As of 25th May 2018, GDPR has been set into motion. Here are all the details of data processing and storage that concern ‘Polly Bycroft-Brown Photography’ and its clients.
Does GDPR apply to you territorially?
Yes – Polly Bycroft-Brown Photography is based and operates in the EU. Data belonging to EU residents is also processed.
Do you process data that GDPR applies to?
Email addresses, phone numbers, addresses, full names, identifiable photographs.
Photographs will be stored for one year following being taken. If a client wishes for them to be removed sooner, providing contractual agreements have been adhered to, they will be removed.
Email addresses, full names and phone numbers of legitimate contacts will be kept on file indefinitely for future correspondence. They will be removed from all applicable processing/storage if requested.
What data do you process and for what purpose?
Email – Storing email addresses & phone numbers. Transferring identifiable photos. This account is password protected with 3-step verification enabled.
Website – There is no contact page/widget to capture data directly from website. Only listed details for customers to get in touch first. Identifiable photos are shown with consent. This is password protected.
Facebook – Identifiable photos are shown with consent. Names listed alongside photo with consent. Facebook messenger allows for email addresses and phone numbers to be transferred. This account is password protected with 3-step verification enabled.
Instagram – Identifiable photos are shown with consent. Names listed alongside photo with consent. Instagram direct messaging allows for email addresses and phone numbers to be transferred. This account is password protected.
Dropbox – Identifiable photos are stored privately. Only Polly Bycroft-Brown Photography has access to client’s personal folders from 25/05/2018 onwards.
Pixieset – Identifiable photos are shared with client. The account is protected by a password. Each individual gallery has its own password shared only with the client it applies to and anyone they have given consent for it to be shared with. Email addresses that have been provided through email or another messaging service will be used to contact client through this website.
iPhone – Phone numbers and email addresses transferred. Access to all other apps/internet. Phone is protected with 6 digit code.
What happens if someone would like to opt outs/ withdraw consent of their data being stored?
All clients will be asked if they want to opt in for their images to possibly be used for future marketing purposes of ‘Polly Bycroft-Brown Photography’ in their initial contract. Their answers will be kept confidential on a spreadsheet.
If a third party wants to use an image of the subject, they will be contacted via email for their permission.
Right to be Forgotten
If a client has not contractually agreed to follow through with services provided by ‘Polly Bycroft-Brown Photography’, they are able to withdraw all their data from processing and storage immediately.