CaptureLight Privacy Policy
Hello and welcome to one of the legally necessary bits of my site!
You’ve arrived here either;
- by accident,
- because you’re nosy and you just wanted to check that the link worked,
- you’re another photographer looking for a policy to plagiarise or
- you actually care about your data privacy following the introduction GDPR and all the frantic media coverage.
If you are here by accident and you really don’t know what GDPR stands for then you’re in for an educational treat! GDPR stands for….. Do you know what? No one cares what it stands for, all we care about is what it’s meant to achieve. It is meant to ensure that I adequately control any written info you give me like how many sugars you have in your ‘healthy’ green tea (really? That many?), you have a fetish for whipped cream and the fact that you’re a secret Justin Bieber fan. In fact what it did achieve was to create mass hysteria within an entire industry of small businesses who happen to work with people’s faces. No one is quite sure if someone’s face is actually personal data. Not even the people who wrote the legislation, so what hope do I have?
Still, while that particular point is being, confirmed, I need to show willing and be compliant. Please read on, enjoy, inwardly digest and cogitate on CaptureLight Limited’s GDPR compliant privacy policy:
Lets get Cookies out of the way first
This site uses cookies. Cookies are not biscuits! Biscuits are biscuits. Cookies are some American contrivance to confuse people or, in this case they are small text files that are placed on your computer to help this site run better and, in the words of the salesman, “provide a better user experience”. In general, cookies are used to retain your preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. Apparently, cookies will make your browsing experience better, however, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. If you don’t know how to do that then have a gander at the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.
Personal data I collect
I collect:
- your name so I don’t confuse you with other clients and so I have something to call you other than oi! (which never really sounds that professional).
- your email address so I can communicate with you,
- your phone number so that, perish the thought, I can actually talk to you,
- your address so I know where to send my invoice and
- photographic representations of your facial features because that’s what you’ve paid me to do. The rumours that taking your photograph also removes your soul are, as yet, unproven. However, as the ‘spiritual or immaterial energy of a human being’ isn’t specifically mentioned then it probably falls outwith the scope of GDPR anyway
All of this is necessary for me to do my job.
How I collect and keep your personal data
My master plan for installing bugging devices in every smartphone failed to achieve the required level of investment from the Dragon’s Den so I’m limited to using the contact form on my website, which sends a message automagitechnically to my email inbox. This has a password that contains, at least eight characters, one uppercase letter, one lowercase letter, one numerical digit and one Special character (~`!@#$%^&*()+=_-{}[]|:;”’?/<>,.), it isn’t my birthday, doesn’t include the word ‘password’ and, to top it all off, I haven’t told anyone what it is either.
Before that happens I have paid an inordinate amount of money to ensure that my actual website is secure. Firstly I use a trusted and reliable UK based hosting company, TSO Host who use lots of technical equipment and software to ensure that their servers are robust and secure. Secondly, I have forked out even more dosh to add a SSL certificate to the hosting package. This means you can even write down your Mother’s maiden name and it can’t be viewed by anyone. If you’re really techie you can check that the web address starts with https:// rather than the grossly inferior and, frankly worthless http:// .
If you do decide to work with me your email will be retained in my email history which is held by Apple Mail (hopefully one of the biggest computer companies in the world know a bit about security (then again……!?). My email account is accessible on 3 password protected computers and my iPhone. I would love to say that I have a super efficient client database, but I’m really not that organised. However, I do use the software of two external companies where some of your data may be stored.
Firstly I use Kashflow to record and control my accounts. Kashflow is an online accountancy program and I use it to record my purchases and raise invoices for my clients. I sincerely hope that this company takes data security seriously as they connect directly to my bank account. So if I’m happy with them, then so should you. However if you want to read about their data protection details then a very long and boring description can be found here.
Secondly, I use Shootproof to host my client’s Image Galleries. Shootproof is an American based provider of e-commerce gallery and image proofing services. Despite being American they have remembered their roots and ensured that their service is fully compliant with GDPR. Further details of how they comply can be found here.
When purchasing images from your Image Gallery you will be required to add some personal as well as payment details. To be blunt, if you don’t give your payment details you don’t get the image! I’d love to do this for free, but my Bank Manager might object. Email addresses of clients are retained by Shootproof for the duration that I provide your online galleries.
If you order prints or other non-virtual products your information will be sent to Loxley Printing Laboratory. Loxley is one of the most respected print houses in the UK. They will complete your order and send it directly to you. If they don’t have your details they can’t send you your stunning work of wall art. Their Privacy Policy can be found here.
I take images containing your personal face data using a camera (duh!) and are initially stored on 2 SD Cards within the camera itself. Without these, there isn’t much point in taking them in the first place. If the photoshoot is on location then the images will be transferred immediately (via tether cable) to my password protected laptop. In turn, the files are then duplicated onto an encrypted, rugged portable hard drive. This seems overkill but ensures the security of the images in case of equipment failure. In the event that I am away from my studio overnight then the rugged drive is stored in a compartment in my locked vehicle and the laptop and SD Cards are kept with me in my accommodation.
If the photoshoot is in the studio then the same system applies with the exception that the files are transferred to a desktop computer within the studio rather than the laptop. Each evening these images are backed up to a remote hard drive in my house. You might be surprised to find out that my house is securely locked when we’re not there and when we go to bed. This is despite the fact that we live in quite a nice neighbourhood with a low crime rate.
All my computers are continuously backed up to a cloud-based service, Code 42 Crashplan. This ensures that I can recover any images should something utterly disastrous happen to my camera, the SD Cards, the hard drives, the rugged drive, the local backup, my studio and my house! To be honest, if all that lot goes belly up I may have more things on my mind than the images. Code 42 is another one of those American companies that recognise the importance of its heritage and is GDPR compliant. You can read about it here.
Once I have confirmed that the images exist in all these locations then I will format and reuse the SD Cards thereby erasing the original image files.
If you enquire but don’t book me (yeah right! as if that’ll happen!), your details and message will be deleted as if you didn’t exist and I promise to forget that our paths ever crossed.
Commenting on Blog Posts
I have a blog on my website where I occasionally babble on about things that I find interesting. I open these posts, rather riskily, to comments. If you decide to comment on it, remember that the WWW stands for ‘worldwide’ web i.e. it’s public, everyone can see it, so don’t write down your personal credit card details, mothers maiden name or what you did with the marmalade and lettuce in the bedroom last night.
If my warped babbling really interests you then, firstly you need to seek help and secondly, you can subscribe. This means adding your email to a list with other deranged people. This is stored in the same website with the aforementioned https do-hicky. The commenting is controlled by a WordPress plugin and I ensure that it is regularly updated to maintain security.
The right to access, confirm, correct and erase
Being serious for a moment, I do need to know stuff about you to work with you. If you do have any questions about how your personal data is handled, you only have to ask. You can send me an email or give me a call and I will happily explain it all, in writing if you like. I’m perfectly happy to show you all the information I have on you. You may be surprised to find out that it will be exactly the stuff you’ve already told me. This is mainly because I am a photographer and not a member of the security services nor a clairvoyant. If some of the information is wrong, you have the right, and it would be a good idea, to correct it. Neither of us wants me to keep ringing that Chinese Takeaway instead of your business or sending your images to the wrong email address.
If, for some reason, you’d like to fully close your account with me in a manner of speaking, just let me know and I can totally erase you like you never existed to me. If you do want me to delete all your personal data let’s wait till after we’ve finished the photoshoot otherwise it will get awfully difficult to organise things.
How I use your data
To summarise; I’m not a strange, stalking, data hoarding weirdo that will spam you or sell your data to Mongolian slave traders. I will definitely use your email to email you about your photoshoot or related images. If I like you and there’s something related to your images that I think may be of benefit, like a discount coupon for prints, I might email you that too. If we actually interacted as two humans rather than just client and supplier and there is something completely unrelated to your images but pertinent to something we had a conversation about, such as the name of that song that was bugging us but we couldn’t remember the artist, I may well email you about that too. I won’t give your details out to anyone else, without your consent.
I also won’t be plaguing you lots of newsletters, even if you do subscribe. Mainly because I, frankly, don’t have time to produce that many.
During the consultation, we will complete a questionnaire. Assuming I don’t lose it on the way back to the studio it will be placed on my desk and I will refer to it, in a panic, tens minutes before you arrive for your shoot (just kidding). I will use it to help plan the shoot and we may refer to it during the day, but it never gets recorded onto the computer, just stored in a filing cabinet in the office.
During your shoot I might ask you for some details for a blog post, you don’t have to tell me anything, but what you do tell me may be included in a blog feature. I would, therefore suggest that you don’t give me your bank card PIN or anything you wouldn’t want your Granny to read. Any and all information I request from you is entirely voluntary really.
I tend to photograph business people or performers that actively seek exposure. Because of this potential customers might be interested in your images and may wish to contact you. I would not pass on any information without your consent unless it is already in the public domain such as your website. If you were hired as a result of this I would expect a sticky bun or two as a thank you.
How I use your Personal Face Data (images)
GDPR is very vague when it comes to your photographs. Other than saying, for working photographers, we need to demonstrate reasonable and legitimate use. As the Photographer I own the copyright to all the images I take which, in theory, means I can anything I like with them. However, in practice, GDPR has now ‘muddied’ that clarity. Regardless I will not use your images for anything that we haven’t discussed and agreed upon in advance. I promise you that you won’t, one day walk past a billboard and be surprised to see your face advertising pile cream (Unless you’re a model and getting paid for it).
If a third party does approach me asking me to buy one of your photos, I will email you about it.
I do use my client’s images to help me promote my own business and improve my skills such as show my work on Facebook, Instagram and my own website. If you chose to work with me it’s probably because you saw images of previous clients on these sites or in my brochure. At the consultation I will ask you to opt into this in my contract, however, you can always decide to tell me to shove it and keep your images private. I do respect that some people don’t want to be on the Internet even if that is not considered normal these days.
Very occasionally I submit images into The Guild of Photographers monthly competition. This serves two purposes, firstly it helps keep my ego inflated when I win awards and secondly it helps me refine my skills when I don’t. Normally I will use photos you’ve already given permission for on my own website.
And finally
GDPR requires me to just be a nice human being and look after my clients’ information and there’s nothing wrong with that, so I promise to do my best.