What’s all this GDPR about anyway?
The General Data Protection Regulation comes info force on the 25th May 2018. If you’re a photographer or a small business owner you’ve probably spent the past few months hearing about nothing else. For everyone else – you’ve basically been bombarded with emails from people asking you to let them keep emailing you.
The GDPR is basically an update to the current Data Protection Laws. It’s all about giving you more rights over who has your data and what they can do with it. So it’s actually a good thing for us all.
How does this affect you and me?
Not massively to be honest. I’ve always been very careful with the data I collect. I keep it safe and I don’t sell it to PPI salespeople. I only collect the basic data I need and I only use it in a way you’d expect your wedding photographer to. But there are a few small changes and we’ll go through them here. At any point if there’s something you have a question about please do get in touch with me.
What data do I collect and why?
Your relationship with me starts the moment you get in touch to enquire about your wedding. From that point on I collect the following basic information:
– Your names
– Contact details: address, email addresses, telephone numbers
– Date and location of your wedding
I use this information to make sure I can get in contact with you to finalise the wedding details, respond to any questions you have, deliver your final online gallery, deliver physical products such as albums, contact you about your images and send you offers or information about albums.
I collect this information under the following legal basis (technical GDPR speak) – Legitimate Interest. This means I use the data I collect in way in which you probably expect me to and in a way that minimises any privacy issues.
What do I do with this information?
When you first get in touch to enquire about your wedding I collect your names, email address and telephone number. I use this information to respond to your enquiry. If you don’t go ahead and book that form and your data stays in my ‘Enquiries’ folder on my emails for 12 months. (My email provider is fully GDPR compliant and my email is password protected). After 12 months your email and your data will be deleted.
If you go on to book I’ll collect a little more info from you – your address and the date and venue of your wedding. All that information, along with your names, email address and telephone number is stored in two places – my email and my online diary. Again both GDPR compliant and password protected. I’ll keep that info for up to 18 months after your wedding in case you need to contact me or I need to contact you.
Who do I share this data with?
I’m really careful who I share your data with and only share where there is a Legitimate Interest in doing so. Here are the third parties I use.
– My second photographers. If you’ve booked a second photographer for your wedding, just before the wedding I’ll provide them with your names, an emergency contact number for you and details of where you’ll be getting ready. Otherwise they’d have trouble finding you!
– The online gallery provider
– Album and print suppliers
– My online calendar and email provider
– My online slideshow software
All my third party suppliers are fully GDPR compliant. They will never contact you directly unless you have requested that they do so.
Photographs are data?
Yeah I know. Madness. But yes photographs are data because according to the ICO “personal data is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunction with other data, to identify an individual.”
I will only use your images in ways which you probably already expect!
– I will deliver them to you on an online gallery and if purchased prints or albums.
– I will store your images safely for a minimum of 12 months. There is no limit on how long I may keep your photographs.
– I will use your images on my website, blog and marketing materials. I will create an online slideshow and a personalise blog post for you.
– I often submit weddings to outside wedding blogs. I will contact you for your permission to do so and to share your images.
At any point before or after the wedding you have the right to come to me and ask me NOT to do any of the above and I’ll have a little cry about not being able to share your beautiful wedding and then I’ll man up and say “absolutely”!
The New Rights of the Individual.
GDPR has brought in some new rights that you should be aware of.
- The right to be forgotten: A person may request that a business or organisation deletes all data about them without undue delay (now this has never happened but if you have a falling out and one of you wants your wedding pictures deleted I will need to get the content of both of you. Tricky situation!)
- The right to object: A person may prohibit certain data usage. You can come to me at any point before or after the wedding and ask me not to use your data in a certain way.
- The right to rectification: A person may request that incomplete data be completed, or incorrect data be corrected.
- The right of access: A person has the right to know what data about them is being processed and how.
- The right of portability: A person may request that personal data held by one business or organisation is transported to another. Note – this doesn’t apply to images.
These dodgy hackers really are persistent buggers so I do my best to make sure that my website is kept as secure as possible – including super duper cryptic passwords and expensive security software. All the online places I store your data are all password protected and GDPR compliant.
Linking to and from other websites
As a one man band I am both the data processor and data controller for Zen Photo. If you need to contact me you can do so here. I aim to make sure I’m always keeping up to date with changes and remain GDPR compliant. If you have any questions at all just get in touch.
Where you submit personal information for publication on our website (e.g. blog comments), we will publish and otherwise use that information in accordance with the license you grant to us.
I will NEVER without your express consent provide your personal information to any third parties for the purpose of direct marketing.
You may instruct us to provide you with any personal information we hold about you. Provision of such information will be subject to:
(a) the payment of a fee (currently fixed at £10.00); &
(b) the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
We may withhold such personal information to the extent permitted by law.
You may instruct us not to process your personal information for marketing purposes by email at any time. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal information for marketing purposes.
This template legal document was produced and published by SEQ Legal LLP & Zenna Barry C/O – Zen Photo, 36 Houghton Lane, Swinton, Manchester, M27 0FB firstname.lastname@example.org/ email@example.com – 07775875552. Have great day!