As your potential wedding photographer, it’s my job to provide you with the salient facts before collecting any of your personal data, so here goes.
Personal data I collect:
- As the “Data Controller”, I collect:
- Your name - so I know how to address you,
- Your email - so we can chat about your wedding day,
- Your mobile number - in case I get lost on the way to your venue,
- Your address - so I know where to send any products you buy, and
- Your photographs - because that’s what you are paying me for!
How I collect and store your personal data:
I could try to guess who you are and why you’d want to contact me but I prefer that you use the pretty contact form on my website, which will arrive in my email inbox with the information you choose to submit, which is protected by a tight password that doesn’t contain the word ‘password’ or the numbers ’123456’. I will restrict any personal data to my eyes and that of a few, select data processors that are essential in delivering the service I provide.
However, If after a period of my awful chat and terrible humour, you decide you don’t want to book me (as if that’s going to happen!), I will promptly delete your details from my email inbox and don’t ever want to hear from you again.
If you decide to reserve me for your wedding, I will then store your details, as submitted, in my cool client software - “Shootproof”, for the purposes of managing our relationship, and being able to remember who you are. I also use Shootproof to create and manage your wedding contract (because you’ll want a copy of my promises to you, right?), to upload and store your photographs and to provide you with the functionality to buy print products (please, go nuts!).
I use another tool, called “Wave” to manage your invoices and payment data, which has stated that it will comply with GDPR.
I use another tool, called “Stripe” to process your payment data, which is fully compliant with GDPR.
Nearer your wedding date, I send you a pre-wedding questionnaire to complete. This will remain on my computer and can only be accessed with my very secure passcode or fingerprint (no luck, robbers!)
Under the GDPR I need to inform you, and make publicly available my lawful basis for collecting and processing your data. Personally, I think it’s silly to ask you for consent to process the data that you have freely given me as your photographer, so the lawful basis by which I will process your data falls under the. legal basis of ‘legitimate interests’ (I know, sexy right?). You can read all about the lawful basis for data processing here (protip: make a mug of tea first).
In summary, to quote the Information Commissioner’s Office:
“Legitimate Interests is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.”
It’s a core function of my job to take your photographs and process them, or I wouldn’t be able to do what you've paid me for. Therefore, you would expect me to take your photographs, edit them, store them, sell you them, and share them on my website (more on that later). You wouldn’t expect me to sell your photos and contact details to spammy buggers to recharge my fine wine fund, and I won’t ever do this. This summarises the ‘legitimate interests’ basis for processing your data.
Use of face-based data:
Instead, I work on the basis that the guests attending your wedding would reasonably expect a photographer to be present and tend to shy away from asking everyone if it’s ok to photograph them. Sort of a moment killer, that is!
To enable me to operate as an awesome wedding photographer and continue to book amazing clients like you, I need to promote myself and my work. I do this by showcasing the beautiful images I capture at weddings on my blog, website, social media pages and sometimes in advertising. I may also enter the photographs I capture into the odd wedding photography competition.
Without doing this, you would not know that I exist, would never have seen any of my previous work and no one would ever hire me (which means little Jonah, Jessica and Harris wouldn’t have anything to eat)! So, I’d love it if you granted me permission to do this and alongside your booking form, you will be asked to opt-in to consent to me sharing some of your wedding photographs in these ways. You have the option of saying no, which means that I won’t use your photographs on my blog, website or social media at all.
Couples are normally delighted to be featured on my website, Instagram or facebook pages but if for any reason you or anyone else featured in your photographs is not happy for me to use any specific photograph in this way, all that is required is a simple email and I’ll remove it straight away.
My website is secure, and I only use software which meets the technical requirements of the GDPR. I encrypt all my storage devices. My computer is password and fingerprint protected. My iPhone is protected by Face ID. Basically, I treat the security of your data like Jack Bauer treats the security of the USA.
You can control the cookie behaviour of your browser in your browser preferences.
Changes to this policy:
This is a live policy, which means it is regularly reviewed and updated to ensure it continues to comply with changing legislation.
Remember, you can always reach me at: firstname.lastname@example.org if you want to ask me about this policy or chat to me in-depth about that new great coffee shop you’ve discovered.