Your data matters to us as much as it does to you. Here at KERRYJ PHOTOGRAPHY we’re committed to looking after your data & privacy in all areas – this document sets out how we do that and how to contact us with any issues or questions. We’ve also tried to keep the wording readable rather than lawyer-speak so hopefully your eyes won’t glaze over after the first sentence!
Kerry Harrison is the owner & sole person in this micro-business, so she is also now known as the Data Controller AND Data Protection officer – natty titles, right? What this actually means is that, as it’s just her in this business, she will make the decisions on how your data is used and for what reasons, as set out below. She’s also your point of contact about the data she holds.
So firstly – let’s get this out there straightaway – we’re not in the business of selling/trading/giving away your data – we don’t believe that’s how business should be done. However, to run this business, we do need to hold details – otherwise known as personal data. Here’s how it all works.
1) Why do we need your data?
• To provide further information on services we provide, when requested
• To be in contact with you when it’s necessary in the client relationship & to comply with HMRC record-keeping
• To be in contact with you when you’ve let us know that’s OK to do so
• To make sure we can run our business brilliantly and efficiently and provide a great service
Our legal basis for collecting this data is:
• You consent to providing it to us
• We need to use this to enter into a contract/business relationship with you or maintain an existing one
• For HMRC record-keeping purposes
2) What types of data do we collect?
We collect the some or all of the following personal data about you, dependent on what services you’re accessing:
• Details of how we can contact you, such as your name, email address, postal address and phone number
• all records of when you contacted us or we contacted you on email or when you asked us to do something;
• record of payments, in invoices (kept in accordance with HMRC rules)
• videos and photos of you (we always ask extra permission for this if we’d like to share them to help grow our business)
• for the children’s workshops we ask for emergency contact numbers, date of birth and any additional allergies or special needs, to help us keep your children safe and accomodated for in the best possible way
3) For this very small business to run efficiently, we do need to use other companies, some of whom need to also securely hold anonymised parts of your data. All of these businesses are now also GDPR compliant as well, so you can rest assured that your data is in as safe hands with them as it is with us.
a) Our website is hosted by TSO Host: https://www.tsohost.com/legal/privacy-policy
b) We use a studio management/CRM system for photographers called LightBlue: https://www.lightbluesoftware.com/legal/privacy_notice.php
c) We use an online Gallery software company called Shootproof: https://www.shootproof.com/legal/privacy-policy
d) We use Billetto for our event management: https://billetto.co.uk/pages/terms
e) We use MailChimp for our email newsletter: https://mailchimp.com/legal/privacy/
4) How long will we keep your data for?
a) If you’ve worked with us in any capacity, we need to keep your details for 7 years in line with HMRC record-keeping obligations.
b) If you’re on the email marketing list, your details will remain unless you choose to unsubscribe or unless we contact you to let you know we’re removing your details.
c) Your photos – our original policy of holding all photos indefinitely as a service for clients is no longer recommended under new GDPR rules. We will now hold your photos for 2 years as standard, then review this with you at that stage to see if you wish for us to keep them for a further time period in discussion with you and your wishes.
5) Is your data held safely?
We have put in place lots of security measures to make sure your details don’t go missing or get used in a way they shouldn’t be.
6) What rights do I have regarding my personal data?
At any time, you can ask us:
• How we’re using your data
• Provide details of what data we hold for you
• To correct data details that are incorrect
• To delete the data we hold (unless there’s clear reasons for us not to)
• To stop using your details in a certain way
• To send your details to someone/somewhere else of your choice
• About objections about your data
There are exceptions to these rights (such as legally required record-keeping). We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.
7) Who can I contact if I have concerns about the use of my personal data?
Basically, we’d hate for you to be unhappy with anything to do with your personal data – we’re all about a great customer experience after all, so please do just get in touch if you need to: Kerry Harrison firstname.lastname@example.org