GDPR Statement and Certificate

The new General Data Protection Regulation (GDPR) rules exist to protect us all from unwarranted, unlawful, inappropriate or exploitative use of our personal data and I want to assure everyone I deal with that any data I hold is used only insofar as is required for me to deliver my services to my clients.

I’m keeping my GDPR policy as transparent and simple as possible. It’s been written by me, not a lawyer with a passion for oblique and meaningless jargon, so here goes…

What data I hold:

I retain emails received from clients in relation to enquiries and on-going projects.

I retain contact details of those I have worked with either as clients, contacts or suppliers.

I retain the photos I take as part of my digital archive.

What I do with this data:

I don’t have mailing lists of corporate clients (I run a mailing list for those interested in my personal projects); all my corporate work comes through referral or search engine results. I never send out automated email marketing shots. I will never pass your contact details on to third-parties beyond that which is necessary in the functioning of my business, completion of my work for you, or without first seeking your permission. I may occasionally email an existing or past client if I have good reason to do so as allowed under GDPR.

I will sometimes make use of my photos in my online or printed portfolio, or within my blog, but wherever appropriate and possible I will seek individual consent first.

The photos I take for my clients are stored online within client-secure, password-protected galleries. Depending on the requirements of the client, a gallery will remain live for at least a year and may remain live for several years.

Where I have been given permission to do so I may allow search engines to index the photos stored on the galleries, which means they may be publicly viewable.

All the photos I take are stored on offline hard drives as part of my archive and are indexed on archival software, also stored offline.

GDPR does not trump copyright. I will not destroy images on request.

You have the right to request an audit of the information I hold on you as per the GDPR guidelines.

As and when GDPR evolves, I’ll update this page as the regulations become clearer.

Here is my GDPR certificate.