Gillian Walsh Photography Privacy Notice
Updated January 2020
Our contact details
07540 293 993
What type of information we have
I don’t hold a lot of information about my clients. I hold contact details such as name, phone number, email address and sometimes home address if relevant for shipment of products such as frames and albums. This data is held within password protected documents.
My customers send me payments via bank transfer but I don’t document that information outside of my bank accounts transaction within my online banking system which is secure and GDPR compliant. I don’t keep paper copies of statements. Many clients pay via PayPal in which case I have no financial data at all.
How we get the information and why we have it
Any data I collect is directly from my clients with their consent either in person, on the phone or online (email, social media). I collect only the data that is relevant to me providing a photography service to my clients.
My clients buy my photography services repeatedly so I retain their contact details securely in order to communicate with them about future services. My clients have the right to withdraw consent regarding me holding their details at any time.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting Gillian Walsh using the above contact details
(b) We have a contractual obligation.
What we do with the information we have
I use clients contact details solely to communicate with them. I don’t sell it or share it with anyone else. The only exception to this is with the customers consent I share their postal address with my framing supplier in the event the customer requests a direct shipment of their frame to their home.
How we store your information
I have a PC at my studio and customer details are held securely on this, on password protected infrastructure within password protected documents.
I have a list of consenting clients held in Mailchimp which is a secure GDPR compliant email tool.
If consent is withdrawn, contact details are deleted from the system. I do not have paper copies of customer details.
Your data protection rights
As mentioned previously, under the lawful basis for processing guidelines from the ICO, whilst I have consent for holding basic contact data my clients maintain the right to withdraw that consent at any time. In the even that happens, I will delete contact details within 7 days.
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
How to complain
If clients believe there is a GDPR breach or wish to complain, they can contact me using my contact details on this form or direct to the ICO at Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF.
The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113