Thank you for choosing to work with Clare Murthy Photography or for visiting my website.
As the data controller, Clare Murthy, I understand that your privacy is important to you and that you care about how your personal data is used.
I respect and value the privacy of all of my clients and prospective clients and will only collect and use personal data in ways that are described in this policy, and in a way that is consistent with my obligations and your rights under the law.
1. The Data I Collect and Store
Depending upon how you use my website, or work with me I may collect some or all of the following personal data:
- Your name, and the names of any adults or children participating in a the photo shoot
- The ages of any children participating in the photo shoot
- The date of birth of any newborn babies participating in the photo shoot
- Contact information including your address, e-mail address and telephone number
- Details about your business (for commercial photo shoots) including your business name and job title or profession
- Information you have given me about your preferences and how you would like to be photographed
- Your name and e-mail address if you sign up to receive my e-mail newsletter
- Photographs from your photo shoot with me
I do not collect or store any of your payment details, or any sensitive data.
2. How and why I use this data:
I may use this data for the following reasons:
- To fulfil the contract between us.
- To personalise and tailor my services to you.
- To communicate with you. This may mean responding to emails or calls from you.
- To send you my monthly newsletter, if you have purchased products or services from me or have opted in to receive the monthly newsletter by submitting your name and email address on my website.
- To fulfil a legal obligation, which may include accounting or record keeping
- To demonstrate the consistency and quality of my photography by using photographs from your shoot in my online and printed portfolios, on my blog and on social media portfolios
I will only use your personal data when I have a legal reason to do so. This will usually be one of the following reasons:
- To fulfil our contract
- To meet my own legitimate interests
I don’t generally rely on consent as a reason for processing your data, other than in relation to marketing purposes. You can opt out of receiving marketing communications at any time by emailing email@example.com
- Make this website work as you’d expect
- Remember your settings during and between visits
- Improve the speed/security of the site
- Allow you to share pages with social networks like Facebook
- Continuously improve this website for you
- Make my marketing more efficient
- Collect any personally identifiable information (without your express permission)
- Collect any sensitive information (without your express permission)
- Pass personally identifiable data to third parties
- Pay sales commissions
4. How Long I Keep Personal Data For
I will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
5. Storage of Personal Data
Clare Murthy Photography is based in the UK and I store data in the United Kingdom, the United States, Canada and Australia.
I store data in the following ways:
- I store digital photographs on hard drives stored in my home office and accessed only by me
- I store digital photographs with an online gallery provider based in Canada. This provider will ensure that data transfer is completed in accordance to the Standard Contractual Clauses (EU Model Clauses) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
- Digital photographs are also stored on my website, which is hosted in the EU. My website host is GDPR compliant.
- I store printed photographs in sample albums, and sample printed products which are stored in my home office.
- I use studio management software for storing your contact information, sending and storing e-mails contracts, invoices and questionnaires, for storing my notes about your preferences and how you would like to be photographed and for managing your shoot. This studio management software is hosted in the United States and Australia and uses a Secure Socket Layer (SSL)Certificate which is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
- I use email marketing software with servers that are located in the United States. The software provider is certified as compliant with the EU-US Privacy Shield framework.
- I use Gmail to send, receive and store e-mails. Google is located in the United States and is certified as compliant with the EU-US Privacy Shield framework.
- I occasionally work with a Retoucher who is based in the United States and uses a SSL Certificate which is the standard security technology for establishing an encrypted link between a web server and a browser.
6. Sharing of Your Personal Data
I take your privacy very seriously and will not share any of your personal data with any third parties for any purposes except those set out in Part 5, unless I am required to do so to fulfil our contract, comply with legal obligations, a court order or on the instructions of a government authority.
If any of your personal data is transferred outside of the EEA, I will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR, as explained above in Part 5.
The most likely reason I would share your images to fulfil our contract is when you order printed products from me. The suppliers I work with for these purposes are all based in the UK.
7. How You Can Access Your Personal Data
If you want to know what personal data I have about you, you can ask me for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover my administrative costs in responding.
I will respond to your subject access request within one month of receiving it. Normally, I aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date I receive your request. You will be kept fully informed of my progress.
8. How You Can Contact Me
To contact me about anything to do with your personal data and data protection, including to make a subject access request, please send an email to firstname.lastname@example.org
I may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if I change my business in a way that affects personal data protection. You will always be able to find the current version of this policy on this page. This policy is effective from 25th May 2018.