Privacy Policy
Introduction
Andy Le Gresley Photography Limited (“ALGP”) is a company incorporated in Jersey (No:118330), with its Registered Office at L’Ecurie, La Rue de la Ville au Bas, St Lawrence, Jersey, JE3 1EW.
ALGP is committed to being fully compliant with the General Data Protection Act (GDPR) and the Data Protection (Jersey) Law 2018. We understand the importance of protecting your data and and your privacy therefore we take great care considering how your personal data is used, stored and shared. Your personal data will be collected and used for the purpose of this business only, but always taking into consideration our obligations under the law and your rights in relation to the personal data that we hold. This Privacy Notice will outline how we collect, use and disclose your personal data so please take care to read it carefully.
Definitions and Interpretation
In this Privacy Notice, the following terms shall have the following meanings:
“personal data” means any and all information that relates to and identifies a living individual and that you have given to ALGP. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”);
“we / us / our” means ALGP
“you / your / client” means the client or anyone engaged with any service provided by ALGP.
Who we are
Andy Le Gresley Photography Limited provides photography services to individuals and commercial entities across a number of sectors, including but not limited to, wedding photography, commercial photography and landscape photography.
We handle personal data exclusively to enable us to provide photography services to our clients and for the effective running of our business.
Our Data Protection Coordinator is Susan Le Gresley and can be contacted by email at susan@andylegresley.com, telephone on 07797788085 or by post at L’Ecurie, La Rue de la Ville au Bas. St Lawrence, Jersey, JE3 1EW
How do we Collect your Data?
Your personal data is collected in a number of ways as follows:
- From the information you provide us with when you enquire via email, telephone or our website contact form
- From the information you provide us with during meetings
- From the information you provide us with when entering into a contract with us
- When you communicate with us electronically, by post or by telephone
- The images we take of you when providing our photography services
- From publicly available sources
- When you interact with our website we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our Cookie Policy for further details.
- We may receive personal data about you from third parties (including for example, providers of web analysis services) who may also use cookies, over which we have not control. These cookies are likely to be analytical/performance cookies or targeting cookies. For example our website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies (text files placed on your computer) to help website operators analyse how users use the site.
What data do we collect?
We may collect some or all of the following personal and non-personal data:
- Name
- Address
- Email address
- Telephone numbers
- Business or Company name
- Job title
- Profession
- Financial Information such as bank account details
- Your preferences and requirements in relation to the photography services we are providing
- Images taken when engaging in our photography services
- Our website will not store any identifying information of your visit on your computer apart from a small text file called a cookie, which in itself doesn’t contain any identifying information. See our Cookie Policy for further details on cookies.
- Depending on the configuration of your browser, the pages and images you view on our website may be stored on your computer. This is known as caching.
- We may collect information about your visit to our website including the date and time, site response times, downloads, errors, page visit time length, route to our website from other websites including the address of the other sites, or route to our website from search engine links including the search engine address and the search term used.
- Other technical information such as your internet protocol (IP) address, the browser type and version with plug-in types and version, the type of computer or device you use to access our website and the operating system and internet services providers utilised and other similar information
All data collected is the minimum required to successfully carry out the photography services provided to our clients.
How Do We Use Your Data?
Our use of personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of personal data (e.g. by subscribing to emails or by requesting our services), or because it is in our legitimate interests. In general your data may be used in the following ways:
- So that we can supply you with our products and services (please note that we require your personal data in order to enter into a contract with you)
- So that we can personalise and tailor our products and services for you and your experience within those services
- Replying to emails and enquiries from you;
- Supplying you with emails that you have opted in to (you may unsubscribe or opt-out at any time by following an opt out link in the email, or by emailing our Data Protection Coordinator at susan@andylegresley.com)
- Market research
- Specifically to personal data in the form of images, we may publish images for commercial or promotional purposes on, for example, social media, blog posts, print publications or on the company’s website, but we will obtain your specific consent for this first.
- With your permission and and/or where permitted by law, for customer relationship management or marketing purposes, we may contact you by email and/or telephone and/or text message and/or post with information, news and offers on our services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003
- Technical data collected regarding your visit to our website, is used to improve our website and content for users and their devices.
How long will the data be stored for?
When we collect or process your personal data, we will only keep it for as long as it is necessary for the purpose for which it was collected or as required by law and any relevant authorities. At the end of this retention period, your data will either be deleted or anonymised so that it can be used in a non-identifiable way for example for statistical analysis and planning.
Please see below some examples of our customer data retention periods following termination of a relationship with an organisation or individual:
- Communications including Emails, Calendar entries and contact details - 7 years
- Financial data and transactions - 7yrs
- Contracts - 7 years
- Images and image bank – in perpetuity unless asked to delete.
Where Do We Store Your Data?
Your personal data will only be held on safeguarded applications and by organisations that are GDPR compliant:
- We use Googlemail for all of our email correspondence. Please see https://cloud.google.com/security/gdpr/ Our back up system for all email correspondence and data is Apple iCloud. Please see https://www.apple.com/legal/privacy/en-ww/
- Your image data may be stored within servers administered by Zenfolio. https://zenfolio.com/privacypolicy and within servers administered by Albumexposure. https://albumexposure.com/privacy and within servers administered by WeTransfer https://wetransfer.com/legal/privacy
- Webreality administers and hosts our website on their Webreality AWS infrastructure, so any enquiries sent via the website, which include personal data, will be stored on their servers. https://www.webreality.co.uk/privacy-policy/
- We use Quickbooks for our financial data and some of your personal contact details: See https://quickbooks.intuit.com/uk/gdpr/
- For clients purchasing images or prints via the website, we do not collect or store any financial or credit card details ourselves. Any payments are made via Paypal, who act on our behalf in this respect. Please see their Privacy Policy https://www.paypal.com/en/webapps/mpp/ua/privacy-full
Data Security
Data security is very important to us. To protect your data we have taken suitable measures to safeguard and secure it as follows:
- All devices that have potential access to your data are password protected, including desktop computers, laptops, mobiles and tablets.
- As mentioned above, your personal data will only be held on safeguarded applications and by organisations that are GDPR compliant.
- We limit access to your personal data to only those agents, contractors and other third parties who have a business need to know. They will only process your data on our instructions.
- We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Do We Share Your Data?
We may share your data with others, but only with your express permission to do so.
We may sometimes contract with third parties within the EEA to supply products and services to you on our behalf. This may include payment processing, delivery of goods, outsourcing, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
Any personal data handled by us will not be transferred or distributed outside the EEA, without your express permission. If a client asks that personal data we process on their behalf be transferred outside the EEA, we cannot guarantee that your privacy rights are adequately protected as this is the responsibility of the client as data controller.
In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal requirements, a court order, or a governmental authority.
Our website may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements, content or security. When you leave our website, we encourage you to read the privacy notice of every website you visit.
What are your rights in relation to your personal data?
The following is an overview of your rights under the GDPR. You have the right to:
- Be informed about our collection and use of personal data;
- Request access to the personal data we hold about you or your employees;
- The correction of your personal data if any that we hold about you or your employees is inaccurate or incomplete;
- Request the deletion of any personal data we hold about you or your employees in specific circumstances, for example when you withdraw your consent or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end. (Please note we hold some personal data as images in our secure files until or unless we are asked to delete them.) If you would like any of your personal data deleted, whether it be in image form or otherwise, please contact us using the details in the Contact section of this policy. Please note that deletion of certain personal data, such as imagery, may negatively impact the services we can provide.
- Restrict the processing of your personal data in specific circumstances. Please note that we are still able to keep your information, but we won’t use your data in the future in the way that you have restricted it;
- Request a copy of the personal data we hold of you to transfer to another service or organisation;
- To object to us using personal data for particular purposes; and
- Ask for a review by a Director of any decision that was made based solely on automatic processing of your data, and to ask us to carry out regular checks to ensure any profiling processes are being carried out as they should be.
How can you make a complaint?
If you have any cause for complaint about our use of your personal data, please contact our Data Protection Coordinator either by post, by email at susan@andylegresley.com or by phone on +441534 631093. We will then investigate the matter thoroughly and will do our best to resolve the problem for you.
If you are unhappy with our response or you need further advice, you should contact the Office of the Information Commissioner. Their up to date contact details can be found on their website:
https://oicjersey.org/contact-us/
Our Contact Details
If you have any questions about any of the subjects covered within this Privacy Notice, please contact:
Data Protection Coordinator
Andy Le Gresley Photography Limited
L’Ecurie
La Rue de la Ville au Bas
St Lawrence
Jersey JE3 1EW
Email: susan@andylegresley.com
Telephone: +44 1534 631093
If you do not accept and agree with this Privacy Notice, you must contact susan@andylegresley.com and any personal data we hold for you will be deleted.
Changes to Our Privacy Policy
Any changes that we make to this Privacy Notice will be posted on this page. Please check this page at regular intervals to ensure that you are aware of updates or changes.
We reserve the right to notify any users of our services of any major change to our policies by email, except for users that have elected to opt out of communications from us.