This privacy statement sets out how Adrian Clarke Photography Ltd uses and looks after the personal information we collect from you. Adrian Clarke is the data controller registered with the ICO, responsible for the processing of any personal data you give to us. We take reasonable care to keep your information secure and to prevent any unauthorised access to, or use of, it.
We may update this privacy statement from time to time and will inform you of any changes in how we handle your personal data. Any changes will be updated and published on this page.
What Personal Data do we collect and how do we use it
Personal data means any information about an individual from which that individual can be identified. The data we collect about you will vary depending on how we interact. For private photoshoots and enquiries we may collect names, contact details and birthdays for you and members of your family as part of the process of preparing for the photoshoot. For photographic events where we are selling to attendees of the event, we may only collect the information you provide to us when making an order. In addition to this we obviously take photographs as a primary part of our work and these also form part of the personal data we hold.
Our lawful basis for collecting and holding this data is our contractual relationship with you to provide the services you or the event organisers have requested. For photoshoot enquiries our lawful basis is legitimate interest until such time as a contract for the shoot is agreed.
The information we collect is used to enable us to take the best pictures we can, and to provide them to you for viewing, sharing and printing, and to process orders related to the photographs.
We do not sell, lease or transfer your data to third parties, except where the third party is proving a service to us that forms part of how we fulfil our contract to you (for example image hosting and print fulfilment websites).
Photographs taken may be used by us on our website, in social media and in other forms to promote our business, as specified in our contract terms, except where other arrangements have been agreed. When used in the public domain, images do not contain other metadata that would identify individuals unless separate explicit consent has been given to use names.
Our data processing may require your personal data to be transferred outside of the UK. Where we do transfer your personal data overseas it is with the sufficient appropriate safeguards in place to ensure the security of that personal data.
Protection of your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
How long we hold your personal data
Personal data relating to photoshoot enquiries that are not confirmed is deleted two calendar years after the related event date.
Personal data relating to orders from event shoots is deleted seven years after the event.
Personal data relating to photoshoot clients, and image files from all photoshoots are kept for at least seven years except where there is a written agreement for an alternative arrangement.
Image files do not have a specific deletion date and may be kept indefinitely for client archive purposes and for use to promote the business, except where an alternative agreement has been made in which case the images are deleted accordingly.
Access to information we hold about you
You have the right to ask for details of the information we hold about you at any time. This is called a Subject Access Request (SAR). In accordance with GDPR, once you have made a Subject Access Request we will provide you with your information within 20 business days of verifying your identity. Such requests should be emailed to [email protected]. There is no charge for providing this information to you. In addition, you also have the right to withdraw your consent to us holding your information, ask us to erase your information, or ask us to restrict how we process your information.