New legislation that comes into force from 25th May 2018 requires companies to protect their client’s personal data. What exactly is personal data, I hear you say? According to the official definition; “personal data is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunction with other data, to identify an individual”. Personal data will now include not only data that is commonly considered to be personal in nature (e.g., social security numbers, names, physical addresses, email addresses), but also data such as IP addresses, behavioural data, location data, biometric data, financial information, and much more, including images I take of you, where you can clearly see your face!
Here at Fyshcreative Photography, I am committed to ensuring that your privacy is protected, so that your images or personal info is not abused. This policy will explain exactly how I do that - from what info I hold about you, how I store it, who I share it with and how long I keep it, among other things. This applies to all my clients, both on the portrait side of things and on the wedding side.
In this policy “I”, “we”, “us” and “our”refer to Fyshcreative Photography.
1. What personal information do I collect about you?
In relation to weddings, I may collect the following information:
In relation to studio work, I collect names of the people who will be taking part in the photoshoot and now, I will be required to take DOB too, for any children under 13 years of age. This is because if someone is under 13, parental consent is required to use their data, if they are over 13, they can choose what happens to it themselves.
2. Use of your face-based data
I also collect and store images of you (obviously). According to the GDPR, photographers need to demonstrate reasonable and legitimate use for this. In order to market my business, I have to show images to the world, for example on social media and my website. If you have booked me you probably looked at such photos already. I do ask couples to opt into this in my contract, but you can always decide to keep your wedding or portrait photos private & your contract can be amended to state this.
I will not sell you photos to be used commercially without your consent, if a third party does approach me asking me to look at or buy one of your photos, I will ask your permission first.
I store photos on my PC, on hard drives and once everything has been delivered to you, in a private archive on my website too. I may keep images in this archive indefinitely - this is because I am often asked to find old photos, if for example a customer has lost them.
3. What I do with the data you have given me
All personal data you have given me in relation to a quote or enquiry, either sits quietly in my email inbox or is stored in my quotes section, on paper in a folder within my locked filing cabinet. If you go ahead and book me to photograph your studio session or wedding, this data is also added to my studio management software called Studio Ninja, which helps me manage my workflow. I print out data from studio Ninja and pop it in a ring binder in my locked filing cabinet in my office, just so that in the unlikely event that Studio Ninja was to break, I still have a hard-copy back up of all your relevant information.
In addition, all face based data, e.g. the photographs I take, may also on occasions, be transferred to and stored at a destination outside the European Economic Area (“EEA”), this is for the purpose of editing or fulfilling orders.
I use an Italian company called Graphistudio for wedding albums and Zenfolio for print and product orders. In addition, I also use a clipping company, based in India, to edit all studio photos, taken on my white backdrop. At busy times, I may also outsource other portrait & wedding editing.
4. Privacy & Individuals Rights
The GDPR includes the following rights for individuals:
5. Lawful Processing of Data
I only process data in relation to enquiries and booking conversations with clients. The processes and systems I have in place are designed with your privacy in mind
6. Access Requests
If you would like to access the data I have on you, you can request this in writing via email. Such requests are free. Please email me at firstname.lastname@example.org
So what does ‘consent’ mean with GDPR:
GDPR definition: “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”
When you book me to photograph your portrait or wedding, you’ll receive a contract which covers consent and this will give you the opportunity to select how your photos are used by me after the wedding date.
8. Consent & Guest Photos
Throughout the wedding day, I will aim to get photos of all of your guests. During the main family and friends photos, I will work on the assumption that everyone is happy for me to photograph them and in the case of children, I will assume the parent or legal guardian has given consent.
When it comes to other guests e.g. evening reception guests, I work on the basis of ‘assumed consent’ for documentary coverage. I will verbally ask for consent from the people I intend to photograph in any organised or posed photograph. If they decline, I will take steps to omit them from the backgrounds of other photos where possible. As a result, you may notice one or two people missing from the final photo selection. If they say yes, I will take this as ‘express consent’. With GDPR, consent can be withdrawn later without reason. So, for example, if a guest does not want their image on social media, I will remove it - they just need to get in touch and let me know.
9. Photo removal
You and your guests do have a right NOT to be featured on my website. I will work on the assumption that your guests are happy for me to use their images in this way. If any of your guests contact me and request that their photo is removed, I will remove the whole photo.
10. Promotional emails
I will only email you in relation to an enquiry, or a question you have asked me, or in relation to other, important reasons relating to your enquiry or wedding booking.
Precautions are taken on my website and social media accounts to ensure they are as secure as possible. This reduces the chance of data being stolen via hacking or malware.
12. GDPR Compliance
I am committed to keeping up to date with changes in legislation as they occur to remain GDPR compliant. For the purposes of this policy, I am the acting data controller with repsect to the personal data of all Fyshcreative Photography customers.