The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.
This website and its owners (Ciara Rush) take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies with all UK national laws and requirements for user privacy.
Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and it’s external serving vendors.
This website uses tracking software to monitor its visitors to better understand how they use it.
Data Protection – What it means and why is it important.
The security of my clients data is very important to me and the Six General Principles for General Data Protection Regulations (GDPR) are the following:
- Lawfulness, fairness and transparency – Personal data must be processed lawfully, fairly and in a transparent manner;
I won’t do anything with your data that I wouldn’t want to do to my own.
- Purpose limitation – Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (with exceptions for public interest, scientific, historical or statistical purposes);
I will only ask for and collect data that I NEED to run my business.
- Data minimisation – Personal data must be adequate, relevant and limited to what is;
I don’t ask you for information that I don’t need to help me do my job
- Accuracy – Personal data must be accurate and, where necessary, kept up to date. Inaccurate personal data should be corrected or deleted;
I try to be accurate, but if you move house, change emails etc then let me know. If you want to know what I hold just ask. If you want me to remove it all (including photographs) or update/amend it – just ask.
- Retention – Personal data should be kept in an identifiable format for no longer than is necessary (with exceptions for public interest, scientific, historical or statistical purposes);
We will only keep your data for as long as is needed. HMRC says about 7 years.
- Integrity and confidentiality – Personal data should be kept secure.
Our business and your data are as secure as I can reasonably make it.
How your data is protected
“Network Security” – All of the IT used is secured using strong password protection, using a mixture of alphanumeric and symbols.
We use a private Nework Attached System (NAS drive) as a storage system for documents and company files.
Photographs are stored on this NAS drive.
Portable hard drives for use off-site and on location will not have personal information stored on them.
We ensure all our servers, routers, laptops, desktops, smartphones etc are kept up to date with the relevant security patches and updates by the manufacturer.
We have ensured as much as possible that all third party suppliers who MAY hold personal data are also GDPR compliant, and where they are not we have taken steps to remove any possible data and found GDPR compliant companies.
We use only Apple Computer hardware with Apple Mac OSX operating systems. This is kept fully updated automatically. It is generally recognised that Mac OSX is inherently more secure than Microsoft Windows.
All applications running on all Apple Mac OSC computers are also kept updated.
We take payments using Paypal, Stripe & World Pay who are all GDPR compliant.
Our website is also set up securely.
“Privilege Based” – Only those who need to access your information will be able to access it.
GDPR classes IP address as personal information so we have to mention this.
Some of the cookies mentioned above will collect your IP address. The vast majority of this website’s users will use private Internet Service Providers (ISP) that also use something called Dynamic Host Configuration Protocol (DHCP). This means everytime you log onto the internet you get a different IP address. Meaning we can’t track you personally. The IP addresses will point to your ISP, and they would not give us any details unless ordered to do so by a court order. Users of our website who log in using corporate internet link will have their IP address taken. Again however that IP address would point to the business NOT to the individual.
Contact & Communication
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998.
Every effort has been made to ensure a safe and secure form to email submission process but advises users using such form to email processes that they do so at their own risk.
This website and its owners use any information submitted to provide you with further information about the products/services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material.
Your details are NEVER passed on to any third parties.
This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion.
Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 1998. No personal details are passed on to third parties nor shared with companies/people outside of the company that operates this website.
Under the Data Protection Act 1998, you may request a copy of personal information held about you by this website’s email newsletter program. If you would like a copy of the information held on you please write to the business address at the bottom of this policy.
Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list]. This information is used to refine future email campaigns and supply the user with more relevant content based on their activity.
In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed in the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to unsubscribe will by detailed instead.
All newsletters are sent by Mail Chimp who are GDPR compliant.
Processing & Storage of Data
Your personal information and any other data you give will be stored, securely, for a minimum of 36 months.
This does not apply to photographs or other photographs kept online securely, nor does it apply to invoices/receipts etc which need to keep, legally, for a period of 6 years.
If you wish the photographs to be destroyed/deleted then I will do this also. It is YOUR responsibility to ensure you have backups.
I do not use any software to automatically process your biometric data – i.e. I don’t use facial recognition facilities that can be found in the major editing applications.
Requesting Copies of Personal data
If you wish to request a copy or your personal data please contact us using the contact details on the website. There is no charge for this (unless I believe the request is manifestly unfounded or excessive and then you will be charged a fee commensurate with the time taken for us to process your request) and will get the information to you, in a form you can use, within 28 days.
Right to Erasure
If you wish for your personal data to be deleted permanently then please contact us.
You will need to provide me suitable and verified identification, such as –
• Copy of passport showing passport photograph page
• Copy of Drivers Licence
• Utility Bill showing home address that matches your driver’s license
• Date of event
I will NOT be able to delete data that is under 7 years old due to HMRC rules. For example, this will include contract’s, invoices etc.
Deletion is permanent. Your photographs will be permanently deleted once you have proven your identification sufficiently. They will be deleted from all my archive hard drives, from my laptop/desktop IT systems, from any cloud-based storage system, from my website and from the online gallery.
Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text/banner/image links to other websites.)
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should, therefore, note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are customs to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy URLs.
Users are advised to take caution and good judgement before clicking any shortened URLs published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine URLs are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
Resources & Further Information
• Data Protection Act 1998
• Privacy and Electronic Communications Regulations 2003
• Privacy and Electronic Communications Regulations 2003 – The Guide