What is GDPR?
The General Data Protection Regulation comes info force on the 25th May 2018. The GDPR is basically an update to the current Data Protection Laws. It’s all about giving you more rights over who has your data and what they can do with it.
How does this affect Claire Christopher Photography and you?
It doesn’t have a massive change. I’m very careful with the data I collect. I keep it safe and I don’t sell it on. I only collect the basic data I need and I only use it in a way you’d expect your wedding photographer to.
What data do I collect and why?
When you first contact Claire Christopher Photography I collect the following information:
– Your names
– Contact details: address, email addresses, telephone numbers
– Date and location of your wedding
I use this information to make sure I can get in contact with you and if you proceed then to finalise the wedding details, respond to any questions you have, deliver your gallery, deliver physical products such as albums and contact you about your images.
I collect this information as a Legitimate Interest. In effect I use the data I collect in way in which you probably expect me to and in a way that minimises any privacy issues.
What do I do with this information?
When you first get in touch to enquire about your wedding I collect your names, email address and telephone number. I use this information to respond to your enquiry. If you don’t go ahead and book that form and your data stays in my ‘Enquiries’ folder on my emails for 12 months. My email provider is fully GDPR compliant and my email is password protected. After 12 months your email and your data are deleted.
If you go on to book I’ll collect a little more info from you – your address and the date and venue of your wedding. All that information, along with your names, email address and telephone number is stored in two places – my email and my online diary. Again both GDPR compliant and password protected. I’ll keep that info for up to 18 months after your wedding in case you need to contact me or I need to contact you.
Who do I share this data with?
I’m really careful who I share your data with and only share where there is a Legitimate Interest in doing so. Here are the third parties I use.
– My second photographers. If you’ve booked a second photographer for your wedding, just before the wedding I’ll provide them with your names, an emergency contact number for you and details of where you’ll be getting ready. Otherwise they’d have trouble finding you!
– The online gallery provider
– Album and print suppliers
– My online calendar and email provider
All my third party suppliers are fully GDPR compliant. They will never contact you directly unless you have requested that they do so.
Photographs are data?
Photographs are data, the ICO state that “personal data is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunctionwith other data, to identify an individual.”
I will only use your images for the following purposes:
– I will deliver them to you on an online gallery and if purchased prints or albums.
– I will store your images safely for a minimum of 12 months. There is no limit on how long I may keep your photographs.
– Providing you agree then I will use your images on my website, blog and marketing materials. I will create an online slideshow and a personalise blog post for you.
– I often submit weddings to outside wedding blogs. I will contact you for your permission to do so and to share your images if requested not to do so.
Rights of the Individual
GDPR has brought in some new rights that you should be aware of.
- The right to be forgotten: A person may request that a business or organisation deletes all data about them without undue delay so if you want photographs deleted you will both need to consent.
- The right to object: A person may prohibit certain data usage. You can come to me at any point before or after the wedding and ask me not to use your data in a certain way.
- The right to rectification: A person may request that incomplete data be completed, or incorrect data be corrected.
- The right of access: A person has the right to know what data about them is being processed and how.
- The right of portability: A person may request that personal data held by one business or organisation is transported to another – this doesn’t apply to images.
My website is kept as secure as possible. All the online places I store your data are all password protected and GDPR compliant.
Linking to and from other websites
I am both the data processor and data controller for Claire Christopher Photography. If you need to contact me you can do so here. I aim to make sure I’m always keeping up to date with changes and remain GDPR compliant. If you have any questions at all just get in touch.
Access to stored data
If you have any questions about data we hold about you, please feel free to contact us. You may request a copy of any data we store about you – and we will comply with any requests as per the guidance of the Information Commissioner’s Office.
If you would like any clarification on how we collect, store or process your data – please contact us directly. If you would like further information on the legal guidelines we operate within, or have any concerns about how we use your data, please check the ICO’s website at https://ico.org.uk