Data Privacy
Autumn House Photography (otherwise known as AHP) is owned and
directed by:

   Jon Webster
   24 Claymar Drive
   Newhall
   Swadlincote
   Derbyshire
   DE11 0LF

Under the terms of the General Data Protection Regulations (2018), Jon
Webster is the data controller, responsible for personal data (information
relating to identifiable living individuals) collected or obtained by or
through operation of the business.


Principles of Data Protection

The principles of the GDPR (2018) are that personal data
shall:
1. Be held only with the specific consent of the subject, such
request for consent being simple to understand and clearly
explaining the purpose for which the data is being collected.
2. Be permanently and promptly erased if the subject
withdraws their consent (the ‘right to be forgotten’).
3. Be available to the subject upon request, in a common
electronic format (Data Portability).
4. Be obtained for a specified and lawful purpose and not
processed in any manner incompatible with that purpose, or
against the subject’s legal and human rights.
5. Be adequate, relevant and not excessive for the purpose
for which it was collected (Privacy by Default).
6. Be accurate, complete and up-to-date, but not kept for
longer than absolutely necessary (Privacy by Design).
7. Be kept secure from unauthorised or unlawful access or
processing, and protected against accidental loss or
damage by appropriate technical and procedural measures.
8. Not be transferred to a country or territory outside the European
Economic Area (EEA), unless that country or territory ensures an
adequate level of protection for the rights and freedoms of personal data
at least equivalent to that of the EEA.

Personal Data held by AHP

Photographs

1. It is an obvious but unstated contractual requirement when booking our
services as a professional photographer that we shall record both private
and public images of Clients, their friends and their relations.

2. Digital images are retained indefinately on at least two different
storage media, subject to failure of the media. We expect the storage life
of the media to be not less than 10 years.

3. As stated in our Terms and Conditions, we may use a small selection
of digital images for publicity purposes, publishing them on our 'gallery'
or blog. Such images are low resolution, and watermarked. Digital
images are not otherwise shared or transmitted, either on- or off-line.
Clients may identified by their forenames, but surnames are never given.
Full resolution images are NOT accessible online.

4. Complete image galleries created for friends and family to view/buy
prints are protected by password access. Only the client can distribute
the password.

5. The client has the right to request removal of their images, or any
reference to them, from our gallery, blog or website.

6. The client has the right to have ALL of their personal photographs
deleted permanently from main and backup storage.

Personal Details

1. Clients must provide basic contact information (i.e. name, address,
phone number, email) as a contractual requirement when booking our
services, or making a purchase.

2. We retain client contact details indefinately for the business record,
but do not process or share them, and they are not available online.

3. AHP do not hold financial details of our clients. If making an online
payment through our website, your payment card details are handled
externally by PayPal using secure server technology. AHP only receive
basic contact details as a record of the transaction, and such data is not
processed or shared.

4. The Client has the right to request deletion of their contact information
from our records, providing that this does not conflict with our legal
obligations as a business.

Website

The AHP website does not automatically capture or store personal
information, other than logging of the user's IP address, and session
information such as the duration of the visit and the type of browser used.
This information is held by Google Analytics, and is only used to provide
statistics to AHP on performance of the website.

Social Media

1. AHP may share links to a blog or gallery entry on social media, to
publicise the blog or gallery entry. We not post images directly on social
media without seeking express permission from the client.

2. The client has the right to have such links removed from social media.

Soft Data Security

AHP use up-to-date computer equipment, and the latest anti-malware, to
keep electronic data secure. No material is directly available online
unless deliberately placed there as a business process.

Hard Data Security

Printed documents (e.g. booking forms) are retained under close control,
and are only accessible to individuals involved in operation of the
business.


Request to View Personal Data

1. Clients can make a written request to the Data Controller to view
Personal Data relating to them held by AHP.

2. Viewing of client photographs held by AHP may incur a labour charge
where the photographs are held only as digital negatives, or held on
archival media.