Privacy policy.
Definitions
"Business", "we", or "us" means Nic Ford Studios Ltd.
"Client" means the person or firm who has engaged in photography services with the Company.
This privacy policy explains the types of personal data we may collect about you whilst you interact with us. We collect and process data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Data Protection Act 2018. We do not disclose data to any third parties unless it is necessary for the fulfilment of service, you have specifically given consent for a particular service, or we have a legitimate interest in disclosing data.
When you first get in touch with us, it’s usually via social media, the contact form on the website, by email or mobile phone. We collect your names, company, email address, phone number and if it’s an event such as a wedding then we'll also collect the wedding and venue data.
During subsequent meetings we will collect further information relevant for effective planning and delivery of photography services. For weddings this will include names of other guests and family members.
All this information is required for us to contact you, and our own planning to deliver the service.
Collection of data is based on consent from clients which may be withdrawn at any time by following the process outlined below.
During our discussions we may use instagram Messenger, or email (my provider is Microsoft 365) or occasionally by sms text message through the Vodafone network. All these suppliers are also GDPR compliant and therefore protect your data to the same level as we do.
During your engagement with us, we may be required to share a minimal amount of personal data with key individuals required to run our business. This may be other photographers or film-makers that shoot for the business. Only information essential to the effective delivery of services is shared to allow our service to be delivered correctly. Key individuals are bound by confidentiality, they do not forward on personal data or hold information for periods longer than required (or when requested as per the process below).
If after some discussion you either do not proceed to booking my services, or we do not receive contact after a few retries, then we will delete your details from all systems so that your data is no longer stored. On some occasions there may be ongoing discussions around your booking, and in this case we may keep your details beyond this point until such point we have confidence they are no longer important for the business or your booking.
You may request for your personal data to be removed from our records, this will be completed within 24 hours of such request. Please be aware that doing this may impact our ability to properly manage any ongoing discussions or engagements.
The business website/Social media has a blog which is open to the public to comment on, if you make a comment, you can choose what personal data is shown. You can also choose to delete the comment.
Payments to us are generally made through Bank Transfer which will show in our business account in the usual way and none of this data is otherwise recorded or re-purposed.
If payments are received by PayPal or Stripe then we do not see your payment details, only the amount, your name and your reference. Both these organisations are GDPR compliant.
When you visit our website it may also collect Cookies. These are small pieces of data that websites send to a user’s computer and are stored on the user’s web browser. They are designed to enable the website to remember information, such as what a user might have put in a shopping cart for example. This helps us monitor website traffic.
Use of your data
As photography is our work you can expect us to ‘collect’ photographs on your photoshoot/wedding day. These photographs are stored on memory cards during the day and backed up on to an external hard drive.
We typically store your photographs for 1-2 years before removing them. Your finished wedding photographs are stored on an online dropbox system where you can access them via a link. You can choose who has access to your gallery by sharing the URL. We will not issue the URL to anyone other than those who have signed the initial contract of services with the business.
Occasionally suppliers from your photoshoot or wedding, for example your florist, venue or hair stylist asks for photographs, for their own use. Such requests are to be responded to by the client who has signed the contract. They firstly have to receive permission from yourself and thereafter you have to refer to their own privacy policy as to how they handle the photographs once in their hands. In some circumstances, suppliers may request photos directly from us, photographs will not be shared without explicit written consent from the client.
In order to run our business we share online, predominantly on Instagram and on the business website. We sometimes use photographs on my business cards. We often share weddings we shot many years ago, if you have had a wedding shot by us in the past and no longer want us to share them for any reason, you can simply get in touch to withdraw your permission. When signing the usual contract you will be agreeing to opt-in to all of this. However, if you want to withdraw your consent to this you can simply do so via email, this email will be stored and adhered to.
Changes to our privacy policy and control
We may change this privacy policy from time to time. When we do, we will let you know by changing the date on this policy, notifying customers of only significant changes. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised privacy policy.
You have the following rights:
the right to be informed about the collection and use of your personal data
the right of access to your personal data and any supplementary information
the right to have any errors in your personal data rectified
the right to have your personal data erased
the right to block or suppressing the processing of your personal data
the right to move, copy or transfer your personal data from one IT environment to another
the right to object to processing of your personal data in certain circumstances, and
rights related to automated decision-making (i.e. where no humans are involved) and profiling (i.e. where certain personal data is processed to