PRIVACY POLICY

1. INTRODUCTION

I (T/A Sue Ann Simon Photography) is committed to safeguarding the privacy of our website visitors and service users. (definitions are listed at the end of this policy)

This policy applies where we (us and our) are acting as a data controller with respect to the personal data of our website visitors and service users who are the data subjects (you); in other words, where we determine the purposes and means of the processing your personal data.

DATA CONTROLLER | Sue Ann Simon | Sue Ann Simon Photography | Walsall West | Midlands

Email: sue@sueannsimon.co.uk   Website: www.sueannsimon.co.uk (Full contact details will be supplied to all booked clients)

Any website visitors and clients may, at any time, contact me with questions concerning your data.

2. COOKIES

We use cookies on our website.  Cookies are text files that are stored in a computer system via an Internet browser.  You can change or manage your cookies settings in your browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

Through the use of cookies, Sue Ann Simon Photography can provide the users of this website with more user-friendly experience that would not be possible without the cookie setting.  Your can disable or manage your cookie setting at anytime via your Internet browers

GOOGLE ANALYTICS

The purpose of the Google Analytics component is to analyse the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

FACEBOOK PIXEL

If you visit our site via Facebook or comment on our blog via Facebook, your interactions are stored via a Facebook pixel. This information is anonymised and therefore we cannot match your IP address with your Facebook ID, we may use data collected from the Facebook Pixel to market to you on Facebook.

3. WHY WE COLLECT YOUR INFORMATION

For clients, we collect information required to fulfill our contractual obligations in the course of providing wedding and event photography products and services.

4. WHAT WE COLLECT & HOW WE USE IT

CONTACT FORM | WEDDING SHOW ATTENDEES - Your voluntary submission of our contract form (or in-person enquiry forms) means we have collected your name, your partner's name, your wedding venue and date.  This basic information is needed to respond to your inquiry and it's not used for any other purpose or transferred to any third parties.  Without this information, we would not know how to address you or disclose our availability.  In some cases, we may use this information to personally promote our services to you via email or social media.

CLIENTS - In addition to the information above, we collect your phone numbers, addresses, full names and in some cases, family member and wedding guests' details, (or any other details you disclose in the course of our relationship) which are necessary to carry out our contractual obligations of wedding photography services and complete album and other product orders and delivery.  We also keep your data to comply with legal obligations and to address complaints and requests.

CLIENT IMAGES - In the course of photographing your wedding, I will inevitably capture your face and likeness.  While your images may be featured on my website, blog, wedding blog, features social media and at wedding shows and in sample albums or company magazines,  your images or data will not be sold or transferred to third party not associated with your wedding or event.  While clients cannot consent to guests being photographed, guests have a reasonable expection that they will be photographed as a record of the wedding.  Guests will be excluded from coverage in cases were they choose not to be photographed.  Clients should direct their guests to this policy page/document.  Client images will be stored online via Shootproof

In some cases, your data will be transferred and stored to our service providers outside of the EEA who are also committed to protecting your data.  For more information on the privacy policies of the service providers click FACEBOOK | INSTAGRAM | PINTEREST | TWITTER | GOOGLE

5. WHEN WE SHARE YOUR INFORMATION

In the course of providing wedding photography products and services, we may use or share your information in ways you would expect,  with parties or service providers involved in the process.  There is a legitimate interest in sharing some of your data as they are necessary for the completion of your product or service.  Main examples include additional photographers included in your collection,  your other wedding suppliers, suppliers of printed products.  Also included are Shootproof, the gallery service used to digitally deliver wedding images.  Royal Mail for delivery of albums and other products.  Google, for emails, client forms and questionnaires. MailChimp, to collect couples' wedding day information at wedding shows and exhibitions. Hello Sign, online contract-signing service.  We may also need to disclose your data to comply with tax regulations, a court order or a police investigation.

PAYMENT INFORMATION - In practice, we do not collect or store credit card, debit card or bank account information of clients.  We may use BACS, Paypal, Stripe or other payment gateways and processors to complete orders for products and services. 

6. HOW LONG WE STORE YOUR INFORMATION

For Clients. your information is stored as long as is necessary to carry out the items listed in this policy. We aim to store your information for a period of 14 years.  After expiration, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract or for legal reasons.  For non-cients, data is deleted or anonymised 6 months after the listed wedding or event date.

7. COMMENTS FUNCTION IN THE BLOG ON THE WEBSITE

We offer users the possibility to leave individual comments on individual blog contributions on a blog, which is on the website of the controller. Comments can be submitted via Disqus or Facebook.  At times, there may be external links to third party businesses and websites on blog posts, I cannot guarantee that visiting these sites won't put your data at risk.

8. RIGHTS OF THE DATA SUBJECT (YOU)

·         a) Right to be informed | You have a right to know about the collection and use of your personal data.  You can email info@sueannsimon.co.uk at anytime for more. information

·         b) Right of access | You have a right to obtain a copy of the personal data we store and process at any time.

·         c) Right to rectification | You have a right to reqest that inaccurate or incomplete personal data be rectified and completed.

·         d) Right to erasure (Right to be forgotten) | You have a right to request your data be deleted without delay where one of the following grounds apply and as long as the processing is not necessary:

o    The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

o    The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.

o    The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.

o    The personal data have been unlawfully processed.

o    The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

o    The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the Sue Ann Simon Photography, he or she may, at any time, contact any employee of the controller. An employee of Sue Ann Simon Photography shall promptly ensure that the erasure request is complied with immediately.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required.  Employees of Sue Ann Simon Photography will arrange the necessary measures in individual cases.

·         e) Right of restriction of processing | You have the right to obtain a restriction of processing where one of the following applies:

o    The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

o    The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.

o    The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.

o    The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the Sue Ann Simon Photography, he or she may at any time contact any employee of the controller. The employee of the Sue Ann Simon Photography will arrange the restriction of the processing.

·         f) Right to data portability | You have the right to receive your personal data, which was provided to Sue Ann Simon Photography, in a structured, commonly used and machine-readable format and the right to transfer the data to another controller without hindrance.

·         g) Right to object | You have a right to object to the processing of your data for direct marketing purposes.

·         h) Automated individual decision-making, including profiling | You have a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning, or similarly significantly affects you, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject (you) and a data controller (me), or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, Sue Ann Simon Photography shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

·         i) Right to withdraw data protection consent | You have the right to withdraw your consent to processing of your personal data at any time.

This Privacy Policy has been created in part by the Privacy Policy Generator of the DGD - Your External DPO that was developed in cooperation with German Lawyers from WILDE BEUGER SOLMECKE, Cologne. (23/05/2018)

FOR MORE INFORMATION OR REQUESTS CONTACT US AT info@sueannsimon.co.uk | CONTACT THE INFORMATION COMMISSIONER'S OFFICE TO LEARN MORE ABOUT General Data Protection Regulation (GDPR)


9. DEFINITIONS

The data protection declaration of Sue Ann Simon Photography is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

·         a)    Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

·         b) Data subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

·         c)    Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

·         d)    Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

·         e)    Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

·         f)     Pseudoanymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

·         g)    Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

·         h)    Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

·         i)      Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

·         j)      Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

·         k)    Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.