GDPR AND PRIVACY POLICY FOR ALED LLYWELYN PHOTOGRAPHY

Aled Llywelyn Photography are committed to safeguarding and preserving the privacy of our visitors. This privacy policy explains what happens to any personal data that you provide to us in the operation of our business, or that we collect from you whilst you visit our site. Aled Llywelyn Photography is owned and operated by myself, Aled Llyewlyn out of my home in Carmarthenshire. I provide photographic services throughout Wales and England & Europe to meet a range of clients, primarily in the areas of News, Public Relations, Portraiture and events. I can be contacted on 07969002137, aled@aledllywelyn.co.uk or 07969 002137
This privacy Policy is for the website www.aledllywelyn.co.uk and governs the privacy of its visitors as well as the business of Aled Llywelyn Photography. It explains how I comply with the EU’s GDPR legislation and the DPA.

COLLECTING YOUR DATA

Aled Llywelyn Photography will only collect Data that is given to us by you or agents acting on your behalf. Aled Llywelyn Photography may collect your Data in a number of ways, for example: When you contact us through the Website, by telephone, post, e-mail or through any other means and when you use our services, in each case, in accordance with this privacy policy.

Data collected through this website is via the contact page and the shop when you make a purchase or download a digital file. The form collects name, email address and address for purchases over £5.00 GBP. Enquires sent using the form are sent to aled@aledllywelyn.co.uk which is an email address hosted by 1&1 Ionos. The account is secured using two factor authentication and by using the contact form you agree that Aled Llywelyn Photography can contact you in relation to your enquiry.

This website is hosted by TSO Host using a WordPress plugin.

OUR USE OF YOUR DATA

Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons: internal record keeping, improvement of our products and services, transmission by email of marketing materials that may be of interest to you and contact for market research purposes which may be done using email, telephone, fax or mail.
Such information may be used to customise or update the website, in each case, in accordance with this privacy policy.
We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed “Your rights” below).

BUSINESS DATA
I hold the minimum of business data necessary to operate the business and care is taken to ensure that this data is treated securely. All data is stored electronically and dependant upon the type of booking may include:

Emails and contact information – Emails and contacts are stored electronically across password protected devices and hosted by 1&1 Ionos
Accounting information- invoices, estimates, and statements are secured electronically and password protected
Media – All content shot in undertaking a commission is stored and catalogued by filename based on date and content, on a password protected desktop computer, laptop and external drive. Clients may at their request, receive a link to file sharing services such as Dropbox, WeTransfer, Mega or BOX where content is required to be shared by the client.
Metadata – Where required images are stored with embedded information in the form of a generic caption describing the occasion. Names of the subject are included in the metadata where relevant and in gathering such information, consent is agreed. The metadata remains within the file and travels with the image if it is passed to further locations.
Consent Forms – Consent forms are provided by the commissioning agent and describe the intent for the images’s use. Such forms would require name, address, age and contact details. Forms are either passed to the commissioning agent on site or digitally scanned, shared with the agents’ digital controller and then shredded.

EVENTS AND LEGITIMATE INTEREST
Guests at events may appear in images taken by Aled Llywelyn Photography as part of the recording of the event. In such instances attendees are photographed within GDPR ‘legitimate interests’ guidelines. The taking of photographs when viewed as a form of processing personal data is necessary for the legitimate interest of the photography business, unless there is a good reason to protect an individual’s personal data which supersedes the legitimate interest claim. Clients are requested where possible to minimise any potential risk by making clear that photography will be taking place, either verbally of visually, thereby allowing attendees the opportunity of making it known that they do not wish to be photographed.

THIRD PARTIES
In the day to day operation of the business Aled Llywelyn Photography may use third party services, such as those listed below, with their respective GDPR policies:
Dropbox – https://www.dropbox.com/en_GB/security/GDPR
WeTransfer – https://wetransfer.zendesk.com/hc/en-us/categories/201270873-Security-Privacy
BOX – https://www.box.com/en-gb/gdpr
MEGA – https://mega.nz/gdpr
Zenfolio – https://zenfolio.com

YOUR RIGHTS
The GDPR provides the following rights for individuals.
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
If you wish to exercise your rights you can email me at aled@aledllywelyn.co.uk

INFORMATION COMMISSIONER’S OFFICE (ICO)
You have the right to lo age a complaint about our handling of your personal data with the supervisory authority, which in the UK is the Information Commissioner’s Office. You can contact the ICO on 0303 1231113

Close
Go top Call Now Button