Privacy Policy & GDPR Compliance

_Y4A8098.jpg
 

Thank you for your interest in my website. You can use my website without the need to provide any personal data if you wish, however if you are looking to purchase any photography services, the processing of personal data will become necessary.

PRIVACY POLICY & GDPR COMPLIANCE

This policy sets out how and why I collect your personal information, how it is processed and how it is kept secure. By using this website or engaging with me to provide any photographic services, you are agreeing to this privacy policy.

Any and all personal data captured will be in line with the GDPR and any UK data protection regulations.

DATA COLLECTION AND PROCESSING

Gemma Morgan Photography is the controller of data that passes through this website and/or via email. This data is kept private between me and the few other carefully selected data processors, which I have set out below.

DATA WHICH I RETAIN

When visitors make contact via my website to enquire about my services, I capture their names, phone numbers and email address to respond to the enquiry.

Once your event has passed, I take and store photographs from your event on encrypted hard drives, in order to provide the photographic services that you have hired me for.

I keep your photographs for as long as the hard disks that they are stored on are functional in order to provide copies should you ever lose your photographs. This service is provided as a legitimate interest.

If you would like me to remove your photographs from my hard disks and backups after I have delivered your full gallery, I will do so, if you send me an email confirming your request.

When you make a wedding booking with me, I also collect a small amount of personal detail about you, your wedding party and the other wedding suppliers at your wedding, which may be Names, phone numbers, email addresses and social media links.

I may also post photos from your wedding in a variety of places including my website, wedding blogs and on social media. This is detailed in my terms and conditions which you will receive and are asked to sign at the time of booking with me. Should you or any member of your wedding party not wish to be included in this, please let me know by email.

I never capture or hold credit or debit card numbers.

EXTERNAL DATA PROCESSORS

In addition to my own data, I also use a variety of data processors, which are listed below:

Dropbox

Dropbox is a service that provides online data hosting services. I may store a small number of your photographs on Dropbox that I use to share your album with you. They self-certify as compliant with GDPR and I retain your wedding photographs on there for a maximum of 3 months.

Google Suite

Google Suite is a tool for providing services which are available over the internet. I use Google Calendar, Google Mail and Google Drive in order to store information relating to your wedding. Google are fully GDPR compliant. I remove files from Google Drive on image delivery and retain calendar data for up to 7 years in order to be compliant with legal obligations.

Later

Later is a tool for scheduling social media posts and I use it to schedule posts to Instagram and so they hold previews of your wedding photographs. They self-certify as GDPR complaint and retain data for a maximum of 2 years for legitimate interest.

Pixieset

Pixieset is an online photo delivery tool and I use them to send you your photos in high resolution when I have completed editing them. They self-certify as GDPR complaint and they retain data for a maximum of 2 years for legitimate interest.

Stripe

Stripe is a tool for providing credit and debit card payment. I use it, in connection with Pixieset, to provide you with a card payment option for your photographic prints. They self-certify as compliant with GDPR. They process your card details and other information required to make a card transaction, while I do not access or retain any credit or debit card information.

Google Analytics

Google Analytics is a service which provides information about how visitors use a website. I use the information that I gain to provide you with a more effective website. Google is fully GDPR compliant and I have nominated a 38 month period for retaining personal information for legitimate interest.

USE OF COOKIES

Gemma Morgan Photography does not use website cookies at present. This policy will be updated if this situation changes.

Right of confirmation, access, rectification and erasure

You have the right to confirmation, access, rectification and erasure of all the data that I hold on you. For example, if you wish to see the initial contact form you submitted and check it for accuracy, or perhaps following your wedding you’d like to have your details completely removed, then you have that right.

Use of your data

I will use the data you provided me with to communicate with you about your wedding or family photography shoot, sometimes I also like to inform you of any discounts I may have for products or other photography-related communication.

Your data is never shared with anyone else. On the occasion that you have booked a second photographer via myself to attend the wedding, they will receive an itinerary of the day and the emergency contact details incase they need it. This is in paper and email form and will be deleted after the event.

If you would like to ask any questions about any aspect of my privacy policy or the data I store on you then please email gemma@gemmamorganphotography.com