Grab a cup of tea…. this is going to be a one long post!
COPYRIGHT: The 1998 Copyright, Designs, and Patents Act assigns copyright to Louisa Coulthurst. You may not copy the photographs taken under this contract, or allow copies to be made photographically, electronically, or by any other means. However if a USB of high resolution jpegs has been included in the photography package purchased, the CLIENT is granted a license to use the images for personal use. The CLIENT may not assign or transfer this license. Images may then be reproduced freely in print and digital form for the client’s personal use.
Phew that was the easy bit! Now onto GDPR!
PRIVACY POLICY
GDPR: The General Data Protection Regulation (GDPR) replaces the UK Data Protection Act 1998. Read it in full here! Now people have to have a legitimate reason to hold onto your data (i.e. to do their job) and not longer than is necessary. Also people cannot just add you to their newsletters by default. You need to actively and explicitly opt into newsletters from now on!
SHORT VERSION: I will use the personal information you give me to process your request (are you free to shoot my wedding?) and to provide any relevant further information (here are my packages and I’m free to shoot your wedding!) and a service (Photography! Wedding photos! Albums!) and not divulge any personal data obtained from you, or give or sell it on to any third party (e.g. man on the corner, evil corporations, Thanos or any other nefarious people). If you enquire and don’t book your email gets deleted. I am going to have to hold onto your details on my invoices because the tax man likes to see I am not money laundering or things like that. I ask you to consent to using your images online for blog posts and Facebook/Instagram so other potential clients can see my work and want to book me too – at no point are you named even by first name. I archive your images in case you lose your USB. My computer has a password so random strangers (or family!) can’t access my files and documents.
But let’s get real, some internet savy brides and grooms are using a separate email especially created for their wedding like you+mewedding2018@internetprovider.com for signing up at wedding fairs and once married, off into the sunshine they go! 😉
LONG VERSION: Buckle up this is going to be a long ride!
WHO AM I? I am Louisa Coulthurst, a wedding and portrait photographer. But GDPR recognises me as the DATA controller (super power I know!) My website address is: http://www.urbanbridesmaid.com (which you are currently on – hello!)
WHAT IS PERSONAL DATA AND WHY AM I TRYING TO COLLECT IT?
I may process data about your use of my website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is my legitimate interests, namely monitoring and improving my website and services.
I may process your personal data that are provided in the course of the use of our services. (“service data”). The service data may include your name, telephone number, email, postal address. The source of the service data is you. The service data may be processed for the purposes of providing our services, and communicating with you. The legal basis for this processing is my legitimate interests, the performance of a contract between you and me and/or taking steps, at your request, to enter into such a contract.
COOKIES: I use cookies and Google Analytics on the site to enable me to see which pages are most popular and to build lookalike audiences in Facebook and Google Adwords so I can target more potential customers who love my work just like you do and ultimately so I can book more weddings and portraits and get food to eat and £ for my mortgage! (GOALS!) None of the data that Facebook and Google collect is identifiable to me.
MORE ABOUT COOKIES: A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. Google’s privacy policy is available at: https://www.google.com/policies/privacy/.
MANAGING COOKIES
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
COMMENTS: If you leave a comment on this site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, WordPress will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
When visitors leave comments on the site WordPress collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
EMBEDDED CONTENT FROM OTHER SITES
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
YouTube
My website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of my pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of my pages you have visited. If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make my website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that my web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer. Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.
Akismet
We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).
WHERE AM I SENDING YOUR DATA?
In this section, I provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA). The hosting facilities for my website are situated in the US. The European Commission has made an “adequacy decision” with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, a copy of which you can obtain from https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en
RETAINING AND DELETING PERSONAL DATA
This section sets out my data retention policies and procedure, which are designed to help ensure that I comply with my legal obligations in relation to the retention and deletion of personal data.
Personal data that I process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
In some cases it is not possible for me to specify in advance the periods for which your personal data will be retained. In such cases, I will determine the period of retention based on the following criteria:
(a) the period of retention of service data will be determined based on the period of time needed to fulfill contract.
Notwithstanding the other provisions of this section, I may retain your personal data where such retention is necessary for compliance with a legal obligation to which I am subject.
YOUR PRINCIPAL RIGHTS UNDER DATA PROTECTION LAW ARE:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
AMENDMENTS
I may update this policy from time to time by publishing a new version on my website. You should check this page occasionally to ensure you are happy with any changes to this policy.
CREDIT
This document was created using a template from SEQ Legal (https://seqlegal.com).