Privacy Policy

 

Introduction

From May 25, 2018, a new data protection law is being introduced in the UK, it’s called the General Data Protection Regulation, GDPR for short. The reason this law is being introduced is to protect your data more effectively in today’s online world.

You will probably have received emails already, asking if you will opt-in, to continue receiving emails from companies you’ve previously signed up to.  This doesn’t just apply to email, but how your data is processed by any company who collects, stores and uses your data in the future.

Privacy notices and policies are being updated countrywide to provide the customer with new and improved rights as well as legal reasons why your personal information should be kept on file.

Personal data is information which relates to a living individual, such as your name, address, telephone number and email.  This data could be used not only to identify you but can include details about your transactions or services you have used.

 

What does the GDPR mean for you? 

  • You can ask whether your personal data is being processed, where it’s being processed and for what purpose. This right to access also gives you the right to request a copy of the personal data a company holds on you at no cost to you within one month of asking.
  • You have the right to rectify e. to ask for your details to be changed. Your data should be corrected within one month (two months if complex).
  • You have the right to restrict processing, for example, you can ask to restrict the use of your personal data i.e. not to receive emails or telephone calls or marketing by post.
  • You also have the right to ask for your personal data to be deleted, this is the right to erasure (the right to be forgotten).
  • You have the right to lodge a complaint, about how you feel your data may have been used wrongly, with your local data protection authority.

 

Want to know more?

To read more about the GDPR, please visit the Information Commissioner’s Office website

Angela Adams Photographer and the GDPR

  1. When you book a commission, I will keep your name, address, email and telephone number in electronic form for the duration of the commission and for up to two years after the commission. This is considered processing, even if I just display your name on a computer screen when updating a spreadsheet.
  2. Your data will be collected when you book a commission. Should you cancel your commission, your data will be kept on file for up to two years after the date of cancellation.
  3. Images and social media posts are included within GDPR. At the time this policy was uploaded 13.05.2018 final guidance on the use of images and social media posts within the GDPR was still being sought. This section will be updated when clarification has been confirmed.
  4. Nobody else will see the data held by Angela Adams Photographer and your data will not be shared at any point. The data collected will only be used for the purpose which you have given consent.
  5. You have the right to contact Angela Adams Photographer at any time and ask for your data to be deleted. You have the right to request that any direct marketing stop.
  6. Should a data breach occur, Angela Adams Photographer will inform the Information Commissioner’s Office (ICO for short).
  7. This policy exists to ensure your data is used in a way which protects your rights.

Your data will be collected, held, retrieved, organised and destroyed in a lawful, fair and transparent manner.  Information will only be collected on a need to know basis i.e. the data collected is relevant to the reason it’s being collected.  Reasonably practicable steps will be taken to ensure the data obtained is accurate.  Angela Adams Photographer will store your data in a safe, secure environment on a password protected computer with the aim to prevent accidental loss, destruction, damage and unauthorised access.

 

Notice

Please check this page occasionally to ensure you are happy with any changes which may have been made – thank you.

 

Glossary

  1. The Data Subject is the person whose personal data is being processed.
  2. The Data Processor is the person or organisation who processes the data.
  3. The Data Controller is the person or organisation with overall responsibility for personal data, also how and why it is used.
  4. The Data Protection Officer is responsible for overseeing and implementing an organisation’s data protection strategy.

N.B.  In a small company, the roles mentioned in 2, 3 and 4 above may be held by the same person.