GDPR Statement - Shaun Roster Photography

GDPR AND PRIVACY POLICY for SHAUN ROSTER PHOTOGRAPHY

Shaun Roster Photography is committed to safeguarding and preserving the privacy of our visitors. This privacy policy explains what happens to any personal data that you provide to us in the operation of our business, or that we collect from you whilst you visit our site.

Shaun Roster Photography is owned and operated by Shaun Roster., providing photographic services throughout the UK and overseas to meet a range of clients, primarily in the Marine Environment. I can be contacted using the Contact Form via the link at the top of this page.

This Privacy Policy is for the website www.shaunroster.com and governs the privacy of its visitors as well as the business of Shaun Roster Photography. It explains how I comply with the EU's GDPR legislation and the DPA.

COLLECTING YOUR DATA

Shaun Roster Photography will only collect Data that is provided by you or agents acting on your behalf. Shaun Roster Photography may collect your Data in a number of ways, for example; contacting us through our website, by telephone, post, e-mail or through any other means and when you use our services, in each case, in accordance with this privacy policy.

Data collected through this website is via the contact page. The form collects name, email address and message. Enquires sent using the form are sent to shaun@shaunroster.com hosted by Google Mail. The account is secured using two-factor authentication and by using the contact form you agree that Shaun Roster Photography can contact you in relation to your enquiry. This website is hosted by SmugMug and their privacy policy can be through a link at the bottom of this page.

OUR USE OF YOUR DATA

Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons: internal record keeping, improvement of our products and services, transmission by email of marketing materials that may be of interest to you and contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the website, in each case, in accordance with this privacy policy.

We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed “Your rights” below).

BUSINESS DATA

I hold the minimum of business data necessary to operate the business taking care to ensure that this data is treated securely. All data is stored electronically and dependant upon the type of contact made may include:

Emails and contact information - Emails and contacts are stored electronically across password protected devices.

Accounting information - invoices, estimates, and statements are secured electronically and password protected.

Media - All content shot in undertaking a commission is stored and catalogued by filename based on date and content, on a password-protected desktop computer, laptop and external drive. Clients may at their request, receive a link to file-sharing services such as Dropbox or WeTransfer where content is required to be shared by the client.

Metadata - Where required images are stored with embedded information in the form of a generic caption describing the occasion. Names of the subject are included in the metadata where relevant and in gathering such information, consent is agreed. The metadata remains within the file and travels with the image if it is passed to further locations.

Consent Forms - Consent forms are provided by the commissioning agent and describe the intent for the images' use. Such forms would require name, address, age and contact details. Forms are either passed to the commissioning agent on-site or digitally scanned, shared with the agents' digital controller and then shredded.

EVENTS AND LEGITIMATE INTEREST

Guests at events may appear in images taken by Shaun Roster Photography as part of the recording of the event. In such instances, attendees are photographed within GDPR 'legitimate interests' guidelines. The taking of photographs, when viewed as a form of processing personal data, is necessary for the legitimate interest of the photography business, unless there is a good reason to protect an individual's personal data which supersedes the legitimate interest claim. Clients are requested where possible to minimise any potential risk by making clear that photography will be taking place, either verbally or visually, thereby allowing attendees the opportunity of making it known that they do not wish to be photographed.

THIRD PARTIES

In the day to day operation of the business Shaun Roster Photography may use third-party services, such as those listed below, with their respective GDPR policies:

Dropbox - https://www.dropbox.com/en_GB/security/GDPR

WeTransfer - https://wetransfer.zendesk.com/hc/en-us/categories/201270873-Security-Privacy

YOUR RIGHTS

GDPR provides the following rights for individuals:

The right to be informed

The right of access

The right to rectification

The right to erasure

The right to restrict processing

The right to data portability T

he right to object Rights in relation to automated decision making and profiling

If you wish to exercise your rights you can email me at shaun@shaunroster.com

INFORMATION COMMISSIONER'S OFFICE (ICO)

You have the right to lodge a complaint about our handling of your personal data with the supervisory authority, which in the UK is the Information Commissioner's Office. You can contact the ICO on 0303 1231113