Privacy Policy

The summary

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

In order to do my job and to allow me to maintain this website, I need to collect and/or store certain pieces of personal data.  I never collect or store more data than I need, and I never sell it to any third party.  I treat the data I collect and store with care, and ensure it is stored securely and only for as long as I require it.  I will tell anyone who asks exactly what data I have stored about them, and I will do so promptly and accurately.  I will remove any data from my systems that you would rather I don’t store as far as practicable, but if doing so might have implications for how I can do the job you’ve contracted me to do (if relevant), I will inform you of any consequences of this, so you can make an informed decision about such a request.  All data is stored and/or processed in a GDPR-compliant manner.

For any queries about my privacy policy or the data I collect or store, just email me at studio@lauraellenphotography.co.uk.

The full version

Website Visitors

The only data involved in your interaction with my website if you simply visit and browse the website, but never actually get in contact through it, are what are known as cookies.  And when a website uses cookies, it must have a Cookie Policy. Here’s mine, and if you fall into this category, you can read it and move on to look at some of my pretty photos.  The rest of my privacy policy only applies if you actually get in touch in some way.

Cookie Policy

I actually have two cookie policies.  The more exciting one being “eat as many cookies in a day as possible”.  But everyone has that policy, right?  The less exciting but more important one for you to know about relates to cookies used by this website.  These cookies are inedible (sadly) and are used to allow my website to work properly and to allow me monitor the usage of the website.

The cookies my website uses are of three types:

Statistical cookies

Statistical cookies – these allow me to identify the most and least popular pages, distinguish new visitors from returning visitors (anonymously), see when pages are visited, from what browsers or devices, and for how long.  I use Google Analytics to gather those statistics and Google take their GDPR commitments seriously.  These cookies don’t identify you personally, but should you wish to opt out of Google Analytics you can install this plugin in your web browser.  There are 3 such cookies used – two of them are session cookies, which mean they are removed once you leave the site (and allow my analytics figure out, for instance, that you were looking via an iPhone in Safari or a Windows 10 PC in Chrome), and one is a persistant cookie which lives on your computer for 2 years once it’s created (so my analytics can figure out “oh, it’s her again” as opposed to “here’s someone who’s never been here before”).

Marketing cookies

Marketing cookies – part of the Google Analytics service is something called the Google pixel.  It’s a small file that allows Google to serve up ads that I might run with Google Ads to people who have previously visited my website.  On the basis that if you visit my website, and I then run an ad for something, there’s a chance you’ll be interested in it. Have you ever looked at buying a robot dog on Amazon and then noticed you keep seeing ads on other websites for robot dogs for the next week?  Well that’s how this works. It’s not as creepy as it seems (“hey, how do they know I want a robot dog?”) but what’s important for you to know here is that I don’t run ads on Google, so I don’t put this technology to use.  It just comes bundled as part of Google Analytics.  Again if you wish to opt out of Google Analytics you can install this plugin in your web browser.  Facebook also has a pixel but I don’t use that currently.  It’s for the same purpose, but for Facebook ads. If I ever start using it I’ll state so clearly here.  And when NextBigSocialMediaChannel comes along, they might have a pixel and run ads, so I’ll also tell you about that if it ever is something I use.  But right now, while there’s that one Google pixel cookie created, I don’t use any of them. Oh, and it’s also a session cookie so it is removed once you leave the website.  It also only works if you’re logged into Google, so if it creeps you out, only log into Google when you need to.

Functional/technical cookies

Functional/technical cookies – these are cookies that, essentially, allow the site to work.  For instance to give you the best layout of the site, the website needs to know if you’re looking on a tablet or a mobile phone or a desktop etc.  And rather than check this continually, it does so once and stores that file on your PC, and then just uses that file as you go from page to page to give you the optimal view of the website.  There are two such cookies, both of them session cookies, so they are removed once you leave the website.  The other types of cookies are those which figure out if you are someone who is logged into the website or not.  Now this is not Facebook, or a site where people get logins, so the only person affected by those cookies is me – the person who updates the website (something I have to log in to do). But because the website needs to allow me to log in (and stay logged in) it does create a cookie for everyone to note if anyone is logged in.  These are persistent cookies, and there are three of them.

If you’re bothered by the cookies, you might want to research how to delete them, or how to block them.  Just remember if you block them you might find the website doesn’t look so great because that blocks all of them, even the functional cookies that allow the site to work.  And I promise they’re not evil.

People Who Make Contact With Me

If you make contact with me, that contact, initiated by you, will inevitably provide me with some of your personal data.  It may be as simple as your name and email address. You may give me a phone number. You may tell me a little bit about your wedding, or your family or an event you are planning.  My privacy policy sets out how I use that data, in accordance with GDPR.

How I store and process data from people who make contact with me

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Lawful basis for collecting/storing the data

My lawful basis for collecting and storing this data is legitimate interests – i.e. it is in the interest of my business to store the data required to allow me to communicate with you in response to your initial communication.  I will only ever contact you back to deal with your enquiry and any follow up.  Once we have concluded that discussion, I will never cold call or send you a marketing email about anything that’s not directly to do with your initial enquiry, unless you progress to being a client.

Data retention policy

I retain contact details for people who’ve enquired in a number of places based on where the enquiry came from.  All prospective clients details are added to a client management system called 17Hats which itself is GDPR-compliant.  I log it there to be able to track the performance of by business from year-to-year. The original message may also remain accessible in my Gmail account, or my iCloud/Whatsapp/Facebook/Instagram account, or as a listing in my phone’s call history. All devices that have access to such accounts are password protected. The detail of your enquiry is retained for as long as is necessary to ensure we no longer need to make contact.  Beyond that, I anonymize your details so I can continue to track the performance of my business.

Third parties

What data breach procedures we have in place

If you wish to know what data I have stored related to you, send me email with your name and the subject GDPR request to studio@lauraellenphotography.co.uk and I’ll reply to you promptly.

Clients

In order to perform my job for clients, I will be required to collect and store additional personal data, not least the photographs themselves, but also family details, names (and sometimes ages) of third parties, and other data. My privacy policy sets out how I use that data, in accordance with GDPR.

How I store and process data from clients

Lawful basis for collecting/storing the data

My lawful basis for collecting and storing this data is contractual obligation – i.e. in order to fulfil my contractual obligation to my clients I am required to collect and store that data to allow me to complete the shoot and deliver the final product(s).  I will only ever contact you in relation to your photoshoot, be it in the future or the past, where we have not fully closed out all details of the contract.  Under the lawful basis of legitimate interests, from time to time I will contact former wedding clients who have not yet ordered a wedding album, and who have not expressed a desire to NOT order a wedding album, to enquire if they wish to select their photos for an album.  Where clients request me to no longer contact them about an album I will cease doing so.

Data retention policy

Use of your images

Photographs which include people in an identifiable manner are classed as personal data under GDPR. They also, therefore, fall under the remit of this privacy policy.  There are four distinct uses of the images beyond the supply of the final product to you (album or USB card).

Online storage of images

Blog and social media use of images

Website portfolio

Awards programmes

If you are a former/future client and wish to know what data I have stored related to you, send me email with your name and the subject GDPR request to studio@lauraellenphotography.co.uk. If you previously consented to my use of your images for blog/social media use and wish to withdraw that consent, you can do so by sending me an email with your name and the subject Consent withdrawal to studio@lauraellenphotography.co.uk. In both cases I’ll reply to you promptly.

Guests at Weddings

My style of wedding photography involves photographing everything related to the wedding day – not just the bride(s) and/or groom(s). This requires me to photograph wedding guests, but equally because I market myself as such a photographer; it requires me to show photographs of people other than my clients.

My policy regarding photographs of guests

My style of wedding photography involves photographing everything related to the wedding day – not just the bride(s) and/or groom(s). This requires me to photograph wedding guests, but equally because I market myself as such a photographer; it requires me to show photographs of people other than my clients.

If you wish to discuss my use of an image of you as a wedding guest, send me email with your name and the subject Wedding guest image use to studio@lauraellenphotography.co.uk and I’ll reply to you promptly.

Other Wedding Suppliers

From time to time I will collect and store the contact details and business details of fellow wedding suppliers.  My privacy policy sets out how I use that data in accordance with GDPR.

How I store and process details of fellow suppliers

If you are a wedding supplier and wish to discuss what data I hold about you, or to discuss my use of an image of you, send me email with your name and the subject Wedding supplier GDPR to studio@lauraellenphotography.co.uk and I’ll reply to you promptly.

This policy was last updated on Wednesday 9th July 2019. The current version of this policy is v1.0.  To receive a PDF copy of this policy email studio@lauraellenphotography.co.uk with the subject Privacy Policy PDF request.