Privacy Policy

I understand the importance of your privacy and I totally respect the privacy of everyone that visits my website. It is very important for me that you know exactly how and why I collect, process and store your personal data. I will only collect, process and store your personal data in the ways that have been outlined here in my privacy policy, and in a manner that is consistent with my obligations and your rights under the law.

I have kept my privacy policy as short and straightforward as possible, so if there is anything that you don’t understand, or if you have any questions, please contact me using the contact form at the bottom of this page.

This Notice explains how James Malkin Photography complies with the DPA, GDPR and PECR.

1. Identity and contact information

This Privacy Notice (“Notice”) is provided by James Malkin trading as James Malkin Photography (“me”, or “I”), of 35 All Saints Drive, North Wootton, King’s Lynn, Norfolk PE30 3RX. It covers your rights in relation to the Data Protection Act 1998 (“DPA”), the General Data Protection Regulation (“GDPR”) and the Privacy and Electronic Communications Regulations (“PECR”).

James Malkin Photography is both the controller and processor of all personal data collected.

Date this Notice was created: 3rd May 2018

Date this Notice was last modified: 3rd May 2018

2. Compliance declaration

Both James Malkin Photography and this website, https://www.jmalkinphotography.co.uk, comply with the DPA, GDPR and PECR. The GDPR comes into effect on the 25th May 2018. This Notice is updated whenever changes are made to relevant data protection legislation.

3. Your rights under the GDPR

Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows:

  • Right to be informed about the collection and use of your personal data.
  • Right to access your personal data, and any supplementary information which constitutes personal data.
  • Right to have your personal data rectified; this means you can ask me to correct your personal data if it changes, turns out to be inaccurate, or is incomplete.
  • Right to have your personal data deleted; this means that you have the right to request the deletion or removal of your personal data. There are some circumstances when you do not have this right.
  • Right to restrict me from processing your personal data.
  • Right to data portability.
  • Right to object to me processing your personal data.
  • Rights related to automated decision making including profiling.

Most of these Rights will apply to your personal data and how it is processed by James Malkin Photography, but some (such as the right to data portability and rights related to automated decision making including profiling) are not relevant to this business at the time of writing.

If you want to know more about your rights, please click here. For other information relating to data protection legislation, please visit the ICO website directly.

4. The data I collect, how I use it and why

Cookies and website visitor tracking

When using this website, you have the choice of accepting or refusing cookies. Cookies are small files installed on your browser device that allow websites like this, and many others, to find out more about your browsing behaviour. For James Malkin Photography, the purpose of using cookies is to better understand visitor demographics to this site so that future improvements can be made.

This website makes use of cookies, most notably the ones relating to Google Analytics. I also make use of a plugin that enables me to defend against malicious attacks, which uses a cookie to understand whether you are a genuine user or a robot.

The lawful basis for the use of these cookies is your given consent. Since the 1st of May 2018, this website has made use of a Cookie Notice that actively seeks confirmation of your acceptance or denial to the use of cookies, such as the ones listed above.

Client contact information

I use personal data, provided directly and voluntarily to me by clients, for two purposes. The first is to carry out my contractual obligations. This means that it’s information I need to do my job. This personal data includes (but is not limited to) names, addresses, email addresses, phone numbers and wedding information including (but not limited to) venue, date, time and number of guests.

The second purpose is for me to analyse and understand behaviour of my clients to assist me in relation to sales and marketing exercises. For example, to better understand where you heard about me and whether or not you choose to book me. This is a legitimate interest and a reasonable expectation that most people would have about a business. All personal data that I collect is stored within a safe and secure, GDPR compliant, contact management system called Studio Ninja. This is a cloud based system that allows me to keep track of upcoming jobs, emails and invoicing. For further information please view their privacy policy.

Email addresses for gallery login

To deliver images to clients, I make use of a gallery and proofing service: Pixieset Media Inc. When clients share their galleries with friends and family, they will need to enter their email address to gain access to Pixieset, with the email address acting as a login. This allows users to create favourite lists, leave comments and also share images effectively. For further information about how Pixieset collects and processes personal data please visit the Pixieset website https://pixieset.com/privacy/

Mailing lists

At the time of writing, I do not currently engage in email marketing, but in the future, I may make use of mailing lists to help market my business. Any new mailing lists created from this point, will be populated with personal data collected from you on the basis of explicit consent for this single purpose.

More detailed information

If you want to contact me with questions about your personal data, wish to exercise any of your rights or ask me further detailed questions, please use the contact form at the bottom of this page.

5. Sharing information with third parties

Other than those third parties mentioned in this Notice and listed below, James Malkin Photography shall not pass your personal data to any other third parties.

Your personal data may, subject to my obligations to comply with data protection legislation, be shared with the following third parties:

Pixieset Media Inc, as further described above;
Studio Ninja software for client management;
Second photographers/videographers who join me on wedding shoots and need information to be able to do their job;
Having taken precautions to maintain the security of such personal data, I may in certain circumstances share personal data with the ICO, and other legal, regulatory and law enforcement bodies;
In anonymised form, I may share personal data with:
Any third party, in relation to the sale of some or all of my business, or its assets, or as part of any business restructuring or reorganisation. I will take steps with the aim of ensuring that your rights continue to be protected if your personal data is transferred in accordance with this clause; and
Data aggregators and platform providers as part of an analysis of user metrics or sales performance (including but not limited to Google and Facebook).
I may also share your personal data with third party media businesses for the purposes of marketing my offerings, improving my services, and running a profitable business. These third party businesses may include, wedding magazines/publications, wedding websites, social media sites, or other outlets, with the aim of raising public awareness of my business.

6. Security, storage and data retention

James Malkin Photography stores your personal data in the EEA and James Malkin Photography retains full details of your personal data for as long as it takes to complete your photography requirements. I will delete your personal data six years after completion of your photography requirements (I am obliged to keep a 6 year record of works carried out for my HMRC tax records), but you retain the right for your personal data to be deleted before this point which can be exercised by submitting a formal request for deletion via email.

7. Clients And Guests Captured In Photos

Under GDPR legislation, a photograph may in some instances constitute a form of personal data where they can be processed to allow “the unique identification or authentication of a natural person”. James Malkin Photography will never photograph an individual as a means of unique identification or authentication unless consensually contracted to do so. Guests at weddings appear in photos taken by James Malkin Photography as a part of the visual recording of the event in photos. Guests captured in portraits or in group photos do so as part of the event and their rights are protected by James Malkin Photography as detailed in this privacy policy.

In terms of explicit GDPR compliance, Wedding clients and guests are photographed within the parameters of GDPR legislation on the basis of ‘legitimate interests’. The taking of photographs of wedding guests when viewed as a form of processing personal data is necessary for the legitimate interests of James Malkin Photography as a photography business unless there is a good reason to protect a given individual’s personal data which overrides those legitimate interests.

Operating within the parameters of legitimate interests as laid out in GDPR legislation, the disproportionate effort involved in providing privacy policy information to all wedding guests at the event and the degree to which it would distract me from performing my job renders it infeasible to do. Wedding clients are therefore requested in their contract to direct their guests to read this privacy policy in advance of the event and to advise them to contact me in advance with any concerns around the processing of their personal data, namely being photographed.

8. Storage of images.

All images taken by James Malkin Photography will be stored securely on encrypted hard drives within my password protected home office computer. Where cloud technology is used for storage backup, the provider will be vetted to ensure they comply with the relevant regulations on data privacy and data security. Below shows an up to date list of any cloud technology that I am currently using.

  • Pixieset Media Inc. – Used for my client proofing galleries.
  • Siteground – Images used throughout my website galleries and blogs.

9. Social Media Policy And Usage

I adopt a safe and responsible Social Media Policy. While I may have official profiles on social media platforms users are advised to verify the authenticity of such profiles before engaging with, or sharing information with such profiles. I will never ask for personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with me on social media.

10. Your consent

By using this site and/or engaging me on my Terms and Conditions, you agree to be bound by this Notice.

11. Your right to withdraw consent

You have the right to withdraw your consent to be bound by this Notice at any time. If you wish to do so, please use the contact form at the bottom of this page. You also have the right, as set out above, to withdraw your consent to me processing your personal data.

12. Your right to lodge a complaint

As well as the right to withdraw consent and exercise any of the above rights mentioned under ‘Your rights under the GDPR’, you also have the right to raise a complaint with a regulatory body. In the United Kingdom, this is the Information Commissioner’s Office (ICO). If you have concerns about the way your data is being processed by an organisation, you can find out more here.

Contact Me
contact@jmalkinphotography.co.uk