This policy will explain areas of this website that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR and DPA are adhered to.
THE DPA & GDPR MAY 2018
This website complies with the DPA (Data Protection Act 1998) and the GDPR (General Data Protection Regulation), effective from May 2018.
This website, www.lawsonphotography.co.uk, collects private user data using the following form: Contact Form – www.lawsonphotography.co.uk/contact-us/, which generates emails sent to: email@example.com
The data from these forms is emailed to the address listed above and also stored on the website server, in most cases dating back to when each form was created. The website server is accessible only by Peter & Laura Lawson.
By completing this contact form you agree to Lawson Photography contacting you about Lawson Photography’s wedding photography services. You will not be added to any mailing lists and will only be contacted by Peter or Laura Lawson personally in relation to your enquiry. Your personal details will not be added to any client or studio management software, will not be used for any marketing purposes nor will they be passed onto any third parties. They will only be stored in the email generated by this contact form which will be filed in the email account for Lawson Photography which is hosted by 1&1 and which can only be accessed by Peter & Laura Lawson. If you wish to request for any email(s) containing your personal information to be deleted, please email firstname.lastname@example.org
Lawson Photography does not engage in email marketing specific to our services. Your personal details will not be used for any such marketing purposes nor will they be passed onto any third parties.
To visit a Lawson Photography client gallery you may optionally enter personal data (namely your email address) and a password to create an account. Your personal data (email address) will be stored within Zenfolio’s system, on their servers and will be used to email you only with information relevant to the client gallery you have accessed – eg, order delivery updates.
Only Peter & Laura Lawson will have access to your personal data (email address) stored on Zenfolio’s system on behalf of Lawson Photography. It will only be used as detailed above, will not be used for any other marketing purposes and will not be passed onto any third parties. Zenfolio’s technical support team will have the means to access to your personal data (email address) but will never access or share this data other than by request from Peter or Laura Lawson.
By logging into a Lawson Photography client gallery you are agreeing to opt in to receive relevant, gallery-specific emails as described above. Emails are automated so if you do not wish to receive such emails it is advised that you do not log into any Lawson Photography client galleries.
If you wish to request for your personal data (email address) to be deleted from Zenfolio’s servers, please email email@example.com
EXTERNAL WEBSITE LINKS & THIRD PARTIES
Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note that they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
CLIENT DATA HELD ON FILE
We take care over the processes around looking after personal data stored on our physical systems. Lawson Photography holds the following personal data of clients:
within soft copy and sometimes hard copy contracts as well as soft copy wedding client ‘day plan’ documents. Soft copy contracts and day plans are safely stored within my password protected home office PC and backed up to Dropbox. Hard copy contracts are filed in my secure home office.
Lawson Photography’s invoices are created and stored on Xero.com, which include your email address, names, and address for the purpose of creating these invoices. Your personal data will be stored within Xero’s system, on their servers and will be only be used to email you only with your invoice and details on how to pay your invoice. This information is only accessible by Peter & Laura Lawson.
Client photos are safely stored within our password computers and home servers. They may be additionally backed up to up to 4 external hard drives for the purpose of avoiding data loss.
CLIENTS AND WEDDING GUESTS CAPTURED IN PHOTOS
In terms of explicit GDPR compliance, Wedding clients and guests are photographed within the parameters of GDPR legislation on the basis of ‘legitimate interests’. The taking of photographs of wedding guests when viewed as a form of processing personal data is necessary for the legitimate interests of Lawson Photography as a photography business unless there is a good reason to protect a given individual’s personal data which overrides those legitimate interests.
WITHDRAWAL OF CONSENT
Anyone photographed by Lawson Photography, whether a client or wedding guest, and whether past or current may withdraw consent for a photograph in which they appear to be displayed. The process for this is to email Lawson Photography at firstname.lastname@example.org specifying the photo in question. Persuant to the request, Lawson Photography will then remove the photo from online and printed display wheresoever it appears.
SOCIAL MEDIA POLICY & USAGE
We adopt a safe and responsible Social Media Policy. While we may have official profiles on social media platforms users are advised to verify the authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
DISPLAY OF IMAGES
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.