic personal contact information (name, email and phone numbers) will be collected through the WordPress booking form at the initial enquiry stage so that I can communicate with the Client by email or phone to discuss their photography session.
    2. Client addresses are collected at checkout (by WooCommerce), so I have the relevant address for the photography session and to deliver products.
    3. Information provided by you if you communicate with me by phone, e-mail or otherwise for any reason.
    4. This information is stored in client management software (Tave), on Google documents and in my Google calendar. It may also be collected through an information gathering survey (using Tave).
    5. Family member’s names (for members present during the photography session) and birth details (for newborn portrait session) may also be collected by me, and saved in Tave or Google documents.
    6. No information collected is classed as special category data.
  2. What is the lawful basis for collecting this client data?
    1. Information is collected on the basis of consent and for contractual purposes.
  3. Use of this data:
    1. I will only contact you when you have provided consent and only by those means you provided consent for.
    2. The information that I collect and store relating to you is primarily used to enable me to carry out my obligations arising from any contracts entered into between you and me. In addition, I may use the information for the following purposes:
      1. To send you an e-newsletter to tell you about a new service or to keep you up to date, if you have opted in to receive marketing information. You may unsubscribe from receiving these e-newsletters using the unsubscribe link in any e-newsletter.
      2. To contact you about a previous order.
  4. Who will client data be shared with?
    1. First names only are used to accompany photographs or testimonials on the website or in marketing materials. Client surnames are not used to protect Client privacy.
    2. Client data has never, and will never, be sold to third parties, or shared with third party companies for marketing purposes beyond the reach of the services that I provide.
    3. Client’s first names are shared with printers, framers, photography retouchers and album suppliers (all of whom are GDPR compliant) for order reference purposes. Surnames are only provided for purposes of embossing the surname on a product ordered by the client.
    4. Digital files of photographs are also shared with these suppliers for the purposes of creating products ordered by clients, or for creating studio samples where client permission has been given to produce such samples.
    5. I use some third party companies, all of which are GDPR compliant: Tavé for client management (certified under the Privacy Shield), Shootproof for back-up of images, Campaign Monitor for newsletters, Google Drive for document management, DPD for courier delivery, Back Blaze for computer backup (pursuing compliance with the EU Privacy Shield framework) and iZettle for product payments (adheres to PCI PTS 4.1). Images may be sent to a third party retouching service based in the US, which is GDPR compliant – first names are shared with them for reference purposes, but no other details.
  5. How long will data be stored for?
    1. Digital photographic files will be retained on my systems, should clients require an additional backup of their images due to loss / fire / theft of original digital copies or products. No charge is made for backing up these files, and accordingly I do not guarantee the safekeeping of files past the date of delivering to clients – the backup is made as an extra measure, just in case it proves helpful one day. If a client wishes for the digital backup to be deleted, they should contact me to request that.
    2. Test prints of ordered files will be stored to support contractual obligations; test prints of unordered images will be destroyed after 12 months.
    3. Client contact information is kept for two years since their most recent portrait session, and then deleted.
  6. Storing personal data
    1. In compliance with the Data Protection Act 1998, personal data supplied to me may be stored for future use.
    2. Password-protection is used on my computer, mobile phone and all cloud storage that I use, and encryption is used on the external hard drives I use for back up.
    3. I may transfer data that I collect from you to locations outside of the European Economic Area for processing and storing. Also, it may be processed by staff operating outside the European Economic Area who work for me or for one of my suppliers. For example, such staff may be engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. I will take all reasonable steps to make sure that your data is treated securely and in agreement with this Privacy Policy.
    4. Data that is provided to me is stored on my secure computer and in secure cloud storage. Details relating to any transactions entered into on my site will be encrypted to ensure its safety.
    5. The transmission of information via the internet is not completely secure and therefore I cannot guarantee the security of data sent to me electronically and transmission of such data is therefore entirely at your own risk.
    6. Where you have given permission for your images to be used as studio samples, I may store printed versions of your photographs (for example as prints, framed prints, albums) at my office or at my home. My shared working office has a securely locked entry and access can only be obtained with a security pass; my home is double locked when unoccupied.
  7. Cookies
    1. My Website uses cookies to distinguish you from other users of the Website. This helps to provide you with a good experience when you browse this Website and also allows me to improve the Website. For detailed information on the cookies I use and the purposes for which I use them see my Cookie policy.
  8. Third party links
    1. You mind find links to third party websites on blog posts within my website. These websites should have their own privacy policies which you should check. I do not accept any responsibility or liability for their policies whatsoever as I have no control over them.
  9. Access to information
    1. The Data Protection Act 1998 gives you the right to access the information that I hold about you. Should you wish to receive details that I hold about you please contact me using the contact details below.
  10. What will be the effect of this on the individuals concerned?
    1. To withdraw consent to storing your data or digital files at any time, please inform me.
    2. If a breach of data protection rules occurs that is likely to result in damage to a person’s reputation, financial loss, loss of confidentiality, or major financial or social disadvantage, I will notify the ICO.
    3. Any complaints, opt-outs or requests to be forgotten should be communicated to me.