GDPR PRIVACY POLICY

In very basic terms I/we totally respect your personal information and will only ask you for what information we really need from you. Will look after it in the same way I/we would want ours looking after, keeping it secure! I/we will only share it with others where we need their help us deliver our service to you (such as our professional printing laboratory who may need your name and address to post your purchases). Be assured that we will never share your information in any other circumstances – nor will I/we sell it on elsewhere! Here are more details –

Introduction

Dora Horvath Photography takes your privacy very seriously. This privacy policy has been prepared in line with the EU’s General Data Protection Regulation (GDPR), which promotes fairness and transparency for all individuals in respect of their personal data. This privacy policy applies to all data we process, and by using Dora Horvath Photography you consent to our collection and use of such data.

We may change this privacy policy from time to time. When we do, we will let you know by changing the date on this policy, notifying customers of only significant changes. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised privacy policy.

Date this Notice was created: 10th May 2018

Date this Notice was last modified: 14th May 2018

1. The Data we collect, how I use it and why

As a data controller we collect a variety of data in order to deliver our services, and we will manage your personal data transparently, fairly and securely. We may ask you to provide us the following data: (First Name, Last Name, Email, Postal Address, Postcode, Telephone Number, Images, Baby’s name, baby’s gender, baby’s date of birth, Weight of baby, Delivery/postpartum, Participiant’s name.

We will also record a date of birth for all persons we photograph under the age of 13 and require the parent or a legal guardian to consent to photography. Obviously being a photographic business we also create and manage images as per our contractual agreement(s). We use the above data to to deliver our service to you / For marketing purposes / Personalise your experience / To provide account access.

We collect this data on the following lawful basis: Consent / To arrange or fulfill a Contract / To meet a legal obligation other than a Contract.

Cookies and website visitor tracking

When using this website, you have the choice to agree to or decline cookies. Cookies are small files installed on your browser device that allow websites like this, and many others, to find out more about your browsing behaviour. For DHP, the purpose of using cookies is to better understand visitor demographics to this site so that improvements can be made, as well as informing marketing and sales strategies in the future.

This website makes use of several cookies, most notably ones relating to Google Analytics and Facebook Pixel. I also make use of a plugin that enables me to defend against malicious attacks, which uses a cookie to understand whether you are a genuine user or a robot.

The lawful basis for the use of these cookies is your given consent. Since March 2018, this website has made use of a Cookie Notice that actively seeks confirmation of your acceptance or denial to the use of cookies.

Client contact information

I use personal data, provided directly and voluntarily to me by clients, for two purposes. The first is to carry out my contractual obligations. This means that it’s information I need to do my job. This personal data includes, names, addresses, email addresses, phone numbers and further information which I need to complete your photography requirements.

The second purpose is for me to analyse and understand behaviour of my clients to assist me in relation to sales and marketing exercises. For example, to better understand where you heard about me and whether or not you choose to book me. This is a legitimate interest and a reasonable expectation that most people would have about a business. I collect personal data into and perform this analysis using simple spreadsheets.

Email Mailing List & Marketing Messages

In the future we may operate an email mailing list program, used to inform subscribers about products, services and/or latest news. Users can subscribe through an online automated process only where they have given their explicit permission. Subscriber personal details are collected, processed, managed and stored in accordance with the DPA / GDPR regulations named above. Subscribers will be able to unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages. The type and content of marketing messages subscribers receive, and if it may contain third party content, will be clearly outlined at the point of subscription.

More detailed information

If you want to contact me with questions about your personal data, wish to exercise any of your rights or ask me further detailed questions, please use the contact form at the bottom of this page.

2. Compliance declaration

Both DHP and this website comply with the DPA, GDPR and PECR. The GDPR comes into effect on the 25th May 2018. This Notice is updated whenever changes are made to relevant data protection legislation.

3. Your rights under the GDPR

This website complies with the DPA (Data Protection Act 1998) and the GDPR (General Data Protection Regulation), effective from May 2018.

Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows:

– the right to be informed about the collection and use of your personal data

– the right of access to your personal data and any supplementary information

– the right to have any errors in your personal data rectified

– the right to have your personal data erased

– the right to block or suppressing the processing of your personal data

– the right to move, copy or transfer your personal data from one IT environment to another

– the right to object to processing of your personal data in certain circumstances, and

– rights related to automated decision-making (i.e. where no humans are involved) and profiling (i.e. where certain personal data is processed to evaluate an individual).

Most of these Rights will apply to your personal data and how it is processed by Dora Horvath Photography, but some (such as the right to data portability and rights related to automated decision making including profiling) are not relevant to this business at the time of writing.

4. Sharing information with third parties

Other than those third parties mentioned in this Notice and listed below, Dora Horvath Photography shall not pass your personal data to any third party. Your personal data may, subject to my obligations to comply with data protection legislation, be shared with the following third parties:

Smugmug, as further described above;
Activecampaign, CRM software for contract and customer relationship management;
Having taken precautions to maintain the security of such personal data, I may in certain circumstances share personal data with the ICO, and other legal, regulatory and law enforcement bodies;
In anonymised form, I may share personal data with:
- Any third party, in relation to the sale of some or all of my business, or its assets, or as part of any business restructuring or reorganisation. I will take steps with the aim of ensuring that your rights continue to be protected if your personal data is transferred in accordance with this clause; and
- Data aggregators and platform providers as part of an analysis of user metrics or sales performance (including but not limited to Google and Facebook).

In certain circumstances I may also share your personal data with third party media businesses for the purposes of marketing my offerings, improving my services, and running a profitable business. These third party businesses may include, newborn magazines/publications, photography websites, social media sites, or other outlets, with the aim of raising public awareness of my business.

4. Security, storage and data retention

Dora Horvath Photography stores your personal data in the EEA and retains full details of your personal data for as long as it takes to complete your photography requirements.

We will retain your data for a period of 7 years. After this time we will archive your photographs indefinitely along with your relevant details and consent forms. This is due to requests for replacement images being made several years after being taken. If you would like me to delete your personal data before this time, you have to right to request me to do so.

If you ask me to post your products, we always mail photographs/media using signed for courier or mail services.

Client data held on file

We take care over the processes around looking after personal data stored on our physical systems. Dora Horvath Photography holds the following personal data of clients:

names
addresses
phone numbers

within soft copy and sometimes hard copy contracts as well as soft copy client ‘day plan’ documents. Soft copy contracts and day plans are safely stored on my password protected home office Laptop and also kept on file on GDPR compliant Gmail servers.

Client photos are safely stored within my password protected home office Laptop and backed up to two encrypted external hard drives.

Any downloadable documents, files or media made available on this website, and in addition via the Smugmug portal for client gallery downloads, are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available, users are advised to verify their authenticity using third party anti-virus software or similar applications.

In the unlikely event of a criminal breach of our security we will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, we will also inform you.

ng signed for courier or mail services.

5. Your consent

By using this site and/or engaging me on my Terms and Conditions, you agree to be bound by this Notice.

6. Your right to withdraw consent

You have the right to withdraw your consent to be bound by this Notice at any time. If you wish to do so, please use the contact form at the bottom of this page. You also have the right, as set out above, to withdraw your consent to my processing your personal data.

7. Your right to lodge a complaint

As well as the right to withdraw consent and exercise any of the above rights mentioned under ‘Your rights under the GDPR’, you also have the right to raise a complaint with a regulatory body. In the United Kingdom, this is the Information Commissioner’s Office (ICO). If you have concerns about the way your data is being processed by an organisation, you can find out more here.

8. Social media policy & usage

We adopt a safe and responsible Social Media Policy. While we may have official profiles on social media platforms users are advised to verify the authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.

9. Display of images

We may display any photographs to promote Dora Horvath Photography on the Dora Horvath Photography website and blog, on social media, on newborn photography blogs, on newborn photography related websites, in exhibitions, in advertising, brochures, magazine articles and other such material, providing that the images used are used lawfully and without damage to Dora Horvath Photography’s client(s). The rights of the people captured in these photographs are protected by Dora Horvath Photography as detailed in this privacy policy.