Who I am –‘I’, ‘me’, ‘my’, ‘we’, ‘us’, ‘our’
Jayne Lloyd is a professional photographer based in the UK. Jayne Lloyd collects data for the processing of enquiries, to keep you informed about her work and to carry out and deliver work to you. I only collect data that I need to run the business and only hold it for as long as I need it. I try to ensure my records are accurate but please get in touch if any details change, if you want to check what records I hold or if you would like anything removing. I take care to ensure your data is as secure as I can reasonably make it.
My website address is: https://www.jaynelloyd.co.uk
Definitions
The data protection declaration of Jayne Lloyd Photography is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). My data protection declaration should be legible and understandable for the general public, as well as my customers and business partners. To ensure this, I would like to first explain the terminology used.
In this data protection declaration, I use the following terms:
Personal data – any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject – any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient – a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of that data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent – Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Name and Contact of the controller
The controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Jayne Lloyd
Phone: (+44)7751233292
Email: jayne@jaynelloyd.co.uk
What information I collect, how I use it, how I keep it secure and how long I keep it for:
website – Comments
When visitors leave comments on the site I collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
website – Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
website – Cookies
If you leave a comment on the site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit the login page, a temporary cookie will be set to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, several cookies will also be set to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
This website uses Google Analytics as a web analytics service. Google is compliant with GDPR. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites, to evaluate the use of the website in online reports that show how people use our website.
Google Analytics places a cookie on the information technology system of the data subject. The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits to our website by the data subject. With each visit to our Internet site, such data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
website – External links and social media
This website contains links to external sites and social sharing buttons to help share web content directly from this website to the social media platform in question. Users are advised to use caution when using external websites and social media services and to review their Privacy Policies. Jayne Lloyd Photography cannot guarantee or verify the contents of any external platform.
website – Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
website – Who I share your data with
If you request a password reset, your IP address will be included in the reset email.
website – How long I retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), I also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
website – What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
website – Where your data is sent
Visitor comments may be checked through an automated spam detection service.
Contact, bookings and shoot information
I collect data in order to process enquiries for bookings or orders. This may include but is not limited to your name and contact details, shoot addresses and information required to complete the work to a professional standard. Any information provided by the data subject is submitted at their own discretion and provided at their own risk. Personal information is kept private and stored securely until a time at which it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort is made to keep personal information safe and secure.
I ensure all computer hardware, software and devices are up-to-date with all relevant updates. Portable hard drives used off-site have minimal personal information stored on them and have password protected encryption. Devices are secured with alpha-numeric passwords and fingerprint unlocking where possible.
Any paper documents containing personal data such as contracts and release forms are stored in a locked filing cabinet to which only I, Jayne Lloyd, hold the key, and are securely destroyed when no longer needed.
I keep an on-site backup and also backup all files to an externally hosted third party, Backblaze. Backblaze is GDPR compliant. For further information about Backblaze please visit https://www.backblaze.com/company/privacy.html
I use an externally hosted third party, Light Blue Software, for the legitimate interest of my clients, to manage and administer your account. This includes but is not limited to contact information from enquiries, photoshoot details, quotes, contracts and invoices. Light Blue Software is a UK-based Customer Relationship Management tool and is GDPR compliant. For further information about Light Blue Software please visit https://www.lightbluesoftware.com/legal/privacy_notice.php
I use an externally hosted third party, Microsoft Exchange, to process email communication. Microsoft Exchange is GDPR compliant. For further information about Microsoft Exchange please visit https://privacy.microsoft.com/en-gb/privacystatement
I use cataloguing software, Adobe Lightroom, to index photographs that are stored on local hard drives. This may include descriptive metadata about the image to aid with image retrieval but will not include any sensitive information. I do not use facial recognition facilities within this software.
With consent, I deliver client images through my website, an externally hosted third party, Zenfolio. Levels of access are set according to the data subject’s requirements.
Where possible and appropriate, I request subjects of photographs to complete a Model Release form to assign rights to Jayne Lloyd and assigns, to confirm their approval of my use of images in promotion and, where relevant, future licensing of images. Data collected may include but is not limited to name, date of birth, signature, email, telephone, date of shoot, job/client reference, address of property to be released – in the case of minors the details will mainly be that of the parent/guardian. This data is to confirm the identity of the model and so that the model can be re-contacted in the event of requests falling outside of the original agreement or that may be of interest to the model for their own use.
newsletter
On this website, users are given the opportunity to subscribe to a newsletter, which is generated using Mailchimp. Mailchimp is GDPR compliant.
For further information about Mailchimp please visit https://mailchimp.com/legal/privacy/
I inform my customers and business partners periodically by means of a newsletter about recent news, information relating to photography, or offers. The newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter. A confirmation e-mail will be sent to the e-mail address registered by a data subject upon subscription, allowing them to double opt-in. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorised to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send the newsletter or technical information relating to the newsletter. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to my newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for delivery of the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.
Newsletter-Tracking
The newsletter of Jayne Lloyd contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, I may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by the controller in order to optimise the shipping of the newsletter, as well as to adapt the content of future newsletters to cater better to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, this personal data will be deleted by the controller. Jayne Lloyd Photography automatically regards a withdrawal from the receipt of the newsletter as a revocation.
How long is data held?
I review my data annually to ensure my records are accurate and to remove anything no longer required. I will retain data submitted by you for as long as it is valid and accurate or until such time that you choose to unsubscribe directly with me or via one of the third-party services described above, unless there is a legal requirement or document overruling this.
Due to the nature of my business, unless otherwise requested, photographs are stored indefinitely as part of my ongoing portfolio, as an ongoing service to my clients or in some cases to be relicensed as part of my stock photography collection. Associated data such as contact details for data subjects involved with the shoot are held for as long as the photographs in case further clearance is required in the future or to inform anyone of image uses that may be of interest to them, such as in an exhibition or award.
Under HMRC rules data relating to sales (invoices, contracts etc.) must be retained for 7 years.
As many of my clients rely on the storage of images on my website for long term projects or use, and create their own accounts with a private password, client accounts created on the website of Jayne Lloyd should be managed by the data subject. Data subjects may request deletion of their account on the website at any time.
Your rights
You have the right to request a copy of the personal information held about you by Jayne Lloyd, to have any inaccuracies corrected or to have the data deleted unless there is a legal requirement or document overruling this. I will need to verify your identity prior to releasing or deleting any records.
To learn more about GDPR and your rights you may wish to visit:
Information Commissioner’s Office (ICO) at https://ico.org.uk
Data Protection Act 1998 at http://www.legislation.gov.uk/ukpga/1998/29/contents
If you have any questions at all regarding the data held by Jayne Lloyd please contact me at:
Jayne Lloyd
Phone: (+44)7751233292
Email: jayne@jaynelloyd.co.uk
Website: jaynelloyd.co.uk
If you are not satisfied with my response or believe Jayne Lloyd Photography is not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO) at https://ico.org.uk
This Privacy Notice has in part been generated by the Privacy Policy Generator of the External Data Protection Officers that was developed in cooperation with the Media Law Lawyers from WBS-LAW.