Privacy Policy

Introduction

Want to know what I’m doing with your data? Fear not. I’m not doing anything I shouldn’t be other than using it to do the job you have booked me for. First of all, your data is really important to me, second of all, I have always had a privacy policy in place for the world to read, just now it needs to be even more explicit in a) what data I collect and b) what I do with it.

1. The data I collect:

As a data controller I collect a variety of data in order to deliver my services, and I promise to manage your personal data transparently, fairly and securely. I will look after your data.

Upon initial enquiry: When you make initial contact through my contact form I will collect the following information:

  • Your names
  • Email address
  • Phone number
  • Info on your wedding: like the wedding date; venue and general information
  • How you found me

I collect this information because I want to get to know you and make sure I am the right wedding photographer for you, and I need to store this data so I can respond to you. Once you have booked me, other than the info I already hold as stated above I collect the following information:

  • Your home address (for the contract to make it all legal, and because I sometimes like to send lovely surprises in the post)
  • Additional information about your wedding day, like timings, who’s who, what the theme is, do you have anything fun planned I need to know about
  • Additional emergency contact information
  • Information about other wedding suppliers so I can say hello or credit appropriately when the time comes!

Basically this is all the stuff I need to do my job brilliantly. You’ll know all of the information I collect, because you will have filled it all in, and if there is anything you don’t want to tell me you don’t have to! After the wedding: being a photographic business I also create and manage images as per the contractual agreement(s). I will store things like invoices, contact and contract details for a maximum period of 6 years (for the tax man).

Direct Marketing from me:

Don’t worry I don’t do any paper or random marketing, so you won’t hear from me outside the realms of me providing my service to you. Which might include things like album and print sales. I will of course get in touch to see how you are getting on with wedding planning or just to say hello. Even after I have delivered your awesome photos I might email to say hello or if something reminds me of you, but if you’d like me to stop contacting you at any point – just say.

2. Providing your personal data to others and why:

I will not pass your information to anyone other than those I need to in order to fulfil my services with you. I will never work with a company that is not GDPR compliant. Here’s who will likely store some info on you and why:

  • Subcontractors/Service Providers: I may disclose your contact details to my suppliers or subcontractors as reasonably necessary to deliver sub-contracted services or product orders, such as my gallery host, album company or second shooters. For example if you book a second shooter I will need to disclose the wedding schedule which will include your names, numbers and addresses so they know where to go on the day. The legal basis for this processing is consent. 
  • Any financial transactions through the gallery host relating to product orders are handled by the service providers, pixieset.com
  • Image editing companies: from time to time to keep to deadlines during busy periods I may use an external photo editor to edit your images. They only receive your photo catalogue with something called smart previews, they never receive the images themselves or any other data regarding you.
  • Client management software: I will need to store some information for contracting and invoicing by using client management software in order to fulfil my contract with you.
  • Emergency contact: I always ensure an emergency contact has your name, number and wedding info in case of emergencies e.g. in the case of my death or severe injury. This is so they can ensure, a) there is someone to cover your wedding or b) after the event your photos still get edited and make it to you. I have a system in place that if something bad happens to me it won’t effect your wedding photos.
  • My website: This is where you’ll look around my site, and enter information through contact forms which is then stored securely in the backend, only I have access to this. 
  • Wedding blogs/magazines: A wedding blog may take a fancy to your wedding and ask if it can be featured, fear not I will always ask your permission for this and other than your names and wedding info (that you will provide to me) I will not disclose any other information with the wedding blog, I never give them any data you don’t give me explicit consent to! 
  • Legal bods: I may disclose your personal data to my insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. There are also certain situations in which I may share access to your personal data without your explicit consent; for example, if required by law, to protect the life of an individual, or to comply with any valid legal process, government request, rule or regulation.

3. International transfers of your personal data:

In this section I provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).  Access to these services are GDPR compliant. Here’s a list:

Website: The hosting facilities for my website are situated in USA. 

Image hosting: The locations of my Image Hosting services are situated in the USA.  

Image editing: This varies but currently my image editing suppliers are based in the UK and USA. Transfer of image catalog is through GDPR compliant software.

The legal bit: 

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use or misuse of such personal data by others.

4. How do I keep your personal data secure?

Website forms:

I collect information through forms on my website, which arrives to an email account that has a super secret password that would be pretty tough to guess. Any information you submit through my website you can do so in the safe knowledge that it is one of those fancy HTTPS websites, which means it’s a secure connection by using Secure Socket Layer (SSL) technology when information is submitted to me online.

Google Drive:

The info also sends to a spreadsheet stored in Google Drive so I can keep track of my enquiries and wedding information for those who have booked so I can do things like contract and invoice to the right people, and of course know where I’m going on the wedding day. Only stuff I need to do my job!

Where do I access the data:

My computer and laptop are both super locked down and Gmail asks for a pin code (which comes to my mobile) if I am logging in from a new location (even on the same computer), and if it doesn’t do this it does email to let me know my account was accessed from anywhere other than Bath! I’ll know if it wasn’t me. My phone is one of those fancy iPhones that can only be opened with my thumb print or pin. By the time I noticed either of those were missing I would have contacted the relevant body to lock down my accounts. Especially if I lost my thumb. All of my passwords are different for everything I use, and totally random.

What happens to our data if we don’t book?

I delete information from couples that don’t book after a sufficient period of time (maximum time to the wedding date you enquired about). I check and clear this from both my email and spreadsheet every month. If you have booked I will keep things like invoices, contact and contract details for a maximum period of 6 years (statute of limitations) following final delivery of services. You have the right to tell me to delete any information (like your email) after the 6 years but I’d still quite like to stay in touch so I hope you don’t want me to delete that. Planning information, wedding details and customer notes will be kept for a minimum of one year and a maximum of two years. In the unlikely event of a criminal breach to my security I will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, I will also inform you. 

5. Cookies and Google analytics

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. My service providers use cookies and those cookies may be stored on your computer when you visit our website. You can manage cookies with most browsers, though please note turning off cookies can have a negative impact on the performance of the website.

I use Google Analytics to analyse the use of the website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/

6. Image Use

What do I with your photos?

Face data is it a thing! Here’s how I’ll use the photos other than to deliver a gorgeous gallery to you. You see my photos all over my website? You follow me on instagram? It’s one of the reasons you are going to book me right? In order to run my business I love to sharing photos of real couples having an awesome time on social media channels such as (but not limited to) facebook, instagram and pinterest, using them in printed marketing, entering them into competitions and of course on my website.  Plus after the wedding I love sharing a sneak peek on Facebook so your friends and family who couldn’t be there can see, and you want a new profile picture right?!

It is always really lovely to be able to share the images and helps me do my job. Your images may also be shared with other GDPR compliant blogs and vendors, with your explicit permission.  I do cover image use in my contract and if you’d rather have a none disclosure agreement I am more than happy to do this. I tend to ask multiple times if it is ok to share the images, and will always let you know, so don’t worry you aren’t about to appear on a billboard any time soon.

It’s up to you to make sure your guests are aware they are being photographed and it may end up being in the public domain. Anyone is well within their right to ask me to remove a photo if they’d rather. All they need to do is get in touch with me! I’m really nice like that, honest. 

Where do I store the photos you say?

I store them on hard drives that are kept under lock and key. These are saved as your wedding date and first names only. I don’t think people have cracked stealing your full identity through photos just yet. I keep two hard drives in locked cabinets in two different locations that only I have access to (hence the lock and key). I also store your wedding photos on memory card until I have delivered them to you. Again in a locked cabinet. In different places. Just in case. Once I have delivered your wedding photos a copy is safely stored online, though this gallery won’t be there forever so please do make sure you download a copy and keep it safe too!

7. Changes to my privacy policy and control

I may change this privacy policy from time to time. When I do, I will let you know by changing the date on this policy, notifying clients of only significant changes. I do recommend you check this page from time to time to ensure you are happy with the terms. By continuing to access or use my services after those changes become effective, you agree to be bound by the revised privacy policy.

8. You have the following rights

This bit is a bit more ‘legal’ sounding, but I wanted it to be crystal clear, so you are not under any illusions as to your legal rights.

– the right to be informed about the collection and use of your personal data

– the right of access to your personal data and any supplementary information

– the right to have any errors in your personal data rectified

– the right to have your personal data erased

– the right to block or suppressing the processing of your personal data

– the right to move, copy or transfer your personal data from one IT environment to another

– the right to object to processing of your personal data in certain circumstances

– rights related to automated decision-making (i.e. where no humans are involved) and profiling (i.e. where certain personal data is processed to evaluate an individual).

You can manage your data at any time by emailing emma@heartfulloftea.com or contacting me through the contact form on this website. This includes all of the above; finding out what data I hold on you, changing your data (like if you change your address let me know so we can keep in touch), or ask me to delete your data (though please be aware that you’ll need to make sure you have a copy of your photos because I’ll probably have to delete those to).

This privacy policy was prepared on 24 May 2018 in line with the EU’s General Data Protection Regulation (GDPR), which promotes fairness and transparency for all individuals in respect of their personal data. This privacy policy applies to all data HEART FULL OF TEA processes, and by using HEART FULL OF TEA you consent to the collection and use of such data.

If you would like to get in touch about anything in this policy or about your personal data then please contact Emma Leivers, the Data Protection emma@heartfulloftea.com I hope that has eased any worries you have about what I’ll do with your data, but don’t hesitate to get in touch if you have any questions.