Privacy Policy

Who am I?

Welcome to my privacy page. I am Siorna Ashby, a professional portrait photographer in north London and my website address is: I am registered with the Information Commissioner’s Office with the ICO number ZA706974.

Your rights under the GDPR

Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows:

  • Right to be informed about the collection and use of your personal data.
  • Right to access your personal data, and any supplementary information which constitutes personal data.
  • Right to have your personal data rectified; this means you can ask me to correct your personal data if it changes, turns out to be inaccurate, or is incomplete.
  • Right to have your personal data deleted; this means that you have the right to request the deletion or removal of your personal data. There are some circumstances when you do not have this right.
  • Right to restrict me processing your personal data.
  • Right to data portability.
  • Right to object to me processing your personal data.
  • Rights related to automated decision making including profiling.

Most of these Rights will apply to your personal data and how it is processed, but some, such as rights related to automated decision making including profiling, are not relevant to this business at the time of writing.

If you want to know more about your rights, please click here. For other information relating to data protection legislation, please visit the ICO website directly.

The data I collect, how I use it and why

Client details

I use personal data, provided directly and voluntarily to me by clients, for two purposes. The first is to carry out my contractual obligations. This means that it is information I need to do my job. This personal data includes: names, addresses, email addresses, phone numbers and further information which I need to complete your photography requirements. I take these details via a google email account, texts and phone. Clients also reach out via Instagram and Facebook messenger. I have an online shop where customers can buy gift vouchers. I take personal details to fulfil the transaction and provide a service to my customers.

The second purpose is for me to analyse and understand behaviour of my clients to assist me in relation to sales and marketing exercises. For example, to better understand where you heard about me and whether or not you choose to book me. This is a legitimate interest and a reasonable expectation that most people would have about a business. I collect personal data into and perform this analysis using simple spreadsheets.

Email addresses for gallery login, gift vouchers and photography guides

To deliver images to clients, I make use of a gallery and proofing service: Pixieset Media Inc. When clients share their galleries with friends and family, they will need to enter their email address to gain access to Pixieset, with the email address acting as a login. This allows users privacy and to create favourite lists, leave comments and also share images effectively. For further information about how Pixieset collects and processes personal data please visit the Pixieset website.

To deliver gift vouchers, orders and product guides purchased on my website I collect an email during the purchase pathway.

Cookies and website visitor tracking

Like most websites, I receive and store certain details whenever you use the siornaphotography website. I use “cookies” to help make the site – and the way you might use it – better. Cookies mean that a website will remember you. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. I also make use of a plugin that enables me to defend against malicious attacks, which uses a cookie to understand whether you are a genuine user or a robot.

I use Google Analytics to understand visitors to my website. The cookie collects information in a way that does not directly identify anyone. These services help me understand who my audiences are so that I can better market and tailor my business services. They include demographic and interests reports. You can read more about how Google uses your Personal Information here: Google Privacy If you wish to opt out from Google Analytics you can do so from this page: Google Opt Out

I use Facebook Pixel to help me know when one of my adverts, or my facebook business page, has led someone to my website. This helps me understand if my advertising has worked. I also use their audience function to support my small business. The collected data is still anonymous to me. However the data is saved and collected by Facebook in accordance to Facebook’s data policy. To opt out of this service you can receive help from this page: Facebook Opt Out.

Website comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment. If you leave a comment, the comment and its metadata are retained indefinitely. This is so the website can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

Embedded content from other websites

Although I only aim to include quality, safe and relevant external links on my blog, users are advised to adopt a policy of caution before clicking any external web link. Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

More detailed information

If you want to contact me with questions about your personal data, wish to exercise any of your rights, or ask me further detailed questions, please use the contact button at the bottom of this page to be directed to my email.

Sharing information with third parties

Other than those third parties mentioned in this Notice and listed below, siornphotography will not pass your personal data to any third party without your consent.

Your personal data may, subject to my obligations to comply with data protection legislation, be shared with the following third parties:

  • Pixieset Media Inc., as further described above;
  • ‘Second photographers’ or ‘Associate photographers’ who join me on shoots and need information to be able to do their job;
  • Having taken precautions to maintain the security of such personal data, I may in certain circumstances share personal data with the ICO, and other legal, regulatory and law enforcement bodies;
  • Backblaze business back up solution. Please see the Backblaze privacy webpage
  • Vultr host my website. Please see the Vultr GDPR webpage
  • From time to time I use Dropbox and WeTransfer for quick file sharing or storage, please see the Dropbox privacy website and WeTransfer website
  • WooCommerce, an online shop platform connected to my website to fulfil orders. Please see the WooCommerce privacy webpage
  • Stripe payment gateway, allowing customers to pay with a credit card on my online shop. please see Stripe’s privacy website
  • 17 hats CRM system and google mail are used to communicate and organise my client workflow, please see 17 hats for their privacy policy on their website 
  • In anonymised form, I may share personal data with:
    • Data aggregators and platform providers as part of an analysis of user metrics or sales performance (including but not limited to Google and Facebook).

In certain circumstances I may also share your personal data with third party media businesses for the purposes of marketing my offerings, improving my services, and running a profitable business. These third party businesses may include, magazines and news publications, photography websites, social media sites, or other outlets, with the aim of raising public awareness of my business.

You can opt out of targeted advertising by:



Security, storage and data retention

I store your personal data in the EEA and with services who have GDPR policies such as Googlemail and Vultr. I retain full details of your personal data for as long as it takes to complete your photography requirements. When you place an order through the Site, Siorna Photography will maintain your Order Information for my records unless and until you ask me to delete this information. Please note that all copyright of the photographs is owned absolutely by Siorna Photography within the provision of the Copyright, Design and Patents Act 1988. If you would like Siorna Photography to delete your personal data, you have the right to request me to do so. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. All transactions are processed through a gateway provider (PayPal or Stripe) and are not stored or processed on our servers. Siorna Photography cannot see your payment information.

Your right to withdraw consent

In accordance with GDPR regulations, clients have several options where it comes to image display. While it benefits me to be able to show new, regular and exemplary work via this site or corresponding social media channels, and/or to share these images with hiring new agencies. It is recognised that certain clients may benefit from limitations on this sharing.
Therefore clients have the right to request any of the following: anonymised accompanying text; accompanying text to use initials of names only; online photograph samples showing unidentifiable images only; online photograph samples showing non-people images (details only); or to fully request no online images to be shared.
In addition, clients may request in writing that identifiable and commissioned images be erased from online sources at any future point in time. Any image data will be used appropriately and with consent (your contract).

Your right to lodge a complaint

As well as the right to withdraw consent and exercise any of the above rights mentioned under ‘Your rights under the GDPR’, you also have the right to raise a complaint with a regulatory body. In the United Kingdom, this is the Information Commissioner’s Office (ICO). If you have concerns about the way your data is being processed by an organisation, you can find out more here.