Nicola Walker Photography – Tel: 07971108618 E- nic-walker@hotmail.co.uk
General Data Protection Regulation of Nicola Walker photography 2018
Context and overview key details
- Policy prepared by Nicola Walker
- Next review date – 1st May 2019
- Company Name: Nicola Walker Photography
- Company Address: Nicola Walker Photography, 71 West Street, Millbrook, Cornwall, PL10 1AE.
Introduction
Throughout this document, website refers to: www.nicolawalkerphotography.co.uk
This privacy policy is for this website: www.nicolawalkerphotography.co.uk on behalf of Nicola Walker and governs the privacy of its users who choose to use it. It explains how I comply with the GDPR (General Data Protection Regulation). The policy identifies areas of this website that may affect your privacy and personal details, how I process, collect, manage and store those details and how your rights under the GDPR are adhered to. Additionally, it explains the use of cookies, software, files or software that are made available to you, if any, on this website.
The GDPR Effective 25 May 2018 This website and policy complies with the GDPR (General Data Protection Regulation) which comes into effect from 25 May 2018.
This policy will be updated accordingly with any necessary amendments following the completion of the UK’s exit from the EU. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The General Data Protection Regulation 2018 is underpinned by six important principles. These say that personal data must be:
Nicola Walker Photography GDPR 2018
1) Processed lawfully, fairly and in a transparent manner in relation to individuals;
2) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes;
3) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
5) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
6) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Personal Information & Communication
Personal information is information that relates to an identifiable individual. When a user registers for the Site (as is necessary, for example, for a user to make a purchase through the Site), the user may be required to provide personal information such as his or her name and email address, to select a login name and password, and to provide credit card information (number, type and expiration date), a telephone number and a billing address.
Your personal information is kept private and stored securely until a time that it is deemed no longer required or has no further use. I currently have a policy not to partake in regular, generic mailing of products, offers, services or updated information via any mailing list system and respect that should you require this information, I would provide it at your request. Your details will never be shared with any third parties without your prior consent.
The Website: www.nicolawalkerphotography.co.uk and its owner takes a proactive approach to its user's privacy and ensures that all obligatory requirements are taken to offer maximum protection to the privacy of its users throughout their visit. This website complies with all current UK and EU requirements in support of its user's privacy. The website does not store any payment information and all credit card or debit card payments for orders are taken on PayPal secure servers.
Cookies
My site uses cookies to keep track of your visits to the website. A cookie is a small file that can be stored by your browser on your computer’s hard drive. Cookies may be used to compile anonymous statistics related to the use of services or patterns of browsing. When used in this manner you are not individually identified and data collected is only used in aggregate. You can usually change your browser’s settings so that it will not accept cookies, although this may restrict some website functionality.
Media Files and Data Storage
Photographic Data is stored on a laptop which is password protected, in folders which are encrypted for the time until all final orders are made. After this time, data will be digitally stored on an external hard drive, which is also encrypted, and secure password protected. Only myself and lab staff have access to the data. Photos are stored for varying lengths of time depending on the usage and area of Photography. School Photography images will be stored for around one year as I have found that parents often purchase older photos, where they have forgotten to order at the time, or to purchase images of their child when they were younger. Images for other aspects of Photography (i.e. Weddings, Property), can be stored up to ten years, at the request of the client.
Payments
Payments can be cash, cheque, or card. Appropriate security is applied. Details are processed then securely destroyed. Any cash or Cheque payments, with regard to School/Nursery Photography, that are handed in to the school are collected by myself in a secured bag and taken directly to my office. Returned proofs are shredded and carefully disposed of. During this process, at no time do I link an image to any personal data, or receive any personal data about the pupils. As previously stated, the website does not store any payment information and all credit card or debit card payments for orders are taken on PayPal secure servers.
School Photography
For the most part, when I take school photographs, I don't collect any personal data of the students or staff who I am photographing. After the photographs have been taken, they are then encrypted and sent to my laboratory. The proofs are given to the School or Nursery manager who will distribute to the parents of the child. Customers order through a back to school process where parents return the order via the school. Alternatively, at the parents request, I can upload the images to a secure, password protected album on my website and parents can order through this. These will be deleted from the website after one year.
The law requires Nicola Walker Photography to take reasonable steps to ensure data is kept accurate and up to date.