Julia Neal.Photography

PRIVACY

GDPR Compliance and Privacy Policy

Summary

In basic terms, we respect your personal information and treat your data the way we would like our own to be treated. We ask you for information we really need from you. We will look after it in the same way we would want our own looking after, keeping it secure. We will only share it with others where we need their help to deliver a service to you (such as our professional printing labs, framers and book printers who may need your name to identify a job, your address to post you your purchases, or colleagues such as our stylist, assistant or second shooter so they arrive at the right place to do the job). We will never sell your data on to third parties.

In case you’re wondering why this policy says ‘we’ and not just ‘I’ it is so that anyone who may work with or for Julia Neal, is also bound by these rules.

For details read on…

Introduction

Velvet Beacon Ltd, t/a Julia Neal.Photography (referred to as JULIA NEAL.PHOTOGRAPHY hereafter) takes your privacy very seriously. This privacy policy has been prepared in line with the EU’s General Data Protection Regulation (GDPR), which promotes fairness and transparency for all individuals in respect of their personal data. This privacy policy applies to all data we process, and by using JULIA NEAL.PHOTOGRAPHY you consent to our collection and use of such data.

If you would like to get in touch about anything in this policy or about your personal data then please contact JULIA NEAL at info@julianeal.photography.

 

1. The Data we collect

We collect a variety of data in order to deliver our services, and we will manage your personal data transparently, fairly and securely.

We may ask you to provide us the following data –

  • Your First and Last Name (so we don’t have to call you Sir / Madam).
  • Your address and postcode (so we know where to send your prints, books frames and maybe even an occasional special offer or voucher).
  • Your telephone number/s (so we can call to discuss things related to your project or order).
  • Your email / IP Address etc. (to enable us to communicate with you electronically).
  • We will also record a date of birth for all persons we photograph under the age of 13 and require the parent or a legal guardian to consent to photography.
  • Depending on the job we’ll be doing for you we may send a questionnaire before or after the event. Providing answers to these questions is entirely voluntary and any information you do provide doesn’t go beyond -
    • Our password protected computer or phone.
    • Any significant person I’m working with on your project (e.g. an assistant or second shooter) if they need to know.
    • …Plus our local hard disk and cloud data backups of course – because we take data backup seriously as well.

We use the above data to deliver our services, to personalise your experience, to provide account access and for marketing purposes.

We collect this data on the following lawful basis: Consent; to arrange or fulfill a Contract; to meet a legal obligation other than a Contract.

1.1 What about photos?

The EU has not been very specific about faces and what GDPR means for working photographers, but obviously, being a photographic business, we also create and manage images as per our contractual agreement(s) and may also shoot in public for purposes such as landscape, street and travel photography.

Of course we store and back up photographs onto hard disks. We also copy them to hard disk backups as well as to the cloud, so that if the worst were to happen to either of our businesses or homes, we’d both still have access to copies of your photos. However we would not sell your commissioned portraits, wedding photos or business shots to some other organisation for billboards – and if anybody were to show interest in such a project we would contact you about it.

1.2. ...and Cookies?

When you visit our website, the site generates Cookies. These are small pieces of data that websites send to a user's computer and are stored on the user's web browser. They are designed to enable the website to remember information, such as what a user might have put in a shopping cart. It helps us to personalise your experience, deliver our service to you, and can help provide a smoother browsing experience. We do not use cookies to have 3rd parties advertise to you.

2. Which third parties do we share Personal Data with?

We will never sell your data. We may share personal data with the following third parties purely as a means of keeping our business process and communiactions runing smoothly:

  • Google or other analytics providers.
  • Gmail or other email provider.
  • Apple or Microsoft (who may provide and manage our address books / contacts through their cloud based phone and computer applications).
  • Mailchimp or other newsletter provider service.
  • Our accountants.
  • Paypal, Stripe or other customer payment provider.
  • Our website provider and hosting company.
  • Printing labs, book and album makers, framers.
  • Images may be stored with data storage and cloud back up providers such as Apple, Adobe, Dropbox and other data storage providers - who are all themselves GDPR compliant.
  • Competitions: we occasionally submit favourite images to competitions, but these would never include your personal details (such as full name, address and age) without your permission.
  • Internet and Social media sites. There are certain things we do in order to run a business, such as sending out PDFs or showing work on our website and social media sites such as Facebook, Pinterest and Instagram; you’ve probably looked at our photos this way yourself. We watermark images on social media to try and protect them from unauthorised use and would never tag you or use your full name without your permission. However if you share the images yourself you would of course be identifiable.
  • Finally, our blog. In reality we don’t actually have a blog yet, but there’s one in the pipeline to showcase new and exciting projects, and when it goes live, please be aware that any comments you may make on it will of course be public, so don’t share any personal information you don’t want the world to see.

NB Data may be transferred outside of the European Economic Area to the United States under the 
protection of EU/US Privacy Shield. 


There are also certain situations in which we may share access to your personal data without your explicit consent; for example, if required by law, to protect the life of an individual, or to comply with any valid legal process, government request, rule or regulation.

3. Why do we share your Personal Data with the above?

We share your data in order to deliver our services to you; to personalise your experience; to provide account access; to ensure your data is backed up, and for marketing purposes.

We may transfer personal data to a country outside of the European Economic Area (EEA) if necessary – e.g. if a third party we utilise has servers located outside of the EEA. If this is the case, we will either obtain your consent or otherwise ensure that the transfer is legal and your data is secure by following the EU's guidelines. You can see above where we send data outside of the EEA and on what basis we do so and all the third parties we use are GDPR compliant.

4. How do we keep your personal data secure?

We keep your data secure by following best practice policies such as:

  1. Using Secure Socket Layer (SSL) technology when information is submitted to us online (the latter is when you have an https website, identifiable by the secure padlock logo in your browsers URL field).
  2. Using sensible data protection practices such as secure passwords containing random characters (and no silly identifiable information such as names or dates of birth and definitely no insecure passwords such as ‘password’ or ‘1234’).
  3. Using a password manager (that is itself password protected) to generate the randomized passwords described above and log in securely to all third party providers we use. This means it takes TWO passwords to get into the sites of any providers we use.
  4. Utilising two-step verification wherever possible. (This means that in the unlikely event of a laptop or phone being lost or stolen, any unauthorised attempt at accessing our provider’s sites would be immediately communicated to us).
  5. Ensuring laptops and phones have secure passwords / codes and thumbprint or face reciognition access where possible.
  6. Utilising Apple’s ability to remotely wipe date from lost or stolen laptops or phones.
  7. Maintaining up-to-date anti-virus / anti-malware software on our computers. (That said, we do not make any guarantees that any data we share with you is 100% virus or malware free and it is up to you to ensure your own computers and phones are protected against malware and viruses).

Finally, in the unlikely event of a criminal breach of our security we will inform the relevant regulatory body within 72 hours of this coming to our attention, and, if your personal data is involved in such a breach, we will also inform you.

5. Changes to our privacy policy and control

We may change this privacy policy from time to time. When we do, we will let you know by changing the date on this policy, notifying customers of only significant changes. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised privacy policy.

6. You have the following rights -

  • The right to be informed about the collection and use of your personal data.
  • The right of access to your personal data and any supplementary information. 

  • The right to have any errors in your personal data rectified 

  • The right to have your personal data erased. 

  • The right to block or suppress the processing of your personal data.
  • The right to move, copy or transfer your personal data from one IT environment to another. 

  • The right to object to processing of your personal data in certain circumstances, and 

  • Rights related to automated decision-making (i.e. where no humans are involved) and 
profiling (i.e. where certain personal data is processed to evaluate an individual). 
We also give you the option to manage your data via: emailing us at info@julianeal.photography
  • 
We may keep some of your personal data after our working contract with you has finished for tax legislation purposes. After this time we may also archive your photographs indefinitely along with your relevant details and consent forms; this is due to -
    • Requests for replacement images being made several years after being taken; we would like to be able to service such requests. 
    • The photographer always retains the copyright on their images (although the images are of course licensed to you to use as agreed).

UPDATED 31.05.19