Privacy Notice
1. Identity and contact information
This Privacy Notice ("Notice")is provided by Elisabeth Franco-Feltham trading as Elisabeth Franco Photography, 28 Midsummer Walk, Hempsted, Gloucester, GL2 5EF. It covers your rights in relation to the Data Protection Act 1998 (“DPA”), the General Data Protection Regulation (“GDPR”) and the Privacy and Electronic Communications Regulations (“PECR”).
This Notice also explains how Elisabeth Franco Photography complies with the DPA, GDPR and PECR as well.
Elisabeth Franco Photography is both the controller and a processor of all personal data collected.
Date this Notice was created: 21 May 2018
2. Compliance declaration
Both Elisabeth Franco Photography and this website, www.elisabethfrancophotography.com, comply with the DPA, GDPR and PECR. The GDPR comes into effect on the 25th of May 2018. This Notice is updated whenever changes are made to relevant data protection legislation.
3. Your rights under the GDPR
Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows:
Right to be informed about the collection and use of your personal data.
Right to access your personal data, and any supplementary information which constitutes personal data.
Right to have your personal data rectified; this means you can ask me to correct your personal data if it changes, turns out to be inaccurate, or is incomplete.
Right to have your personal data deleted; this means that you have the right to request the deletion or removal of your personal data. There are some circumstances when you do not have this right.
Right to restrict me processing your personal data.
Right to data portability.
Right to object to me processing your personal data.
Rights related to automated decision making including profiling.
Most of these Rights will apply to your personal data and how it is processed by Elisabeth Franco Photography , but some (such as the right to data portability and rights related to automated decision making including profiling) are not relevant to this business at the time of writing.
If you want to know more about your rights, please click here. For other information relating to data protection legislation, please visit the ICO website directly.
4. The data I collect, how I use it and why
Elisabeth Franco Photography is the sole owner of the information and it only has access to information that you voluntarily provided via:
email hello@elisabethfrancophotography.com
By telephone text message 07498721531
Direct contact forms on www.elisabethfrancophotography.com
By Jotform http://www.jotform.com
Instagram page messaging service https://www.instagram.com/elisabethfrancophotography/
Facebook Page Messenger Elisabeth Franco Photography https://www.facebook.com/elisabethfrancophotography
Client contact information
I use personal data, provided directly and voluntarily to me by clients, for the purpose to carry out my contractual obligations. This means that it’s information I need to do my job. This personal data includes: names, addresses, email addresses, phone numbers and further information which I need to complete your photography requirements.
Email addresses for gallery login
To deliver images to clients, I make use of a gallery and proofing service: Pixieset Media Inc. When clients share their galleries with friends and family, they will need to enter their email address to gain access to Pixieset, with the email address acting as a login. This allows users to create favourite lists, leave comments and also share images effectively. This is also necessary for the ordering of prints. For further information about how Pixieset collects and processes personal data please visit the Pixieset website.
I use JotForm http://www.jotform.com, to send my photography digital contract, and obtain an electronic signature of my clients agreeing to my contractual term and conditions.
JotForm makes it easy for our users to show that they use JotForm in a GDPR-compliant way. To make it convenient and easy, Jotform provides a DPA (Data Processing Addendum), which is a self-serve and easy-to-execute document pre-signed by JotForm. It only requires an electronic signature from the user.
Once the DPA is filled out and submitted, it will automatically be sent to JotForm’s legal team for final review. If it is correctly completed, the DPA will then become legally binding. You can provide the DPA to auditors to show that you use JotForm in a way that demonstrates your data is being processed in a way that meets your GDPR compliance obligation.
For more information, please see the "How to Execute this DPA" section in the DPA below.
The JotForm GDPR compliant DPA is available here.
Mailing lists
Although I have never used a mailing list to help market my business or never held any personal data relating to mailing lists, this may be something that I will consider to do in the near future. New mailing lists created from this point will be GDPR compliant and populated with personal data collected from you on the basis of explicit consent for this single purpose.
5. Sharing information with third parties
Other than those third parties mentioned in this Notice and listed below, Elisabeth Franco Photography shall not pass your personal data to any third party.
Your personal data may, subject to my obligations to comply with data protection legislation, be shared with the following third parties:
Pixieset Media Inc., as further described above;
Jotform.com for contract management, as described above;
Having taken precautions to maintain the security of such personal data, I may in certain circumstances share personal data with the ICO, and other legal, regulatory and law enforcement bodies;
In certain circumstances I may also share your personal data with third party media businesses for the purposes of marketing my offerings, improving my services, and running a profitable business. These third party businesses may include, photography magazines/publications, portrait websites, social media sites (including but not limited to Google, Instagram and Facebook) or other outlets, with the aim of raising public awareness of my business. Your explicit consent will be obtained in my contract for these purposes.
6. Security, storage and data retention
Elisabeth Franco Photography stores your personal data in the EEA. By providing you with service and products, Elisabeth Franco Photography creates records that contain your information, such as your name, contact details and your photographs taken during the photo session. Elisabeth Franco Photography normally keeps customers records for up to 5 years after your last photo session. Where the matter involved photographs received professional awards, recognition and publications, portfolio images on this website, these records and photographs should be retained indefinitely. I will delete your personal data five years after completion of your photography requirements. If you would like me to delete your personal data before this time, you have the right to request me to do so.
Client photos are safely stored within my password protected home office computer and backed up to an encrypted external hard drive.
7. Your consent
By using this site and/or engaging me on my Terms and Conditions, you agree to be bound by this Notice.
8. Your right to withdraw consent
You have the right to withdraw your consent to be bound by this Notice at any time. If you wish to do so, If you wish to do so, please use the contact form at the bottom of this page. You also have the right, as set out above, to withdraw your consent to my processing your personal data.
9. Your right to lodge a complaint
If you wish to raise a complaint in relation to how we handled your personal information, you can raise a complaint by sending us an email to hello@elisabethfrancophotography.com. We hope to address your concerns through our normal complaints process.
As well as the right to withdraw consent and exercise any of the above rights mentioned under ‘Your rights under the GDPR’, you also have the right to raise a complaint with a regulatory body. In the United Kingdom, this is the Information Commissioner’s Office (ICO). If you have concerns about the way your data is being processed by an organisation, you can find out more here.
10. Links to other websites
Our website may contain links to other websites that we believe may be interesting or useful to our visitors. Please be aware, once you leave our website, we do not have control over other websites and information you may share with them.
11. Social media policy & usage
We adopt a safe and responsible Social Media Policy. While we may have official profiles on social media platforms users are advised to verify the authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
Contact Form