All images and content on this website are the property of Hayley Morris & Hayley Morris Photography and are protected by Copyright. Images may not be used or taken from this website unless you have written permission from Hayley Morris.
In basic terms, I respect your personal information and will only ask you for the information I really need from you. I will look after it in the same way I would want mine looking after and kept secure. I will only share it with others when I need their help to deliver my service to you (such as my professional printing laboratory/album manufacturers/writing your name/address on any postage correspondence to who may need your name, email address and address to post your purchases). Please be assured that I will never share your information in any other circumstances – nor will I sell it to any third party. Here are more details:
1. The Data I Collect
As a data controller I collect a variety of data in order to deliver my services, and I will manage your personal data transparently, fairly and securely.
I may ask you to provide me with the following data –
Your first and last name, your address, your email address, your telephone number, your IP address. I will also record a date of birth for all persons I photograph under the age of 13 and require a parent or a legal guardian to consent to photography. Obviously being a photographic business I also create and manage images as per our contractual agreement(s), with being a photographic business being able to share images from weddings and sessions to show prospective clients is always helpful.
We use the above data to deliver my service to you, to correspond with you, to personalise your experience, to provide you with account access (to galleries etc), for marketing purposes, to send products to you.
I collect this data on the following lawful basis - to fulfil a contract, to meet a legal obligation other than a contract, for consent.
When you visit my website I also collect Cookies. These are small pieces of data that websites send to a user's computer and are stored on the user's web browser. They are designed to enable the website to remember information, such as what a user might have put in a shopping cart for example. This helps me to deliver an my service to you and/or for marketing purposes.
2. Which third parties do I share Personal Data with?
I share personal data with the following third parties:
Printing labs, album manufacturers, couriers, postal services, gallery software (which is password protected and only accessed by myself), email provider, USB makers, client management software (which is password protected and only accessed by myself). Some of these mean that your data is not transferred outside of the European Economic Area and some mean that your data is transferred outside of the European Economic Area to the United States under the protection of the EU/US Privacy Shield.
There are also certain situations in which I may share access to your personal data without your explicit consent; for example, if required by law, to protect the life of an individual, or to comply with any valid legal process, government request, rule or regulation.
3. Why do I share your Personal Data with the above?
I share your data in order to deliver my service to you, for marketing purposes, to personalise your experience, to provide you with account access, to enable products to be delivered to you. I may transfer personal data to a country outside of the European Economic Area (EEA) if necessary eg if a third party I utilise could have servers located outside of the EEA. If this is the case, I will either obtain your consent or otherwise ensure that the transfer is legal and your data is secure by following the EU's guidelines. You can see above where I send data outside of the EEA and on what basis we do so.
4. How do I keep your personal data secure?
I keep your data secure by following internal policies of best practise, encryption, using password protection for accounts, storing your data securely using passwords, by using Secure Socket Layer technology when information is submitted to me online. In the unlikely event of a criminal breach of my security I will inform the relevant regulatory body within 72 hours and, if your personal data was involved in the breach, I will also inform you.
6. You have the following rights -
- the right to be informed about the collection and use of your personal data
- the right of access to your personal data and any supplementary information
- the right to have any errors in your personal data rectified
- the right to have your personal data erased
- the right to block or suppressing the processing of your personal data
- the right to move, copy or transfer your personal data from one IT environment to
- the right to object to processing of your personal data in certain circumstances and
- rights related to automated decision-making (i.e. where no humans are involved) and
profiling (i.e. where certain personal data is processed to evaluate an individual).
I also give you the option to manage your data via email, writing to me and telephone.
While I do not hold personal data any longer than I need to, the duration will depend on your relationship with me, and whether it is ongoing. I may keep some of your personal data indefinitely after my working contract with you has finished for tax legislation purposes and for proof of ownership of images along with relevant details and consent forms.