Privacy Policy
Who am I?
Welcome to my privacy page. I am Siorna Ashby, a professional portrait photographer in North London, and my website address is: http://www.siornaphotography.com. I am registered with the Information Commissioner’s Office (ICO) with the ICO number ZA706974.
Your rights under the GDPR
Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows:
-
Right to be informed about the collection and use of your personal data.
-
Right to access your personal data, and any supplementary information which constitutes personal data.
-
Right to have your personal data rectified; this means you can ask me to correct your personal data if it changes, turns out to be inaccurate, or is incomplete.
-
Right to have your personal data deleted; this means that you have the right to request the deletion or removal of your personal data. There are some circumstances when you do not have this right.
-
Right to restrict me processing your personal data.
-
Right to data portability.
-
Right to object to me processing your personal data.
-
Rights related to automated decision making, including profiling.
Most of these rights will apply to your personal data and how it is processed, but some, such as rights related to automated decision making including profiling, are not relevant to this business at the time of writing.
If you want to know more about your rights, please click here. For other information relating to data protection legislation, please visit the ICO website directly.
The data I collect, how I use it and why
Client details
I use personal data, provided directly and voluntarily to me by clients, for two purposes. The first is to carry out my contractual obligations. This means that it is information I need to do my job. This personal data includes: names, addresses, email addresses, phone numbers, and further information which I need to complete your photography requirements. I take these details via a Google email account, texts, phone, and clients also reach out via Instagram and Facebook messenger. I have an online shop where customers can buy gift vouchers, and I collect personal details to fulfil the transaction and provide a service to my customers.
The second purpose is for me to analyse and understand the behaviour of my clients to assist me in relation to sales and marketing exercises. For example, to better understand where you heard about me and whether or not you choose to book me. This is a legitimate interest and a reasonable expectation that most people would have about a business. I collect personal data into and perform this analysis using simple spreadsheets.
Email addresses for gallery login, gift vouchers and photography guides
To deliver images to clients, I make use of a gallery and proofing service: Pixieset Media Inc.
When clients share their galleries with friends and family, they will need to enter their email address to gain access to Pixieset, with the email address acting as a login. This allows users privacy, the ability to create favourite lists, leave comments, and share images effectively. For further information about how Pixieset collects and processes personal data please visit the Pixieset website.
To deliver gift vouchers, orders, and product guides purchased on my website, I collect an email during the purchase pathway.
Cookies and website visitor tracking
Like most websites, I receive and store certain details whenever you use the siornaphotography website. I use “cookies” to help make the site – and the way you might use it – better. Cookies mean that a website will remember you. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. I also make use of a plugin that enables me to defend against malicious attacks, which uses a cookie to understand whether you are a genuine user or a robot.
I use Google Analytics to understand visitors to my website. The cookie collects information in a way that does not directly identify anyone. These services help me understand who my audiences are so that I can better market and tailor my business services. They include demographic and interests reports. You can read more about how Google uses your Personal Information here: Google Privacy If you wish to opt out from Google Analytics you can do so from this page: Google Opt Out
I use Facebook Pixel to help me know when one of my adverts, or my facebook business page, has led someone to my website. This helps me understand if my advertising has worked. I also use their audience function to support my small business. The collected data is still anonymous to me. However the data is saved and collected by Facebook in accordance to Facebook’s data policy. To opt out of this service you can receive help from this page: Facebook Opt Out.
Website comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment. If you leave a comment, the comment and its metadata are retained indefinitely. This is so the website can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
Embedded content from other websites
Although I only aim to include quality, safe and relevant external links on my blog, users are advised to adopt a policy of caution before clicking any external web link. Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
More Detailed Information
If you want to contact me with questions about your personal data, wish to exercise any of your rights, or ask me further detailed questions, please use the contact email: [email protected].
Sensitive Data
As part of my photography services, I may process sensitive personal data, particularly related to images of your body, including but not limited to nude, semi-nude, and intimate photographs. Under the GDPR, this type of data is classified as “special category data,” and I take every precaution to protect it with the highest level of confidentiality and security.
Consent for Processing Sensitive Data
By booking a photoshoot with Siorna Photography, you explicitly consent to the processing of your sensitive data, specifically the images captured during your session. This consent is necessary for the completion of the photoshoot and for any subsequent use of the images, as outlined in this policy.
How I Use Your Sensitive Data:
Your sensitive data is collected and processed for the purpose of fulfilling our contract, which includes conducting the photoshoot, providing image delivery, and any further requested services such as print or digital product creation. Additionally, images may be used in a non-identifiable manner for promotional and marketing purposes, but only with your explicit consent.
How I Protect Your Sensitive Data:
I take every measure to protect your sensitive data. All photographs, especially those containing sensitive personal data, are stored securely and are only accessible to authorized personnel. All digital files, including images of sensitive data, are stored with encryption to prevent unauthorized access.
Withdrawal of Consent:
You have the right to withdraw your consent for the use of sensitive data at any time. If you no longer wish for your images to be used for marketing or any other purpose, you may contact me directly via email at [email protected], and I will take appropriate action to remove or anonymize your images in accordance with your wishes.
No Mandatory Disclosure of Sensitive Data:
You are not required to provide any sensitive data (e.g., revealing nudity or semi-nude poses) if you do not feel comfortable. The nature of your photoshoot is entirely based on your comfort level, and you have the right to request non-nude or more modest poses at any time. I am committed to making sure your session is empowering, respectful, and aligns with your personal boundaries.
Sharing information with third parties
Other than those third parties mentioned in this Notice and listed below, siornphotography will not pass your personal data to any third party without your consent.
Your personal data may, subject to my obligations to comply with data protection legislation, be shared with the following third parties:
- Pixieset Media Inc., as further described above;
- ‘Second photographers’,‘Hair and Makup Artists’ or ‘Associate photographers’ who join me on shoots and need information to be able to do their job;
- I may share personal data with the ICO, and other legal, regulatory, and law enforcement bodies.
- Backblaze business backup solution (data stored encrypted). Please see the Backblaze privacy webpage
- Vultr host my website. Please see the Vultr GDPR webpage
- From time to time I use Dropbox and WeTransfer for quick file sharing or storage, please see the Dropbox privacy website and WeTransfer website
- WooCommerce, an online shop platform connected to my website to fulfil orders. Please see the WooCommerce privacy webpage
- Stripe payment gateway, allowing customers to pay with a credit card on my online shop. please see Stripe’s privacy website
- 17 hats CRM system and google mail are used to communicate and organise my client workflow, please see 17 hats for their privacy policy on their website
- In anonymised form, I may share personal data with:
- Data aggregators and platform providers as part of an analysis of user metrics or sales performance (including but not limited to Google and Facebook).
Printing Lab and Digital Labs
As part of providing high-quality print services, Siorna Photography works with a trusted printing partner, Digital Labs, to produce prints, albums, and other products ordered through my services. Please be assured that the images sent to Digital Labs are encrypted during transfer to ensure their security.
Storage and Retention by Digital Labs:
Digital Labs stores images uploaded to their website only for 28 days. After this time period, images are automatically deleted from their system. For further details on how Digital Labs handles your personal data and images, you can review their privacy policy.
In certain circumstances I may also share your personal data with third party media businesses for the purposes of marketing my offerings, improving my services, and running a profitable business. These third party businesses may include, magazines and news publications, photography websites, social media sites, or other outlets, with the aim of raising public awareness of my business.
You can opt out of targeted advertising by:
FACEBOOK – https://www.facebook.com/settings/?tab=ads
GOOGLE – https://www.google.com/settings/ads/anonymous
Security, storage and data retention
store your personal data in the EEA and with services who have GDPR policies, such as Google Mail and Vultr. I retain full details of your personal data for as long as it takes to complete your photography requirements. Photographs from a photoshoot are kept for 3-6 months after the shoot. I email clients to inform them when their images are being taken down from the gallery and offer them the option to add more favourites. If I don’t hear back from a client, I delete any images that were not purchased and retain the purchased images in long-term encrypted storage.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. All transactions are processed through a gateway provider (PayPal or Stripe) and are not stored or processed on our servers. Siorna Photography cannot see your payment information.
Your right to withdraw consent
In accordance with GDPR regulations, clients have several options regarding image display. While it benefits me to show new, regular, and exemplary work via this site or corresponding social media channels, and/or to share these images with hiring agencies, it is recognised that certain clients may prefer limitations on this sharing.
Therefore, clients have the right to request any of the following:
-
Anonymised accompanying text
-
Accompanying text using initials only
-
Online photograph samples showing unidentifiable images only
-
Online photograph samples showing non-people images (details only)
-
Or to fully request that no online images be shared
In addition, clients may request in writing that identifiable and commissioned images be erased from online sources at any future point in time. Any image data will be used appropriately and with consent via written agreement.
Your right to lodge a complaint
As well as the right to withdraw consent and exercise any of the above rights, you also have the right to raise a complaint with a regulatory body. In the United Kingdom, this is the Information Commissioner’s Office (ICO). If you have concerns about the way your data is being processed, you can find out more here: ICO Complaints.