It’s where I tell you all the important stuff about what how I collect and process your personal data when you are using my website trevorrayhart.com (My site)
I trade as Trevor Ray Hart Photography (“I” “my” or “me”) a company based in the United Kingdom. I am responsible as a “Data Controller” of your personal information for the purposes of the General Data Protection Regulation (GDPR) which applies across the European Union. I use, collect and am responsible for certain personal information about you and because of that I want and need to tell you about how I will act with integrity to comply with legal obligations in that regard.
- Highlights: I only use your data to improve your experience with me and to help and benefit you.
- Simple: I’ll do my very best to talk straight, answer your questions, keep life simple.
- Junk-free: Aside from the fact I hate junk and crave a simpler world, I put the power in your hands to choose what and how I speak to you.
- Safety first: I take privacy and data protection very seriously. Protected 24/7.
- Age of consent: when you provide me with any information, you warrant to me that you are over 13 years of age.
Let’s start here.
“Personal data” – any information capable of identifying an individual. [So not anonymised data which is where all the bits which could identify you are removed]
The services I provide are all about you, your business and your life. I take very seriously our personal relationship with you. That absolutely includes the personal information that you share with me and the trust you place in that.
I collect and handle personal data every day, but with the key purpose of helping and serving you to have a more powerful business offering and a more meaningful life.
Here are the promises I make to you in that regard.
- I promise… to be open and honest about the information I collect, and why I may collect it. This policy is here to help you understand what information about you I collect, how I use it, how long I keep it for, and reassure you that I protect it.
- I promise… to only use it for the specific purposes I told you that I needed it for. I will not use it for any other purposes, unless I obtain your specific permission, or I are required by law or to fulfil a legal obligation. I won’t collect more information than I need for the service or product or information you ask me for.
- I promise… to check it and make sure it’s accurate and keep it up to date. If you spot a mistake, then you can write to me and tell me, and I’ll update it. And obviously, if you change your details then let me know.
- I promise… that I won’t keep that information any longer than it is needed. The length of time varies depending the information and the reason I use or keep it. I’ll explained this below.
- I promise… to protect your information and your privacy. I’m a small business but big on integrity and doing the right thing. Safety and security is a priority for me in all areas, not just this one.
- I promise… to explain your Privacy Rights and how you can exercise them (all set out in this policy so it’s clear for you)
- I promise… to respond quickly to any questions or concerns which you raise with me.
Above all, I promise… to respect your privacy and your information and treat it as if it were our own. I will treat you and your information fairly.
Any personal Information you share with me is just that – it’s personal. It’s yours, not ours – I know that. And I want to make sure that it’s easy for you to take control of it.
You have certain rights by law – legal rights that the Information Commissioning Office (www.ico.org.uk) will help you to enforce if you need to at any time.
Here’s a list to help you understand what your specific rights are:
- Right to access your information at any time. Just write to me and I’ll respond quickly and efficiently.
- Right to stop receiving emails, correspondence, notifications or messages from me. I will always give you an “opt-out” option and you can unsubscribe at any time.
- Right not to be profiled for marketing purposes. So even though I love to find out more about you, get curious and ask questions so I can serve you better, connect and collaborate to get closer to you…you can ask at any time for me to stop doing this.
- Right to prevent processing of your information. By which I mean you can ask me to just hold onto your information in case you need it in the future, but not to process it in any way.
- Right to be forgotten. You can ask me to erase and delete permanently your information, and although there are some bits I need to keep by law, I will honour this request happily.
- Right to portability. In non-legalese it means you can ask me to transfer your information to another organisation. Just let me know what to include and who you want to send it to, and I can.
- Right to make a complaint. The regulating body is the Information Commissioner’s Office (ico.gov.uk) and they are there to help you on all things data-related. You can find a complaint form on their website. Please do give me opportunity first to resolve any issue before resorting to this route.
If you exercise any of the above rights I promise to come back to you quickly. It will definitely be no longer than a month because that’s what the law says I must do. If you feel it’s really urgent then email me at .
Question & Response
This section is to help you. You don’t have to read it if you don’t want to, of course. But the law says that I MUST tell you these things, so you are informed as our customer or potential customer. I’ve made it as simple and helpful as I can because that’s what I love to do in the every day.
You: How do you collect personal information from or about me?
Me: I may collect information about you in the following ways:
- when you purchase a product or service from me you may have to provide the information (and if you choose not to, I may not be able to finalise the contract with you and of course I’ll tell you that and I can decide what to do);
- when you meet with me in the real world;
- when you contact me on the telephone, by email, or by filling in a form on my website or social media pages;
- if you are referred to me by a friendly advocate of my service;
- I may receive data from public sources such as Companies House or electoral records in the UK or EU;
- and obviously when you become a customer to me and I do great work with you, then I will collect more information than when you’re just browsing and enjoying hanging out in my world.
You: What information do you collect about me?
Me: The information I collect may include:
- Your name (and possibly job title);
- Contact information such as email address, phone number, correspondence address;
- Demographic information such as postcode, lifestyle interests, business pursuits. Things I’m curious might include your needs, interests, preferences and you’ll always be invited to share this, not forced. It’s your choice.
- As a customer, I will need to collect financial information for the transaction, and sometimes your signature on contracts or other personal data in the context of our work together.
You: And how do you use the information?
Me: I may use information held about you in the following ways:
- To respond to you if you contact me for help or a query;
- To fulfil my contractual obligations to you when you’ve bought from me;
- To send you valuable information which I think you’ll enjoy and like relating to our services, events, what we’re up to, how you can connect with me. But ONLY if you consent to this and if you ask me to stop then I will;
- To make sure that my website is helpful and attractive for you and working effectively for your computer and devices and so I can meet the preferences and interests that you’ve told me about;
- To allow you to play properly with my website and online services, so you can be interactive with me when you choose to do so;
- To tell you if I make important changes to my services;
- Generally, I only use it for purposes which I need to – to protect mine and your interests and prevent illegal activity and make sure that what I offer and do in the world is safe and secure.
You: Who do you share it with and who has access to it?
Me: I only share it when there’s a real, actual need. This may be when you ask me to, or if I need to do so in line with a service I’m providing for you and you’ve given me express permission. I may have to share it with companies in my group who provide services to me, or to service providers who provide IT and system administration services in order to make sure all my technology is linked and working properly. This will be done in accordance with the appropriate legal standards and requirements.
I will of course have to share personal information with law enforcement or other authorities if required by an applicable law.
But otherwise, I do not and will not share your personal information with any other third party for marketing purposes. I definitely won’t ever be selling your information on to any third parties because that’s just not what I do. I share lots of things like my advice an experience, but never personal information.
You: Where do you store and process the information?
Me: I use computer systems to help me to safely store and process the information. Because these are provided by third parties it is possible that some of your information is stored and processed overseas and in particular outside of the European Economic Area (EEA). But the agreements in place with these third-party providers are protected to the same high standards as required by the law here in the UK. I will not otherwise ever transfer your personal data outside of the EEA or to any organisation or third party without your specific consent.
You: How do you protect and secure it?
Me: I use up to date security measures in line with latest technology, which may include encryption, security certificates, access controls, procedures and policies within my business, and taking steps to mitigate any potential security risks and monitoring/testing my systems on a regular basis. I also anonymise data where I can so it’s not identifiable. I seek expert advice and help on this wherever necessary because I want to make sure I’m always doing the right thing.
You: How long do you keep my information?
Me: The short answer to this is only as long as necessary or where relevant to your relationship with me or my obligations under the law. If you transact with me I have to keep certain information for 6 years (this includes Contract, Identity, Financial and Transaction Data) after you stop being a customer.
I respect your confidentiality and whilst you are engaged with me and are happy you want to be in contact with me. I won’t stay in touch where you don’t want me to (obviously) and so take a look back at the “Rights” I’ve set out above and remember they are there to help and protect you.
You: Why do you collect and use my information in the ways you’ve described?
Me: In the main it’s because I’m here to help you and I believe you like me and want to be connected with me. I rely on having a legitimate interest to be in contact with you to share my work in the world and let you choose whether to play with me, or not. It may be because:
- You specifically gave me your permission (your “consent”)
- I had to seek your consent for certain to add cookies to your device;
- I needed to use your information to run my business successfully (the law calls this “legitimate interests”) but I will only do this when we’re happy that there is little or no risk to you and your personal information. Of course, I want you to know about me and the services I provide because they may be exactly what you need! But we’ve also made it easy for you to stop receiving that type of information at any time (by unsubscribing or opting out);
- I had to collect the information to deliver the contract to you or to comply with a law or legal obligation. In this case, I am allowed to do so, as long as I only then use it for that purpose.
The following table summarises the categories of data I may collect and also explains to you why I collect it and the lawful grounds upon which I do so.
|Category of Data||Examples||Lawful Grounds|
|Communication Data||Pretty much any communication that you send to me. For example, via the contact form on my Site, an email, a text, any social media messaging, or any social media posting.||I process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. My lawful ground for this processing is my legitimate interests which in this case are to reply to communications sent to me, to keep records and to establish, pursue or defend legal claims.|
|Customer Data||This includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details.||I process this data to supply the goods and/or services you have purchased and to keep records of such transactions. My lawful ground for this processing is the performance of a contract between you and me and/or taking steps at your request to enter into such a contract.|
|User Data||This includes data about how you use my Site and any online services together with any data that you post for publication on my Site or through other online services.||My lawful ground for this processing is my legitimate interests which in this case are to enable me to properly administer my Site and my business. I process this data to operate my Site and ensure relevant content is provided to you, to ensure the security of my website, to maintain back-ups of my Site and/or databases and to enable publication and administration of my website, other online services and business.|
|Technical Data||This is data about your actual use of my Site and other online services. It might include your IP address, your login data, details about your browser, length of visit to pages on my Site, page views and navigation paths, details about the number of times you use my Site, time zone settings and other technology on the devices you use to access my Site. The source of this data is from my analytics tracking system.||I process this data to analyse your use of my Site and other online services, to administer and protect my business and Site, to deliver relevant Site content and advertisements to you and to understand the effectiveness of my advertising. My lawful ground for this processing is my legitimate interests which in this case are to enable me to properly administer my Site and my business and to grow my business and to decide my marketing strategy.|
|Marketing Data||This could include data whether you agree to receive marketing from me (and my third parties) and your communication preferences. I process this data to enable you to partake in my promotions such as competitions, prize draws and free give-aways, to deliver relevant Site content and advertisements to you and measure or understand the effectiveness of my communications and advertising.||My lawful ground for this processing is my legitimate interests, for example in order to evolve and improve my services I like to study how customers use my products/services, and this helps me to expand and develop them, to grow my business and to decide my marketing and commercial strategy.|
You: What about sensitive data?
Me: The legal definition of “sensitive data” refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. I do not collect any Sensitive Data about you.
Nor I do not collect any information about criminal convictions and offences.
I would require your explicit consent for processing sensitive data, so if our position on this changed in the future I would send you a further communication asking for you to confirm your specific consent to this type of processing.
You: And what about Cookies? What are they and why do I care?
You: OK, I think you’ve answered all my questions
Me: GREAT! Thanks for reading and listening.