Phil Rowley Photography Ltd is committed to safeguarding and preserving the privacy of our clients and their associates and visitors to our website. This privacy policy explains what happens to any personal data that you provide to us in the operation of our business, or that we collect from you whilst you visit our site. This privacy policy is for the website www.philrowleyphotography.co.uk and governs the privacy of its visitors as well as the business of Phil Rowley Photography Ltd. It explains how we comply with the EU's GDPR legislation and the Data Protection Act (DPA).

COLLECTING YOUR DATA

Phil Rowley Photography Ltd will only collect data that is given to us by you or agents acting on your behalf. Phil Rowley Photography Ltd may collect your data in a number of ways, for example: When you contact us through the website, by telephone, post, e-mail or through any other means and when you use our services, in each case, in accordance with this privacy policy.

Data collected through this website is via the contact page. The form collects name, email address and message. Enquires sent using the form are sent to phil@philrowleyphotography.co.uk which is an email address hosted by TSO Host. The account is secured using two factor authentication and by using the contact form you agree that Phil Rowley Photography Ltd can contact you in relation to your enquiry. This website is hosted by Squarespace and their privacy policy can be found here: www.squarespace.com/privacy

OUR USE OF YOUR DATA

Any or all of the above data may be required by us from time to time in order to provide you with the best possible service and experience when using our website. Specifically, data may be used by us for the following reasons: internal record keeping, improvement of our products and services, transmission by email of marketing materials that may be of interest to you and contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the website, in each case, in accordance with this privacy policy.

We may use your data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed “Your rights” below).

BUSINESS DATA

Phil Rowley Photography Ltd holds the minimum of business data necessary to operate the business and care is taken to ensure that this data is treated securely. All data is stored electronically and dependant upon the type of booking may include:

Emails and contact information - Emails and contacts are stored electronically across password protected devices and hosted by TSO Host.

Accounting information- invoices, estimates, and statements are secured electronically and password protected

Media - All content shot in undertaking a commission is stored and catalogued by filename based on date and content, on a password protected desktop computer, laptop and external drive. Clients may, at their request, receive a link to file sharing services such as Dropbox or WeTransfer where content is required to be shared by the client.

Metadata - Where required images are stored with embedded information in the form of a generic caption describing the occasion. Names of the subject are included in the metadata where relevant and in gathering such information, consent is agreed. The metadata remains within the file and travels with the image if it is passed to further locations.

Consent Forms - Consent forms are provided by the commissioning agent and describe the intent for the images use. Such forms would require name, address, age and contact details. Forms are either passed to the commissioning agent on site or digitally scanned and shared with the agents' digital controller.

EVENTS AND LEGITIMATE INTEREST

Guests at events may appear in images taken by Phil Rowley Photography Ltd as part of the recording of the event. In such instances attendees are photographed within GDPR 'legitimate interests' guidelines. The taking of photographs when viewed as a form of processing personal data is necessary for the legitimate interest of the photography business, unless there is a good reason to protect an individual's personal data which supersedes the legitimate interest claim. Clients are requested where possible to minimise any potential risk by making clear that photography will be taking place, either verbally of visually, thereby allowing attendees the opportunity of making it known that they do not wish to be photographed.

THIRD PARTIES

In the day-to-day operation of the business Phil Rowley Photography Ltd may use third party services, such as those listed below, with their respective GDPR policies:

Dropbox - https://www.dropbox.com/en_GB/security/GDPR

Squarespace - https://www.squarespace.com/privacy/

WeTransfer - https://wetransfer.zendesk.com/hc/en-us/categories/201270873-Security-Privacy

YOUR RIGHTS

The GDPR provides the following rights for individuals:-

The right to be informed

The right of access

The right to rectification

The right to erasure

The right to restrict processing

The right to data portability

The right to object

The right to automated decision making and profiling.

If you wish to exercise your rights you can email me at phil@philrowleyphotography.co.uk

INFORMATION COMMISSIONER'S OFFICE (ICO)

You have the right to lodge a complaint about our handling of your personal data with the supervisory authority, which in the UK is the Information Commissioner's Office. You can contact the ICO on 0303 123 1113.