Privacy Policy Andy Taylor Photography Effective Date: [23/02/26]
1. Introduction Andy Taylor Photography is committed to protecting and respecting your privacy. This Privacy Policy explains how personal data is collected, used and stored in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Andy Taylor Photography is registered with the Information Commissioner’s Office (ICO) as a Data Controller. Registration Number: [Insert ICO Number]
2. Who We Are Andy Taylor Photography provides wedding and commercial photography services in the United Kingdom. For the purposes of data protection law, Andy Taylor Photography is the “Data Controller”. Contact details: Email: [email protected]
3. What Information We Collect We may collect and process the following personal data: Names Email addresses Telephone numbers Postal addresses Wedding or event details Property details (for property photography clients) Payment information (processed securely via third-party providers) Communications between us We do not knowingly collect sensitive personal data.
4. How We Collect Your Data Personal data may be collected when you: Submit an enquiry via the website Enter into a contract Make a payment Communicate via email, phone or social media Sign up for services
5. Lawful Basis for Processing We process personal data under the following lawful bases: Contractual Necessity – To fulfil our agreement to provide photography services. Legal Obligation – To comply with HMRC and accounting requirements. Legitimate Interest – To operate and improve our business services.
6. How Your Data Is Used Your personal data may be used to: Respond to enquiries Provide photography services Deliver galleries and products Process payments Maintain business records Comply with legal obligations We do not sell or rent your data to third parties.
7. Third-Party Service Providers We use reputable third-party providers to operate our business, including: Studio Ninja (CRM and contract management) Stripe (payment processing) Pic-Time (online gallery hosting) Secure cloud storage providers for backup These providers process data in accordance with UK GDPR and their own privacy policies.
8. Data Storage & Security We take reasonable technical and organisational measures to protect your personal data, including: Password-protected systems Secure online platforms Two-factor authentication where available However, no online transmission is ever completely secure.
9. How Long We Retain Data We retain personal data only as long as necessary to: Fulfil contractual obligations Meet legal, tax and accounting requirements Resolve disputes Image files are typically retained for a minimum of 12 months. Long-term archiving is not guaranteed.
10. Your Rights Under UK GDPR, you have the right to: Request access to your personal data Request correction of inaccurate data Request erasure of your data (where legally permissible) Object to processing in certain circumstances Lodge a complaint with the Information Commissioner’s Office Requests should be made in writing via email.
11. Website Cookies This website may use basic cookies to improve user experience and monitor website performance. You can control cookie settings via your browser. 12. Changes to This Policy This Privacy Policy may be updated from time to time. The latest version will always be available on this website.
