Liz Finlayson

Privacy & Security Policy: GDPR Compliant

May 2018

 

For all enquiries, contact:

Liz Finlayson

01273 275162 or 07585 708606

 

Contacting Liz Finlayson

When you complete the online Contact Form, it is delivered to my email through Yahoo.

 

PHOTOGRAPHS

All photographs are held and displayed on the website in the following legislation:

UK Copyright Law

Data Protection Act

 

These are classed as personal data in the GDPR although no guidance has yet been released, I am hoping for further guidance when EU legislation is ratified in the UK in the Autumn of 2018, and will take any further appropriate measure then.

 

Taking Photos

Where photographs are taken for a client of Liz Finlayson (the ‘Controller’), I do so via a contract and Licence to Use.  If you have issues about this then please refer directly to this licence or contact me as above.

If I have been commissioned to take wedding or event photography, then these are also bound by our licencing agreement.

Where a photograph is taken in a public space, I retain the right to own the photograph in lieu of further or differing GDPR legislation.

Where I ask for consent to take a photograph – for instance posing in a shopping centre, then I will take that as consent in lieu of further guidance from GDPR.  Such occasions are already under the legislative banner of the DPA.  You can also refer any concerns about that to the owner of the space you are in (for example the Shopping Centre)

I do therefore have a pertinent Business Interest for taking photographs and processing them.

 

Images Online

I also take images via a contract with one of our client’s (GDPR terms them as the  ‘controller’) – for example wedding photography.  I am allowed in that contract to use various images to market my services.  I am always very sensitive about which images I use.  If you see an image of yourself that do not wish to be public, that is credited to Liz Finlayson, please contact me. Please note that my client (eg The Argus) my have the final say as the Controller of the image, depending not eh copyright terms.

 

Image Security

When I have taken a photograph, I will then edit it, transfer it to my client and store it safely.  I may also use it to market my services or on a private gallery for clients.  Personal data further than just facial or location identification may occur in the title of the photograph (eg your name) or in the Metadata – information about a photograph that explain what it is and is stored ‘behind’ an image – you can view it using software such as Photoshop.  This information is really important as it also helps us to keep track of where are photographs have been used and for anyone to find out who took it.

 

All of my cloud and hard disc drives have double encryption security barrier

 

Online and external cloud providers* are also secure:

 

Yahoo https://policies.yahoo.com/xa/en/yahoo/privacy/index.htm
We Transfer https://wetransfer.zendesk.com/hc/en-us/articles/360000341863-GDPR-compliance
Dropbox www.dropbox.com/en_GB/security/GDPR
Shootproof https://www.shootproof.com/legal/privacy-policy

 

 

Your contact details

My Yahoo password is changed regularly to aid security.  I do not store any of your details once we have finished our conversation unless there is a clear business reason to do so (ie I am contacting you again to book a previously arranged event).  If you wish me to delete any information, please just contact me.

Shootproof Galleries

These are sent to the controller as private password protected galleries.  The content is live for 30 days only.

 

Portability

The right to data portability applies:

to personal data an individual has provided to a controller;

Eg. Names on images at an event or a shopping centre of people in the background.  Currently only image based – indicates location too

where the processing is based on the individual’s consent or for the performance of a contract;

  1. Names of staff for portraits. On a notepad between commission and office. Then on metadata.

 

Right To Erasure, Including Retention And Disposal

Every quarter, I routinely and securely dispose of personal data that is no longer required, in line with the agreed timescales as stated in your contract with the controller.

This does NOT apply to photographs which I store for business and my client’s interests.  Contact me for any enquiries or concerns.