Privacy Policy

Effective from 10 July 2018

In very basic terms, Clare Amanda Photography totally respects your personal information and will only ask you for what information we really need from you.  We will look after it in the same way we would want ours looking after, keeping it secure.

Introduction

Clare Amanda Photography takes your privacy very seriously.  This privacy policy has been prepared in line with the EU’s General Data Protection Regulation (GDPR), which promotes fairness and transparency for all individuals in respect of their personal data.  This privacy policy applies to all data we process and by using Clare Amanda Photography, you consent to our collection and use of such data. If you would like to get in touch about anything in this policy or about your personal data, then please contact our Data Protection Officer, Clare Shaw at clare@clareamanda.co.uk or 07753 409214.

Our website address is: https://www.clareamanda.co.uk.

What personal data we collect and why we collect it

As a data controller we collect a variety of data in order to deliver our services, and we will manage your personal data transparently, fairly and securely.

We may ask you to provide us the following data:

  • First Name(s)
  • Last Name
  • Address
  • PostCode
  • Telephone Number
  • Email Address
  • Date of Birth – only recorded for persons we photograph under the age of 13 and require the parent or a legal guardian to consent to photography)
  • Payment Details
  • Signature
  • IP Address
  • Images – obviously, being a photographic business, we also create and manage images as per our contractual agreement(s).

We use the above data to:

  • To deliver our service to you, including information relating to the session
  • To deliver our products to you
  • For marketing and promotional purposes, including remarketing
  • To personalise your experience
  • To provide gallery access
  • To inform you of news, events, offers, products and services
  • To process your payments
  • To allow you to leave comments on our website:
  • When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
  • An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

We collect this information on the following lawful basis:

  • Consent for use of images
  • To arrange or fulfil a contract
  • To arrange or fulfil an order
  • To allow you access to your online gallery
  • To allow you access to your account
  • To send you any newsletters you have signed up for
  • To process payments for products or services
  • To meet a legal obligation other than a contract
  • For advertising our business
  • To contact a child reaching the age of 13 years for their continued consent of image use

Cookies

When you visit our website, we also collect Cookies.  These are small pieces of data that websites send to a user’s computer and are stored on the user’s web browser.  They are designed to enable the website to remember information, such as what a user might have put in a shopping cart, for example.  We use cookies to:

  • Allow you to opt-in to saving your name, email address and website in cookies when leaving a comment. This is for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
  • If you have an account and you log into this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
  • Helps us anonymously analyse web traffic statistics in services such as Google Analytics.
  • For marketing and remarketing purposes.  You may choose to opt out of this by using Google’s Ads Settings.
  • Determine whether you have signed up to our mailing list held with MailChimp.
  • Allow you to save your WordPress login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
  • If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.  This may prevent you from taking full advantage of the website.

Read more on our Cookies Policy

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

We share personal data with the following third parties:

  • Google (for analytics) – Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield
  • Our cloud storage provider(s)  – Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield
  • Our cloud back-up provider(s) – Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield
  • Our Email provider(s) – Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield
  • MailChimp, our marketing and emailing automation platform – Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield.  You can view MailChimp’s privacy policy here.
  • Our website hosting company and website storage provider(s) – Data is transferred outside of the European Economic Area to United States
  • Our Accountant – Data is not transferred outside of the European Economic Area
  • Our Printing Labs – Data is not transferred outside of the European Economic Area
  • Pixieset, our client gallery hosting company – Data is transferred outside of the European Economic Area to Canada
  • Our image storage provider(s) – Data is transferred outside of the European Economic Area to United States under the protection of EU/US Privacy Shield
  • Our bank – Data is not transferred outside of the European Economic Area
  • PayPal – Data is not transferred outside of the European Economic Area
  • iZettle – Data is not transferred outside of the European Economic Area

There are also certain situations in which we may share access to your personal data without your explicit consent; for example, if required by law, to protect the life of an individual, or to comply with any valid legal process, government request, rule or regulation.

Why we share your Personal Data with the above

We share your data for the following purposes:

  • To deliver our service to you
  • To produce and deliver product orders to you
  • For marketing and remarketing purposes
  • To personalise your online experience
  • To send you newsletters if you have asked us to
  • To provide account access
  • To provide online gallery access
  • To ensure we securely maintain and back up our files, records and images of you
  • Visitor comments on our website may be checked through an automated spam detection service.

We may transfer personal data to a country outside of the European Economic Area (EEA) if necessary for example, some third parties we utilise have servers located outside of the EEA.  If this is the case, we will either obtain your consent or otherwise ensure that the transfer is legal and your data is secure by following the EU’s guidelines. You can see above where we send data outside of the EEA and on what basis we do so.

How we keep your personal data secure

We keep your data secure by:

  • Following internal policies of best practice and staff training, including lockable file storage, password protection on devices and systems
  • Encryption (including TTPS and Transport Layer Security) for our cloud file storage and backups
  • By using Secure Socket Layer (SSL) where data is transferred to us via our website

In the unlikely event of a criminal breach of our security, we will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, we will also inform you.

What rights you have over your data

You also have the following rights:

  • The right to be informed about the collection and use of your personal data
  • The right of access to your personal data and any supplementary information
  • The right to have any errors in your personal data rectified
  • The right to have your personal data erased
  • The right to block or suppress the processing of your personal data
  • The right to move, copy or transfer your personal data from one IT environment to another
  • The right to object to processing of your personal data in certain circumstances, and
  • Rights related to automated decision-making (i.e. where no humans are involved) and profiling (i.e. where certain personal data is processed to evaluate an individual.

This does not include any data we are obliged to keep for administrative, legal, or security purposes.

How long we retain your data

While we do not hold personal data any longer than we need to, the duration will depend on your relationship with us and whether it is ongoing.  We may keep some of your personal data for up to 7 years after our working contract with you or your subsequent purchases have finished for Tax legislation purposes.  After this time, we will archive your photographs indefinitely along with your relevant details and consent forms. This is due to requests for replacement images being made several years after being taken.

For mailing lists, we will keep your data on file until you unsubscribe.  We may periodically ask you whether you wish to remain subscribed.

If you leave a comment on our website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Our contact information

We give you the option manage your data via:

  • Email: clare@clareamanda.co.uk
  • Telephone: 07753 409214
  • Writing to us: using the address on your contract or agreement with us

Changes to our privacy policy and control

We may change this privacy policy from time to time.  When we do, we will let you know by changing the date on this policy, notifying customers of only significant changes.  By continuing to access or use our services after those changes become effective, you agree to be bound by the revised privacy policy.