1. Data I collectAs a data controller I collect a variety of data in order to deliver my services. I use my website and a business tool called 17hats to ensure that I collect and manage your personal data transparently, fairly and securely.
1.1. What data do I ask you to provide to us, and why?I collect the following data: firstname, lastname, phonenumber, emailaddress, address, event locations, names and ages of family members attending previous photo sessions, your wedding anniversary (if I photographed your wedding) – I use this data to: Plan your photo session / plan your wedding photography / provide you with information about available products before and after the photo session / send you anniversary or Christmas cards – I collect this data using the lawful basis: Ongoing contracts / Consent –Wedding photography: Names of family members and wedding guests - I will remove names of any wedding guests and family members from my records after the photo session.
2. What personal data do I share with third parties and who are they?I share personal data with the following third parties: 17 Hats – Hosted Client Management System (CRM) holding any personal data and event data you have provided - Data is transferred outside of the European Economic Area to United States. Zenfolio – Image Hosting website for your password protected online gallery - Data is transferred outside of the European Economic Area to United States. Pixellu SmartSlides – Slideshow provider for your personalised slideshow- Data is transferred outside of the European Economic Area to United States. Domainfactory – Email Service Provider and Website Host - Data is transferred within the European Economic Area (EEA) to Germany under the protection of GDPR. Google Mail – Email Service Provider – Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield. Google Analytics – Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield. There are certain situations in which I may share access to your personal data without your explicit consent; for example, if required by law, to protect the life of an individual, or to comply with any valid legal process, government request, rule or regulation.
3. Why do I share data outside of the EUI may transfer personal data to a country outside of the European Economic Area (EEA), for example if a third party I share data with has servers located outside of the EEA. If this is the case I will obtain your consent or otherwise ensure that the transfer is legal and your data is secure by following the EU’s guidelines. You can see above where I send data outside of the EEA and on what basis I do so.
4. How do I keep your personal data secure?I keep your data secure: – by encrypting personal data – by using Secure Socket Layer (SSL) technology when information is submitted to me online In the unlikely event of a criminal breach of my security I will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, I shall also inform you.
5. Retaining and destroying your personal data
I retain information that I collect from you (including your personal data) only for as long as I need it for legal, business, or tax purposes. Your information may be retained in electronic form, paper form, or a combination of both. When your information is no longer needed, I will destroy, delete, or erase it.