What is this privacy policy for?

This privacy policy is for this website, our website address is: https://www.rebeccafrostphotography.com and served by Rebecca Frost and covers the privacy of this users to choose to use it.

The policy sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website and website owners. Furthermore, the way this website is processed, stores and protects user data and information will also be detailed within this policy.

What personal data we collect and why we collect it;

The website

This website and its owners ( Rebecca Frost) take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies with all UK national laws and requirement s for user privacy.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form but advises users that they do so at their own risk.

This website and its owners use any information submitted to provide you with further information about the products /services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing form the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material.

Your details are NEVER passed on to any third parties.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

External links

Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking an external web links mentioned throughout this website. ( External links are clickable text/banner/image links to other websites.) The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best effort. Users should, therefore, note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Your personal information any any other data you give will be stored, securely, for a minimum of 36 months. This does not apply to photographs or any other photographs kept online securing, nor does it apply to invoices/receipts etc which need to be kept, legally, or a period of 6 years. If you wish the photographs to be destroyed/deleted than I will do this also. It is YOUR responsibility to make sure you have the backups. Id do not use any software to automatically process your biometric data – i.e. I don’t use facial recognition facilities that can be found in the major editing applications such as lightroom.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

If you wish to request a copy of your personal data please contact us using the contact details on this website. There is no charge for this ( unless I believe the request is manifestly unfounded or excessive and then you will charged a fee commensurate with the time taken for us to process your request ) and will get the information to you, in a form you can use. within 28 days.

If you wish for your personal data to be deleted permanently then please contact us. You will need to provide me suitable and verified identification, such as

  1. Copy of passport showing passport photograph page
  2. Copy of Drivers License
  3. Utility Bill showing me home address that matches your drivers license
  4. Date of event

I will not be able to delete data that is under 7 years old due to HMRC rules. For example this will include contracts, invoices etc. Please note. Deletion is permanent. Your photographs will be permanently deleted once you have proven your identification sufficiently. They will be deleted from all my archive hard drives, from my laptop/desktop IT systems from any cloud based storage system, from my website and the online gallery.

Where we send your data

Via the website, visitor comments may be checked through an automated spam detection service.

Additional information

How we protect your data

As you may be aware we hold some personal and sensitive data on our clients. The security of that data is very important to us, and should be to any supplier you use. The six General Principles for General Data Protection Regulations (GDPR)

  1. Lawfulness, fairness and transparency – Personal data must be processed lawfully, fairly and in a transparent manor; I won’t use your data in a way that I wouldn’t with my own.
  2. Purpose Limitation – Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes ( with exceptions for public interest, scientific, historical or statistical purposes ) I will only ask for and collect data that I need to run my business.
  3. Data minimisation – Personal date must be adequate, relevant and limited to what is: I don’t ask you for information that I don’t need to help me do my job.
  4. Accuracy – Personal data must be accurate and, where necessary, kept up to date. Inaccurate personal data should be corrected or deleted; I try to be accurate, but if you move house, change emails etc then let me know. If you want to know what I hold just ask. If you want me to remove it all ( including photographs ) or update/amend it – just ask.
  5. Retention – Personal data should be kept in a identifiable format for no longer than is necessary ( with exceptions for public interest, scientific, historical or statistical purposes ) We will only keep your data for as long as we need to. HMRC suggests about 7 years.
  6. Integrity and confidentiality – Personal data should be kept secure. Our business and your data are about as secure as I can reasonably make it.

What data breach procedures we have in place

Network security

All our IT is further secured using strong password protection, using a mixture of alphanumeric and symbols. We use DropBox as a cloud storage system for documents and company files. DropBox is GDPR compliant . Photographs are stored online with DropBox. Portable hard drives for use off-site and on location will have no personal information stored on them. We ensure all our servers, routers, laptops, desktops, smartphones etc are kept up to date with the relevant security patches and updates by the manufacturer. We have ensured as much as possible that all third party suppliers who MAY hold personal data are also GDPR compliant, and where they are not, we have taken steps to remove any possible data and found GDPR compliant companies. We use only Apple Computer hardware with Apple Mac OSX operating systems. This is kept fully updated automatically. It is generally recognised that Mac OSX is inherently more secure than Microsoft Windows.

All applications running on all Apple Mac OSX computers are also kept updated on a weekly basis. We take payments using PayPal, who are GDPR compliant. Our website is also set up securely.

In Summery

  1. Rebecca Frost will be whats known as the “controller” of the personal data you provide us. We only collect basic personal data about you which does not included any special types of information or location based information. This does, however, include name, address email etc.
  2. We need to know your basic personal information in order to provide you with notice writing any analysis services in line with this overall contract. We will not collect any personal data from you we do not need in order to provide and oversee this service with you.
  3. All the personal data we process is process by our staff in the UK however for the purposes of IT hosting and maintenance, this information is located on servers within the European Union. No 3rd parties have access to your personal data unless the law allows them to do so. We have a Data Protection regime in place to oversee the effective and secure processing of your personal data. More information on this framework can be found on our website.
  4. We are required under UK tax law to keep your basic personal data ( name, address, contact details ) for a minimum of 6 years after which time it will be destroyed. Your information we use for marketing purposes will b kept with us until you notify us that you no longer wish to receive this information. More information on our retention schedule can be found online.
  5. We would however, like to use your name and email address to inform you of our further offers and similar products. This information is not shared or sold to third parties for any purposes and you can unsubscribe at any time via phone, email or our website. Please indicate below if this is something you would like to sign up to.
  6. If at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted. If you wish to raise a complaints on how we have handled your personal data, you can contact our Data Protection officer will with investigate this matter. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Comissionior’s Office (ICO)

Our Data Protection officer is Rebecca Frost and you can find her at info@rebeccafrostphotography.com