Privacy Policy

Your privacy matters.

This page explains how your personal data and images are handled when you work with me. Photography can involve sensitive information, and I take that responsibility seriously. Everything here is designed to support a respectful, secure, and consent-led experience.

Who am I? 

Welcome to my privacy page. I am Siorna Ashby, a professional portrait photographer in North London.
My website address is: http://www.siornaphotography.com

I am registered with the Information Commissioner’s Office (ICO).
ICO registration number: ZA706974

Your rights under the GDPR

Under the GDPR, you have the following rights in relation to your personal data:

  • The right to be informed about the collection and use of your personal data

  • The right to access your personal data

  • The right to have inaccurate or incomplete data rectified

  • The right to request deletion of your personal data (subject to legal limits)

  • The right to restrict processing

  • The right to data portability

  • The right to object to processing

  • Rights relating to automated decision-making and profiling

Some rights may not apply in practice to this business (for example, automated decision-making), but all applicable rights are respected.

For further information, please visit the ICO website.

The data I collect, how I use it, and why

Client details

I collect personal data provided directly and voluntarily by clients in order to:

  1. Fulfil contractual obligations
    This includes names, addresses, email addresses, phone numbers, and relevant session information required to deliver photography services. Data is collected via email, phone, text message, Instagram, Facebook Messenger, and my website shop (for gift vouchers and purchases).

  2. Understand and improve my business
    I may analyse anonymised or aggregated client data (for example, how clients found me or booking patterns) to support sales and marketing decisions. This is processed as a legitimate business interest and uses simple internal tools such as spreadsheets.

Gallery access, email addresses, and naming practices

To deliver images to clients, I use a professional gallery and proofing service: Pixieset Media Inc.

Pixieset provides password-protected, private client galleries with configurable access controls. Galleries are not publicly indexed and are only accessible via a private link. While Pixieset uses industry-standard security measures and GDPR-aligned data processing practices, no online platform can guarantee absolute security. Clients are encouraged to keep gallery links private and protect access to their own devices and email accounts.

When galleries are shared with friends or family, viewers may be asked to enter an email address to access the gallery. This enables features such as favourites, comments, and controlled sharing. Pixieset’s own privacy practices are available via their website.

To support delivery and organisation, I may include your first name in gallery titles or file names. These identifiers are not indexed by search engines and are only accessible via your private gallery link.

To deliver gift vouchers, digital products, or guides purchased through my website, an email address is collected during checkout.

Preview images and contact sheets

As part of the image selection process, I may provide low-resolution contact sheets or small PDF previews to allow you to view and select images, sometimes ahead of or during a video consultation. These previews are for short-term viewing only and are not final image deliveries.

I delete preview files from my email systems and file-sharing platforms once selections are complete. Clients are encouraged to delete any preview files from their own email accounts or devices after selection, as these files are not intended for long-term storage or sharing.

Video consultations and screen sharing.

I may use Google Meet to conduct video consultations, including image selection sessions where photographs are viewed via on-screen sharing. These sessions are not recorded, and no images or personal data are stored as a result of the call itself.

Google Meet processes limited technical data (such as connection information) in order to provide the video call service. Google maintains its own privacy policies, available on its website.

Final purchased images are delivered separately via secure gallery or download methods.

Cookies and website visitor tracking

My website uses cookies to improve functionality and user experience. Cookies do not collect personal information.

I use:

  • Google Analytics to understand website usage (data is anonymised)

  • Facebook Pixel to understand advertising performance

These tools help me improve my services. You can opt out via:

Security plugins may also use cookies to distinguish genuine users from automated traffic.

Website comments

When visitors leave comments, the data shown in the comment form, IP address, and browser information are collected for spam prevention.

If you use Gravatar, an anonymised hash of your email address may be shared with that service. Approved comments and metadata are retained indefinitely to enable moderation and continuity.

Embedded content from other websites

Articles may include embedded content (videos, images, posts). Embedded content behaves as if you visited the external site directly and may collect data, use cookies, or track interactions according to that site’s policies.

Sensitive (special category) data

My work may involve special category personal data, including images of the body such as nude or semi-nude photographs.

This data is processed only for the purpose of delivering the services you have requested and is handled with the highest level of confidentiality and care.

Consent and control

By booking a session, you consent to the processing of this data for delivery of the photoshoot and related services. Consent is ongoing and may be withdrawn at any time.

You are never required to disclose or photograph any level of nudity you are uncomfortable with. Your session is always shaped around your boundaries.

Protection measures

All images are stored securely using encrypted systems and are only accessible to authorised parties.

Withdrawal of consent

You may withdraw consent for marketing, publication, or other secondary uses at any time by contacting me. I will act promptly in line with your wishes and GDPR obligations.

Sharing information with third parties

I do not share personal data with third parties unless necessary to deliver services or comply with legal obligations.

Trusted third parties may include:

  • Pixieset Media Inc. (gallery delivery)

  • Second photographers, hair and makeup artists, or associate photographers involved in your session

  • Legal or regulatory bodies (including the ICO)

  • Backblaze (encrypted backups)

  • Vultr (website hosting)

  • Dropbox / WeTransfer (temporary file sharing)

  • WooCommerce (online shop)

  • Stripe (payment processing)

  • 17hats CRM and Google Mail (client communication and organisation)

Where third-party services are used, they each maintain their own privacy policies, which are available on their respective websites.

In anonymised form, data may be shared with analytics providers such as Google or Meta.

No client images are ever shared for marketing, publicity, or media use without separate, explicit written consent.

Printing labs

Print products are fulfilled by Digital Labs, a trusted professional lab. Images are encrypted during transfer and are automatically deleted from their system after 28 days.

Security, storage, and retention

Personal data is stored within the EEA using GDPR-compliant services.

Payment details are processed securely by external providers and are never stored by me.

Retention periods

  • Client records: retained as required for service delivery and legal obligations

  • Shoot images: minimum 6 months

  • Contact sheets: up to 2 years

  • Purchased images: retained long-term for client convenience

  • Portfolio images: retained indefinitely where explicit consent has been given

You may request earlier deletion at any time.

Your right to withdraw consent

You may request:

  • anonymised captions

  • initials only

  • unidentifiable images

  • details-only images

  • or no sharing at all

You may also request removal of images from online platforms at any time.

Your right to lodge a complaint

If you have concerns, you may contact me directly or lodge a complaint with the ICO.

Artificial Intelligence

All images © Siorna Photography.
No permission is granted for dataset creation, AI training, machine learning, or generative AI use. Any such use is explicitly prohibited.

Contact me