Date this Notice was created: 10th May 2018
Date this Notice was last modified: 14th May 2018
1. The Data we collect, how I use it and why
We will also record a date of birth for all persons we photograph under the age of 13 and require the parent or a legal guardian to consent to photography. Obviously being a photographic business we also create and manage images as per our contractual agreement(s). We use the above data to to deliver our service to you / For marketing purposes / Personalise your experience / To provide account access.
We collect this data on the following lawful basis: Consent / To arrange or fulfill a Contract / To meet a legal obligation other than a Contract.
Cookies and website visitor tracking
This website makes use of several cookies, most notably ones relating to Google Analytics and Facebook Pixel. I also make use of a plugin that enables me to defend against malicious attacks, which uses a cookie to understand whether you are a genuine user or a robot.
Client contact information
The second purpose is for me to analyse and understand behaviour of my clients to assist me in relation to sales and marketing exercises. For example, to better understand where you heard about me and whether or not you choose to book me. This is a legitimate interest and a reasonable expectation that most people would have about a business. I collect personal data into and perform this analysis using simple spreadsheets.
Email Mailing List & Marketing Messages
More detailed information
2. Compliance declaration
Both DHP and this website comply with the DPA, GDPR and PECR. The GDPR comes into effect on the 25th May 2018. This Notice is updated whenever changes are made to relevant data protection legislation.
3. Your rights under the GDPR
Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows:
– the right to be informed about the collection and use of your personal data
– the right of access to your personal data and any supplementary information
– the right to have any errors in your personal data rectified
– the right to have your personal data erased
– the right to block or suppressing the processing of your personal data
– the right to move, copy or transfer your personal data from one IT environment to another
– the right to object to processing of your personal data in certain circumstances, and
– rights related to automated decision-making (i.e. where no humans are involved) and profiling (i.e. where certain personal data is processed to evaluate an individual).
Most of these Rights will apply to your personal data and how it is processed by Dora Horvath Photography, but some (such as the right to data portability and rights related to automated decision making including profiling) are not relevant to this business at the time of writing.
4. Sharing information with third parties
- Smugmug, as further described above;
- Activecampaign, CRM software for contract and customer relationship management;
- Having taken precautions to maintain the security of such personal data, I may in certain circumstances share personal data with the ICO, and other legal, regulatory and law enforcement bodies;
- In anonymised form, I may share personal data with:
- Any third party, in relation to the sale of some or all of my business, or its assets, or as part of any business restructuring or reorganisation. I will take steps with the aim of ensuring that your rights continue to be protected if your personal data is transferred in accordance with this clause; and
- Data aggregators and platform providers as part of an analysis of user metrics or sales performance (including but not limited to Google and Facebook).
In certain circumstances I may also share your personal data with third party media businesses for the purposes of marketing my offerings, improving my services, and running a profitable business. These third party businesses may include, newborn magazines/publications, photography websites, social media sites, or other outlets, with the aim of raising public awareness of my business.
4. Security, storage and data retention
We will retain your data for a period of 7 years. After this time we will archive your photographs indefinitely along with your relevant details and consent forms. This is due to requests for replacement images being made several years after being taken. If you would like me to delete your personal data before this time, you have to right to request me to do so.
If you ask me to post your products, we always mail photographs/media using signed for courier or mail services.
Client data held on file
- phone numbers
within soft copy and sometimes hard copy contracts as well as soft copy client ‘day plan’ documents. Soft copy contracts and day plans are safely stored on my password protected home office Laptop and also kept on file on GDPR compliant Gmail servers.
Client photos are safely stored within my password protected home office Laptop and backed up to two encrypted external hard drives.
Any downloadable documents, files or media made available on this website, and in addition via the Smugmug portal for client gallery downloads, are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available, users are advised to verify their authenticity using third party anti-virus software or similar applications.
In the unlikely event of a criminal breach of our security we will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, we will also inform you.
ng signed for courier or mail services.