What is this Privacy Policy for?

This privacy policy is for this website {www.rachaelfawcettphotography.com} and served by [Rachael Fawcett Photography] and governs the privacy of its users who choose to use it.

The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.

The Website

This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.

Use of Cookies

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer/device. This complies with recent legislation requirements for website’s to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer/device.

Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and it’s external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it.

This software is provided by Squarespace which uses cookies to track visitor usage. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Squarespace’s privacy policy here for further information [ https://www.squarespace.com/privacy/].

Other cookies may be stored on your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.

The Six General Principles

1. Lawfulness, fairness and transparency – Personal data must be processed lawfully, fairly and in a transparent manner;

2. Purpose limitation – Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (with exceptions for public interest, scientific, historical or statistical purposes);

3. Data minimisation – Personal data must be adequate, relevant and limited to what is;

4. Accuracy – Personal data must be accurate and, where necessary, kept up to date. Inaccurate personal data should be corrected or deleted;

5. Retention – Personal data should be kept in an identifiable format for no longer than is necessary (with exceptions for public interest, scientific, historical or statistical purposes); and

6. Integrity and confidentiality – Personal data should be kept secure.

European General Data Protection Regulation (GDPR)

As per Article 30 for the GDPR this website and business are exempt from some the regulations surrounding the handling of private data.

However, this website will strive to ensure that where possible we comply with the stipulations laid out in GDPR.

All private data (email address, IP address, names, telephone etc) are stored on secure computers.  No personal data will be given or sold without the express written permission of the user.

You may request to see copies of any personal information held and also request that that information is updated or removed in its entirety. 

How your data is protected

We use a multi-layered approach to security –

“Network Security” – All of the IT is further secured using strong password protection, using a mixture of alphanumeric and symbols. I use Backblaze as a cloud storage system for my documents and company files.  Backblaze is GDPR compliant. Portable hard drives for use off-site and on location will not usually have personal information stored on them, and where they do they will have password protected encryption at the drive level.  I ensure all my servers, routers, laptops, desktops, smartphones etc are kept up to date with the relevant security patches and updates by the manufacturer.

“Privilege Based” – Only those who need to access your information will be able to access it.  In 99.9999% of cases that is just one person – Rachael Fawcett. I use multiple alphanumeric passwords for access to all of my IT infrastructure. Where access is given to another person (I may be ill, away etc) then an audit is carried out to ensure that only the required information is accessed and the passwords are changed.

Your data is also held securely off-site with further protection provided by Backblaze, again using the same methods outlined above.

Contact & Communication

Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advises users using such form to email processes that they do so at their own risk.

This website and its owners use any information submitted to provide you with further information about the products/services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email sequence program the website operates but only if this was made clear to you when submitting any form to email process. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.

Email Marketing

Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list].
This information is used to refine future email campaigns and supply the user with more relevant content based on their activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed in the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to unsubscribe will by detailed instead.

Processing & Storage of Data

Your personal information and any other data you give will be stored, securely, for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.  After that time you will be removed.  Your data will be deleted and/or destroyed.

External Links

Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text/banner/image links to other websites.)

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should, therefore, note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are customs to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. Users are encouraged to discuss sensitive details via primary communication channels such as by telephone or email rather than through social media.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Shortened Links in Social Media

This website and its owners through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy URLs.

Users are advised to take caution and good judgement before clicking any shortened URLs published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine URLs are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.

Clients and Wedding Guests in Photos

Under GDPR legislation, a photograph may in some instances constitute a form of personal data where they can be processed to allow “the unique identification or authentication of a natural person”. Rachael Fawcett Photography will never photograph an individual as a means of unique identification or authentication unless consensually contracted to do so. Guests at weddings appear in photos taken by Rachael Fawcett Photography as a part of the visual recording of the event in photos. Guests captured in portraits or in group photos do so as part of the event and their rights are protected by Rachael Fawcett Photography as detailed in this privacy policy.

In terms of explicit GDPR compliance, Wedding clients and guests are photographed within the parameters of GDPR legislation on the basis of ‘legitimate interests’. The taking of photographs of wedding guests when viewed as a form of processing personal data is necessary for the legitimate interests of Rachael Fawcett Photography as a photography business unless there is a good reason to protect a given individual’s personal data which overrides those legitimate interests.

Operating within the parameters of legitimate interests as laid out in GDPR legislation, the disproportionate effort involved in providing privacy policy information to all wedding guests at the event and the degree to which it would distract me from performing our job renders it infeasible to do. Wedding clients are therefore requested in their contract to direct their guests to read this privacy policy in advance of the event and to advise them to contact me in advance with any concerns around the processing of their personal data, namely being photographed.

Display of Images 

I may display any photographs to promote Rachael Fawcett Photography on the Rachael Fawcett Photography website and blog, on social media, on wedding blogs, on wedding photography related websites, in exhibitions, in advertising, brochures, magazine articles and other such material, providing that the images used are used lawfully and without damage to Rachael Fawcett Photography’s client(s). The rights of the people captured in these photographs are protected by Rachael Fawcett Photography as detailed in this privacy policy. When the images are processed in Lightroom and Photoshop no facial recognition data is added to the image.

Withdrawl of Consent

Anyone photographed by Rachael Fawcett Photography, whether a client or wedding guest, and whether past or current may withdraw consent for a photograph in which they appear to be displayed. The process for this is to email Rachael Fawcett Photography at rachaelfawcettphotography@hotmail.co.uk specifying the photo in question. Pursuant to the request, Rachael Fawcett Photography will then remove the photo from online and printed display wheresoever it appears at the earliest opportunity.

Resources & Further Information

• Data Protection Act 1998

• Privacy and Electronic Communications Regulations 2003

• Privacy and Electronic Communications Regulations 2003 – The Guide

• Twitter Privacy Policy

• Facebook Privacy Policy

• Google Privacy Policy

• Linkedin Privacy Policy

• Backblaze Privacy Policy

• Squarespace Privacy Policy

• Mailchimp Privacy Policy

• Stickyemail Privacy Policy

• Pixie Set Privacy Policy

Your Personal Data:

What we need

Rachael Fawcett Photography will be what’s known as the ‘Controller’ of the personal data you provide to us. We only collect basic personal data about you which does not include any special types of information or location based information. This does, however, include name, address, email etc.

Why we need it

We need to know your basic personal data in order to provide you with notice writing and analysis services in line with this overall contract. We will not collect any personal data from you we do not need in order to provide and oversee this service to you.

What we do with it

All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance, this information is located on servers within the European Union. No 3rd parties have access to your personal data unless the law allows them to do so.

We have a Data Protection regime in place to oversee the effective and secure processing of your personal data. More information on this framework can be found on our website.

How long we keep it

Your data will be held for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject t. Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information. Photographs will be held indefinitely until such time that it is requested that these be removed following a Right to be Forgotten request.

What we would also like to do with it

We would, however, like to use your name and email address to inform you of our future offers and similar products. This information is not shared or sold to third parties for any purposes and you can unsubscribe at any time via phone, email or our website. 

What are your rights?

If at any point you believe the information we process on you is incorrect you request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

Our Data Protection Officer is Rachael Gordon-White and you can contact them at rfphotography@hotmail.co.uk