GDPR Statement and Certificate

General Data Protection Regulation (GDPR) rules exist to protect us all from unwarranted, unlawful, inappropriate or exploitative use of our personal data and I want to assure everyone I deal with that any data I hold is used only insofar as is required for me to deliver my services to my clients and in certain circumstances (and within certain limitations as set out below) to promote my work to potential new clients.

I’m keeping my GDPR policy as transparent and simple as possible. It’s been written by me, not a lawyer with a passion for oblique and meaningless jargon, so here goes…

What data I hold:

I retain emails received from clients in relation to enquiries and on-going projects.

I retain contact details of those I have worked with either as clients, contacts or suppliers.

The photos I take and the data I collect, whether in relation to client work or as part of any personal photographic project, are retained within my archive.

What I do with this data:

I don’t have mailing lists of corporate clients (I run a mailing list for those interested in my personal projects); all my corporate work comes through referral or search engine results. I never send out unsolicited, automated, marketing emails (ie mailshots). I will never pass your contact details on to third-parties beyond that which is necessary in the functioning of my business, completion of my work for you, or without first seeking your permission. I may occasionally email an existing or past client if I have good reason to do so as allowed under GDPR.

I will sometimes make use of my photos in my online or printed portfolio, or within my blog, but wherever appropriate and possible I will seek individual consent first.

The photos I take for my clients are stored online within client-secure, password-protected galleries. Depending on the requirements of the client, a gallery will remain live for at least a year and may remain live for several years.

Where I have been given permission to do so I may allow search engines to index the photos stored on the galleries, which means they may be publicly viewable.

All the photos I take are stored on offline hard drives as part of my archive and are indexed on archival software, also stored offline.

GDPR does not trump copyright. I will not destroy images on request.

You have the right to request an audit of the information I hold on you as per the GDPR guidelines.

This page may be updated from time-to-time inline with changes to GDPR regulations.

Here is my GDPR certificate.