GDPR AND PRIVACY POLICY FOR TALL AND SHORT PHOTOGRAPHY

TALL AND SHORT PHOTOGRAPHY are committed to safeguarding and preserving the privacy of our visitors. This privacy policy explains what happens to any personal data that you provide to us in the operation of our business, or that we collect from you whilst you visit our site. TALL AND SHORT PHOTOGRAPHY is owned and operated by myself, Patrick Olner out of my studio in Pontyclun. I provide photographic services throughout Wales and England to meet a range of clients, primarily in the areas of News, Public Relations, Portraiture and events. I can be contacted on 07958 546063, patrick@tallandshort.co.uk or 01443 238565

This privacy Policy is for the website www.tallandshort.co.uk and governs the privacy of its visitors as well as the business of Tall and Short Photography. It explains how I comply with the EU's GDPR legislation and the DPA.

COLLECTING YOUR DATA

TALL AND SHORT PHOTOGRAPHY will only collect Data that is given to us by you or agents acting on your behalf. TALL AND SHORT Photography may collect your Data in a number of ways, for example: When you contact us through the Website, by telephone, post, e-mail or through any other means and when you use our services, in each case, in accordance with this privacy policy.

Data collected through this website is via the contact page. The form collects name, email address and message. Enquires sent using the form are sent to patrick@tallandshort.co.uk which is an email address hosted by GoDaddy. The account is secured using two factor authentication and by using the contact form you agree that TALL AND SHORT PHOTOGRAPHY can contact you in relation to your enquiry.

This website is hosted by Squarespace and their privacy policy can be found here.

OUR USE OF YOUR DATA

Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons: internal record keeping, improvement of our products and services, transmission by email of marketing materials that may be of interest to you and contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the website, in each case, in accordance with this privacy policy.

We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed “Your rights” below).

BUSINESS DATA

I hold the minimum of business data necessary to operate the business and care is taken to ensure that this data is treated securely. All data is stored electronically and dependant upon the type of booking may include:

Emails and contact information - Emails and contacts are stored electronically across password protected devices and hosted by GoDaddy.

Accounting information- invoices, estimates, and statements are secured electronically and password protected

Media - All content shot in undertaking a commission is stored and catalogued by filename based on date and content, on a password protected desktop computer, laptop and external drive. Clients may at their request, receive a link to file sharing services such as Dropbox, WeTransfer, Mega or BOX where content is required to be shared by the client.

Metadata - Where required images are stored with embedded information in the form of a generic caption describing the occasion. Names of the subject are included in the metadata where relevant and in gathering such information, consent is agreed. The metadata remains within the file and travels with the image if it is passed to further locations.

Consent Forms - Consent forms are provided by the commissioning agent and describe the intent for the images's use. Such forms would require name, address, age and contact details. Forms are either passed to the commissioning agent on site or digitally scanned, shared with the agents' digital controller and then shredded.

EVENTS AND LEGITIMATE INTEREST

Guests at events may appear in images taken by TALL AND SHORT PHOTOGRAPHY as part of the recording of the event. In such instances attendees are photographed within GDPR 'legitimate interests' guidelines. The taking of photographs when viewed as a form of processing personal data is necessary for the legitimate interest of the photography business, unless there is a good reason to protect an individual's personal data which supersedes the legitimate interest claim. Clients are requested where possible to minimise any potential risk by making clear that photography will be taking place, either verbally of visually, thereby allowing attendees the opportunity of making it known that they do not wish to be photographed.

THIRD PARTIES

In the day to day operation of the business TALL AND SHORT PHOTOGRAPHY may use third party services, such as those listed below, with their respective GDPR policies:

Dropbox - https://www.dropbox.com/en_GB/security/GDPR

Squarespace - https://www.squarespace.com/privacy/

WeTransfer - https://wetransfer.zendesk.com/hc/en-us/categories/201270873-Security-Privacy

BOX - https://www.box.com/en-gb/gdpr

MEGA - https://mega.nz/gdpr

YOUR RIGHTS

The GDPR provides the following rights for individuals.

The right to be informed

The right of access

The right to rectification

The right to erasure

The right to restrict processing

The right to data portability

The right to object

Rights in relation to automated decision making and profiling.

If you wish to exercise your rights you can email me at patrick@tallandshort.co.uk

INFORMATION COMMISSIONER'S OFFICE (ICO)

You have the right to lo age a complaint about our handling of your personal data with the supervisory authority, which in the UK is the Information Commissioner's Office. You can contact the ICO on 0303 1231113