If you haven’t heard of GDPR then I can only assume you’re reading this on a stone tablet carved in recognition of my awesomeness. I’m fairly sure it stands for Generating Depression in Photographers Regularly. What’s it about? It’s about how we store your personal data and what we do with it. It can be broken down into the following:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- The right not to be subject to automated decision-making including profiling.
Personal Data we collect
The short answer to what data we collect is: as little as possible.
Really. I want to take awesome photos not create books about what your favourite restaurant is or who your Aunt was seen stepping out with.
I collect your name. It’s helpful because starting ‘oi, mate!’ in an email doesn’t come across quite as professionally or personally as ‘Dear Susie’ (if your name isn’t Susie, obviously I wouldn’t address you as such. Though I might have to if you don’t consent to me storing your name)
I will also collect any phone numbers, email and postal address that you supply to me. These help me to get in contact with you about work I am doing with you. Shouting ‘oi mate’ out the window in the hope you’ll hear it is even less professional than composing an email to you in such a manner.
How we collect and store your personal data
Usually you give it to me. You’ll have phoned, emailed or contacted me through my website or through meeting me while shooting for someone else. This gives me a legitimate business interest, I’m told.
Occasionally I’ll be passed your contact details by someone you know who has approached me with something like ‘oh my mate Dave wants some photos, he said to pass his details to you’. This can apply even if your name isn’t Dave. It’s not as common, but it happens. If you’ve told someone they can pass me your details to get in touch, I assume that means you want me to get in touch.
My website does not intentionally harvest your details. Google Analytics allows me to keep track of visitors and I believe that Google uses your IP address to do this, but it’s Google, they’ve got to be GDPR compliant right?! I certainly have no interest in your IP address and I’m not technically savvy enough to connect it with anything so it would be pointless storing it even if I could find it. I take photos, I don’t work for Mi6.
All information you supply is held in three places:
On my desktop computer hard drive, which is protected with a very strong password.
On my Phone, this is protected by Apple’s proprietary fingerprint scanner and passcode. If the FBI can’t crack into an iPhone I think that’s got to be fairly safe.
On Dropbox as an encrypted backup. Dropbox is fully GDPR compliant, read here: https://www.dropbox.com/en_GB/security/GDPR
How I store your likeness
GDPR is still all a bit fuzzy about what a photograph of you constitutes in terms of personal data. One thing it does say is we need to demonstrate reasonable and legitimate use. I’m fairly sure if you ask me to take a photograph of you, it’s reasonable and legitimate use to store that photograph of you. On my system your name will be associated with your likeness, because it’s going to be a bit tricky to find you on the system otherwise. If I had only one client this wouldn’t be necessary, but then if I only had one client neither would this website or the dirge that I’m having to type out here. Just be assured that I’m a nice bloke, all I want to do is make you uber happy with some awesome images and hope you’ll want more in the future. Your likeness is stored in exactly the same way as your information. If you’re employing my services to photograph products I probably won’t even have a likeness of you unless you accidentally walk into shot, which will be deleted as a ‘whoopsie’.
How I use your likeness
I may use your likeness in my promotional material such as (but not limited to) my website, the Book of Faces and the Gram of Insta. It’s quite hard to show people you’re good at taking photos if you don’t show them any photos. This will be covered in our contract and you have the right to request that they not be used, in which case they won’t. You also have the right to ask me to remove them later, if you do, I will. This has always been the case because I want you to be happy, not because some bureaucrat in Brussels has developed another million-page piece of legislation that tells me I should.
Rights of Confirmation, access, rectification and erasure
Yes I’ve tried to make this whole policy a bit light hearted. I have a proper serious one if you want, it’s written by legal people and spells out pretty much the same thing it’s just even more painful to work through than my sense of humour. If you want to read it, drop an email over. I don’t believe even Lawyers can want to read the legal stuff they write, in fact I think most of it is written precisely so people don’t read it properly, but if you do have questions about how your personal data is kept or processed with DaVincent Photography, drop me a line, get in touch and we can discuss it like super friendly people. You can ask me what information I hold on you, ask me to show you it, ask me to correct it (I encourage this, turning up at the wrong address is never a good or professional look) or ask me to delete it!
Of course if you haven’t paid your invoice and ask me to delete it so you can do a runner, I’ll point out that it’s a legitimate business interest to retain it until you have, so none of that shenanigans thank you, you little trickster.
www.davince.net apparently uses 3 cookies, all of which are part of Google Analytics, which enable me to know how many people visit my site and from which country they come from. If it could do it without cookies I’d prefer it if it did, because it’s just another headache to tell you about in here.
The cookies this site uses are:
Google Analytics: _gat, _gid, _ga