PRIVACY POLICY

WHO WE ARE

I’m a branding, headshot and event photographer and my name is Nicole Engelmann, but you can call me Nic, Nicole, ‘You with the camera’, whatever you need to. My website address is: https://www.nicoleengelmann-photography.com.

When ‘we’, ‘our’ or ‘us’ are mentioned in the text below I am referring to myself, Nicole Engelmann, AKA Nicole Engelmann Photography.

 

WHAT PERSONAL DATA WE COLLECT AND WHY WE COLLECT IT

Contact Forms

When you contact me I’ll need your email address to send you a response. I like to refer to people by their names so I’ll collect that too. I will ask for your mobile number so that if the internet gets turned off I can still contact you to shoot your event/take your headshots. If you book me to shoot your event/headshots/branding shots I’ll need your address for tax purposes as it will need to feature on your invoice. All of this information is necessary for me to do a good job as your photographer.

The Event Day Info Form

You will be sent this form about a month before your event and on the form I collect the following personal information:

  • Your names

  • Your email addresses

  • Your mobile numbers

  • The postal address where the event takes place

  • The date of your event

  • The names of the contact person(s) on the day (e.g. event planner)

Blog Comments

I love it when you leave comments on my blog. Then I know that people actually read my RAMBLINGS and hopefully find them helpful for their shoots and events. If you want to leave comments on the site, we collect the data shown in the comments form, and also your IP address and browser user agent string to help spam detection. No one likes spam.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Cookies

I love cookies. My favourite kind are soft and chewy, probably with white chocolate. But they exist on the internet in a far more boring form.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Embedded content from other websites

Sometime I post blogs which contain media from other websites (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

 

WHO WE SHARE YOUR DATA WITH

I need help to run this business, because I like things slick. So sometimes your data is shared with the following organisations:

Lightblue – This is my client management software. This is where I store all of my client information. They are GDPR compliant and here is their licence agreement.

Pixieset – This website hosts my client galleries, which is where you get to see all your photos for the first time. They will receive your name, your email address and all your photos. They need this information to be able to send you the link to your gallery. Here is their GDPR privacy policy.

Second photographers who join me to cover your event(s) and need information to be able to do their job.

 

HOW LONG WE RETAIN YOUR DATA

When you book me to take your photos I will store your photos for 3 years following your event/session on an hard drive in my house and a cloud based back up with Backblaze. I live in a secure house with one of them 5 lever mortice doors, my computer is password protected too and it's not my birthday date.

Your name, address, contact information and shoot/event details will be stored for 6 years following your wedding. This is so that I can send you your final images. I retain your email address so that we can keep in touch in case you have any further questions or would like to book me again. I will only send you marketing emails if you have signed up to them. I'm also obligded to keep records for 6 years for the big, scary HRMC people.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

 

WHAT RIGHTS YOU HAVE OVER YOUR DATA

If you have any questions or concerns about your data then don’t hesitate to drop me an email to info@nicoleengelmann-photography.com. I can show you what information I hold on you (which is only the stuff you have told me about). Ultimately you have the right of confirmation, access, rectification and erasure. If you want me to delete all of your data I would recommend that we do this AFTER your shoot/event, and after I have delivered your images. Just drop me an email to info@nicoleengelmann-photography.com and I will delete everything.

 

FINAL WORD

I take the security of personal data seriously. I’m not going to misuse or give your data away because I wouldn’t want people to mess around with mine.


Here is the version with all the legal speak that no one really wants to read through as it's drier than 2 weeks old toast...

 

1. IDENTITY AND CONTACT INFORMATION

This Privacy Notice (“Notice”) is provided by Nicole Engelmann trading as Nicole Engelmann Photography (“NEP”, “me”, or “I”).

Nicole Engelmann Photography

London, United Kingdom

Email: info@nicoleengelmann-photography.com

Website: www.nicoleengelmann-photography.com

 It covers your rights in relation to the Data Protection Act 1998 (“DPA”), the General Data Protection Regulation (“GDPR”) and the Privacy and Electronic Communications Regulations (“PECR”). This Notice also explains how Nicole Engelmann Photography complies with the DPA, GDPR and PECR as well.

NEP is both the controller and a processor of all personal data collected.

Date this Notice was created: 26th of April 2020

Date this Notice was last modified: 26th of April 2020

 

2. COMPLIANCE DECLARATION

Both NEP and this website, www.nicoleengelmann-photography.com, comply with the DPA, GDPR and PECR. The GDPR comes into effect on the 25th May 2018. This Notice is updated whenever changes are made to relevant data protection legislation.

 

3. YOUR RIGHTS UNDER THE GDPR

Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows:

  • Right to be informed about the collection and use of your personal data.

  • Right to access your personal data, and any supplementary information which constitutes personal data.

  • Right to have your personal data rectified; this means you can ask me to correct your personal data if it changes, turns out to be inaccurate, or is incomplete.

  • Right to have your personal data deleted; this means that you have the right to request the deletion or removal of your personal data. There are some circumstances when you do not have this right.

  • Right to restrict me processing your personal data.

  • Right to data portability.

  • Right to object to me processing your personal data.

  • Rights related to automated decision making including profiling.

Most of these Rights will apply to your personal data and how it is processed by NEP, but some (such as the right to data portability and rights related to automated decision making including profiling) are not relevant to this business at the time of writing.

If you want to know more about your rights, please click here. For other information relating to data protection legislation, please visit the ICO website directly.

 

4. THE DATA I COLLECT, HOW I USE IT AND WHY

Cookies and website visitor tracking

When using this website, you have the choice to agree to or decline cookies. Cookies are small files installed on your browser device that allow websites like this, and many others, to find out more about your browsing behaviour. For NEP, the purpose of using cookies is to better understand visitor demographics to this site so that improvements can be made, as well as informing marketing and sales strategies in the future.

This website makes use of several cookies, most notably ones relating to Google Analytics and Facebook Pixel. I also make use of a plugin that enables me to defend against malicious attacks, which uses a cookie to understand whether you are a genuine user or a robot.

The lawful basis for the use of these cookies is your given consent. Since April 2018, this website has made use of a Cookie Notice that actively seeks confirmation of your acceptance or denial to the use of cookies, such as the ones listed above. 

Client contact information

I use personal data, provided directly and voluntarily to me by clients, for two purposes. The first is to carry out my contractual obligations. This means that it’s information I need to do my job. This personal data includes, names, addresses, email addresses, phone numbers and further information which I need to complete your photography requirements.

The second purpose is for me to analyse and understand behaviour of my clients to assist me in relation to sales and marketing exercises. For example, to better understand where you heard about me and whether or not you choose to book me. This is a legitimate interest and a reasonable expectation that most people would have about a business. I collect personal data into and perform this analysis using simple spreadsheets.

Email addresses for gallery login

To deliver images to clients, I make use of a gallery and proofing service: Pic Time Media Inc. When clients share their galleries with friends and family, they will need to enter their email address to gain access to Pic Time, with the email address acting as a login. This allows users to create favourite lists, leave comments and also share images effectively. This is also necessary for the ordering of prints. For further information about how Pic Time collects and processes personal data please visit the Pic Time website.

Mailing lists

From time to time, I make use of mailing lists to help market my business. As of April 2018, I have deleted all personal data relating to mailing lists that are no longer relevant and precede GDPR coming into force. New mailing lists created from this point, will be populated with personal data collected from you on the basis of explicit consent for this single purpose.

More detailed information

If you want to contact me with questions about your personal data, wish to exercise any of your rights or ask me further detailed questions, please use the contact form at the bottom of this page.

 

5. SHARING INFORMATION WITH THIRD PARTIES

Other than those third parties mentioned in this Notice and listed below, NEP shall not pass your personal data to any third party.

Your personal data may, subject to my obligations to comply with data protection legislation, be shared with the following third parties:

  • Pixieset Media Inc., as further described above;

  • Light Blue, CRM software for contract and invoice management;

  • Second photographers who join me on wedding shoots and need information to be able to do their job;

  • Having taken precautions to maintain the security of such personal data, I may in certain circumstances share personal data with the ICO, and other legal, regulatory and law enforcement bodies;

  • In anonymised form, I may share personal data with:

    • Any third party, in relation to the sale of some or all of my business, or its assets, or as part of any business restructuring or reorganisation. I will take steps with the aim of ensuring that your rights continue to be protected if your personal data is transferred in accordance with this clause; and

    • Data aggregators and platform providers as part of an analysis of user metrics or sales performance (including but not limited to Google and Facebook).

In certain circumstances I may also share your personal data with third party media businesses for the purposes of marketing my offerings, improving my services, and running a profitable business. These third party businesses may include, wedding magazines/publications, wedding websites, social media sites, or other outlets, with the aim of raising public awareness of my business.

 

6. SECURITY, STORAGE AND DATA RETENTION

NEP stores your personal data in the EEA and NEP retains full details of your personal data for as long as it takes to complete your photography requirements. I will delete your personal data six years after completion of your photography requirements. If you would like me to delete your personal data before this time, you have to right to request me to do so.

 

7. YOUR CONSENT

By using this site and/or engaging me on my Terms and Conditions, you agree to be bound by this Notice.

 

8. YOUR RIGHT TO WITHDRAW CONSENT

You have the right to withdraw your consent to be bound by this Notice at any time. If you wish to do so, please use the contact form at the bottom of this page. You also have the right, as set out above, to withdraw your consent to my processing your personal data.

 

9. YOUR RIGHT TO LODGE A COMPLAINT

As well as the right to withdraw consent and exercise any of the above rights mentioned under ‘Your rights under the GDPR’, you also have the right to raise a complaint with a regulatory body. In the United Kingdom, this is the Information Commissioner’s Office (ICO). If you have concerns about the way your data is being processed by an organisation, you can find out more here.