At Mckenzie Brown Photography, I am committed to maintaining the trust and confidence of visitors to my web site and to my clients.
As part of running Mckenzie Brown Photography, I need to gather and use certain information about individuals. These can include clients, suppliers, business contacts, employees and sub-contractors. My data protection policy is designed to:
- Comply with current data protection law and follow good practice
- Be completely open about how I store and processes an individual’s data
- Put in place measures to protect against the risk of data breach
- Protect the rights of any staff, clients, or partners
Mckenzie Brown Photography is owned and managed by Natalie Brown. Natalie Brown has sole responsibility for ensuring Mckenzie Brown Photography is GDPR compliant. Natalie is responsible for:
- Reviewing all data protection procedures and related policies, in line with the GDPR.
- Handling data protection questions from clients and anyone else covered by this policy.
- Dealing with requests from individuals to see the data that Mckenzie Brown Photography holds about them.
- Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
- Performing regular checks or scans to ensure security hardware and software is functioning properly.
- Evaluating any third-party services the company uses/plans to use to store data.
WHAT DATA DO I COLLECT?
The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.
They enable me to:
- Estimate my audience size and usage pattern.
- Speed up your searches.
- Store information about your preferences, thereby allowing me to customise my site according to your individual interests.
- Recognise you when you return to my site.
HOW DO I DISABLE COOKIES?
If you want to disable cookies you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers are set out below: –
For Microsoft Internet Explorer:
- Choose the menu “tools” then “Internet Options”
- Click on the “privacy” tab
- Select the setting the appropriate setting
For Google Chrome:
- Choose Settings> Advanced
- Under “Privacy and security,” click “Content settings”.
- Click “Cookies”
- Choose Preferences > Privacy
- Click on “Remove all Website Data”
For Mozilla Firefox:
- Choose the menu “tools” then “Options”
- Click on the icon “privacy”
- Find the menu “cookie” and select the relevant options
For Opera 6.0 and further:
- Choose the menu Files”> “Preferences”
When someone visits Mckenzie Brown Photography’s website, I use a third-party service, Google Analytics, to collect standard Internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of my site. Google Analytics records data such as your geographical location, device, Internet browser, operating system and your computer’s IP address. However, this information is processed in a way, which does not identify anyone. I do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
This website uses WordPress 4.9.6 Platform. The WordPress core software is GDPR compliant. WordPress.org collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. WordPress records data such as your geographical location, device, Internet browser, operating system and your computer’s IP address. However, this information is processed in a way, which does not personally identify anyone. WordPress does not disclose the identities of individuals to me ever.
This website is hosted by Siteground within a UK data centre. Some of the data centre’s more notable security features are as follows: All facilities are well protected by 24×7 human security, biometrics, access control mantraps, bulletproof lobbies, and video surveillance. All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
Mckenzie Brown Photography website uses a contact form. This feature asks for your name and email address so that I can respond to your message or enquiry. The information you provide on the contact form goes directly to my email account and is not stored on my website. This information is never shared.
I use Gmail by Google, a third-party provider, as my email software.
If you decide NOT to book my services, your personal data (name, email address and date & location of your wedding/shoot) will be deleted from my system within a 6-month period (or up to the date of your wedding should this be longer.) This is to ensure that should you change your mind, my service will be both personalised to you and efficient (in that you will not have to repeat information.) However, I NEVER disclose this information to any other parties or use your details for any advertising or marketing purposes.
On my blog pages, you are able to leave comments. Leaving a comment on this page will save the following information to my website database:
- Your Comment
- The name and email address you enter with your comment.
- Your computer’s IP address
- The time and date that you submitted the comment
This information is only used to identify you as a genuine contributor so that other visitors to the site and potential customers can see that you are real. In this instance only your name will be visible on the public facing website (although, if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed.)
The aforementioned information is never passed on to anyone. Your comments and associated personal data will remain on my website until I remove it. Should you wish to have your comments and associated personal data deleted, please email me directly at firstname.lastname@example.org
Please note that if you are under 16 years of age you MUST obtain parental consent before posting any comments on my website. It is also prudent to avoid entering any personally identifiable information in the actual comment field.
As part of the registration process for my newsletters, I collect personal information (your name and email address.) I use that information for a couple of reasons:
- I ask for your name so that I can provide a more personalised service to you and to identify my readers and customers.
- I ask for your email address so that I can send you a special offer that you have requested, to tell you about things you’ve asked me to tell you about, to keep you up-to-date on special offers that I have and might be of interest to you and to contact you if I need to obtain or provide additional information. This would be to check that my records are up-to-date and to confirm that you are happy and satisfied with the service.
I don’t rent or trade email lists with other organisations and businesses.
I use a third-party provider, MailChimp, to deliver my newsletters. They gather statistics around email opening and clicks using industry standard technologies to help me monitor and improve my newsletters.
For more information, please see MailChimp’s privacy notice HERE
You can unsubscribe to my newsletters at any time, of the day or night, by clicking the unsubscribe link at the bottom of any of my emails or by emailing me directly at email@example.com.
Please note that if you are under 18, you MUST obtain parental consent in writing before subscribing to my list.
BOOKING A SERVICE WITH ME
WHAT DATA DO I COLLECT?
On a request to book my services, you will be asked to supply your contact details, including your names, postal addresses, email addresses, contact numbers, as well as the address of your wedding and reception (or shoot.)
I require this information to ensure I can:
- Discuss and plan details of your wedding/shoot with you prior, during and after the day, so that my service is efficient.
- Provide a personalised and professional service for you at all times.
- Contact you with important information regarding your wedding/shoot.
- Provide an online gallery of your images.
- Post out products that you have purchased.
HOW DO I COLLECT THIS INFORMATION?
I use a downloadable PDF to gather information directly to me, so that personal data does not go to any third party (other than that via my email account as detailed above.) Access to my email, computer and phone are password protected at all times.
Information is stored digitally on an external hard-drive that uses encrypted software and password protection. I also hold a hard copy in a locked filing cabinet, which enables me to find your wedding details in the event of electrical failure, which would otherwise prevent me from completing my service to you.
HOW LONG DO I STORE YOUR DETAILS?
I store your personal details on hard-drive for up to 5 years from completion of the service, to comply with HMRC tax and insurance record keeping purposes. The hard copy is kept only for the year in which your wedding/shoot/service is contracted. After this, your details are destroyed unless you opt in to my newsletter and confirm contact via ‘direct mail.’
In order to keep your information accurate and up-to-date, I may send you an email requesting that you check and update any information that I hold.
In addition, I may disclose your personal information:
- To the extent that I am required to do so by law.
- In connection with any legal proceedings or prospective legal proceedings.
- In order to establish, exercise or defend my legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk.)
- To any person who I reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in my reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
WHO DO I SHARE YOUR INFORMATION WITH?
I process all payments via BACS unless requested. Occasionally, a client requests payment through Paypal. In this instance, your names, email and details of the service booked will be required for the invoice. Paypal never shares these details
In the event of booking a second photographer, I will disclose a limited amount of personal data to them, in order that they are able to complete the service for you. This is limited to your names (so they can provide a personalised service,) your address (only if they are required to attend the premises) the telephone number of the person to be photographed (so they can contact you in an emergency on the wedding/shoot day) and the wedding/shoot venues. They are required to delete this information upon completion of the service and are bound by contractual duties set out in their contract with me. They are also bound by their own company’s privacy policies, which I require to be GDPR compliant. You can request this information at any time by emailing me at: firstname.lastname@example.org
In the event that you purchase additional products, such as a wedding album or printed material, I will share your details (name and address) to enable these companies to deliver the product to you. I always ask you to confirm this prior to disclosure. For albums, I use Folio. For all other products, I use Loxley Colour. Both these companies are UK based and are GDPR compliant.
As a photographer, I retain full copyright over your images. Full Terms and Conditions can be found on your contract. However, the images are of you and your loved ones and I therefore take the responsibility of ensuring image security extremely seriously. The following section outlines the measures I take to ensure image safety, how your images are used and who has access to them.
HOW DO I STORE YOUR IMAGES?
IMMEDIATELY AFTER YOUR WEDDING/ SHOOT
Your images are kept on SD cards for no more than 24 hours. They are then transferred to 2 separate external hard-drives, both of which use encrypted software and password protection. These drives are kept in 2 different locations in contained, locked devises to which only I have access.
I use Adobe for all editing purposes. I choose not to sync your files with Adobe’s Online Cloud Storage. Therefore, they create a ghost copy of your images for editing purposes and do not retain access to the original RAW files. On export, I remove all location data from the exported Jpeg file.
Once your images are finished the Jpegs are transferred to your USB. I delete one copy of your original RAW files from my system and retain the other for back-up purposes, along with a copy of your Jpegs. These are stored as outlined previously and kept for a maximum of 2 Years (or until my services with you have ceased should you take longer than 2 years to complete your wedding album)
HOW DO I USE YOUR IMAGES?
I do sometimes use your images for my own marketing purposes (on my website, blog, social media and advertising campaigns.) You can add a privacy disclosure in your contract and request that your images are not to be used in this way. You can also contact me at any time at email@example.com to request limitations on your image use. If I blog your wedding, I ask prior to publication for permission to use your names and any other personal details.
WHO DO I SHARE YOUR IMAGES WITH?
Occasionally your other suppliers will request the use of your images. I always ask for written consent from you before distributing your images to other suppliers.
If you require a wedding album, your finished Jpegs will be uploaded to a system called PASS. PASS provides an online storage cloud for your images for a 10-year period. They require registration and confirmation from you directly and images are always password protected.
My album company are Folio (see products information above)
Sometimes, you might want your images to be submitted to a wedding blog or magazine. I always ask for your permission before submitting your images or disclosing any personal data to them. You will then be required to give written consent by the publishing company.
In order to share you images with these companies, I use an online storage facility called Dropbox. Your completed questionnaires and images are shared through here. Dropbox is one of the most secure and advanced storage facilities I have found. It is designed with multiple layers of protection, including secure data transfer, encryption, network configuration, and application-level controls distributed across a scalable, secure infrastructure. The system is password protected and requires a 2-step verification process.
ACCESSING, AMENDING, OR DELETING YOUR PERSONAL INFORMATION
You are entitled to view, amend, or delete any personal information that Mckenzie Brown Photography holds about you. To request this, please send an email to firstname.lastname@example.org. Provision of such information will be subject to the payment of a fee (currently fixed at £5.00) and the supply of appropriate evidence of your identity.
I may withhold such personal information to the extent permitted by law. You may instruct me not to process your personal information for marketing purposes by sending an email to me. In practice, you will usually either expressly agree in advance to my use of your personal information for marketing purposes, or I will provide you with an opportunity to opt-out of these marketing communications
Mckenzie Brown Photography will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. I will store all the personal information you provide on secure (password and firewall protected) servers and secure external drives (encrypted and password protected.) All electronic transactions you make to, or receive from me, will be encrypted using SSL technology.
Pseudonymisation is a recent requirement of the GDPR, which many web application developers are currently working to fully implement. I am committed to keeping it as a high priority and will implement it on this website as soon as I am able to.
Of course, data transmission over the Internet is inherently insecure, and I cannot guarantee the security of data sent over the Internet.
I will report any unlawful data breach of this website’s database or the database(s) of any of my third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
THIRD PARTY WEBSITES
My website contains links to other websites. I am not responsible for the privacy policies or practices of third party websites.
INTERNATIONAL DATA TRANSFERS
In addition, personal information that you submit for publication on the website will be published on the Internet and may be available, via the Internet, around the world. I cannot prevent the use or misuse of such information by others. You expressly agree to such transfers of personal information.
MY PROMISE TO YOU
Mckenzie Brown Photography stands by the principles outlined in the GDPR, and as such, ensures that any information held by the organisation is collected, used, and stored securely, and for specific reasons. No information I hold about you is shared, sold, or rented and is accessible by you upon request. If you would like access to your information, please contact me via email at email@example.com.
POLICY DOCUMENTATION UPDATES
This document was updated on the 24th May 2018. This policy is reviewed annually, unless circumstances (or the law) change in the interim time period. Please note that you will not be explicitly informed of any changes, but they will be made freely available on my website, so please check the page periodically, so you can be confident and satisfied with my processes.
If there’s anything here that isn’t clear, then don’t hesitate to get in touch at firstname.lastname@example.org for more information.