I have written this page to detail the steps taken to protect the data and privacy of all people accessing, using or featured on mwpix.co.uk, as well as to explain what information I have access to.
www.mxpix.co.uk is hosted by a company called Zenfolio and their own user agreement information for using the website is available here.
The details provided below are in addition to the Zenfolio agreement so you understand the steps I have in place to protect you and your data.
When you access mwpix.co.uk
Though I do not yet use the feature, I theoretically have access to Zenfolio’s analytics tools to measure traffic to different parts of my website, and to see which galleries visitors explore the most.
If you or your children are in a photo on mwpix.co.uk
No personally identifiable information is attached to the photo captions or gallery titles, although the hidden metadata of photos may in some cases include the first name and initial of the people depicted. Many photos are named with the data and time at which the photo was taken (assuming I've kept the time and date of my camera up to date), and potentially may also hold GPS information on where the image was taken. For galleries specific to individual people (e.g. a wedding or a family photoshoot) the gallery will never use the surname (family name) of any subjects or any other information to identify the subjects. If there are any photographs of you that you wish to be hidden from view and/or only accessible via password, please contact me at [email protected]
When you buy something from mwpix.co.uk
When you buy something from the site, I have access to some of the information you provide so that I can help ensure your purchases reach you correctly. This includes the name, delivery address and email address you provide, as well as which products you ordered and how much they cost. This information is securely held on the Zenfolio servers. I do not have access to any of your payment details, however, as this is all managed by Zenfolio directly and securely using the same Stripe payment system used by Amazon, The Guardian, Monzo, booking.com and Deliveroo amongst others.
In simple terms...
To put this at its simplest, I absolutely respect your personal information and will only ever ask you for information I really need from you. I will look after it in the same way I would want mine looked after. I will only share it with others where I need their help to deliver a service to you (such as the professional printing laboratory I use, who may need your name and address to post your purchases). Be assured that I will never share your information in any other circumstances – nor will I sell it on elsewhere.
Here are a few more details:
It is taken as given that the photographer retains copyright on all images he produces under the name of Michael Wright or MW Photography.
1. The Data I collect
As a data controller I collect a variety of data in order to deliver my services, and I will manage your personal data transparently, fairly and securely.
Obviously, being a photographic business I create and manage images. These images are stored on my Macbook, on an external hard drive (as part of a system backup using Apple Time Machine) and - in some cases - Adobe's Lightroom CC cloud. When uploaded to my website, there are never any photos or galleries bearing a child’s full name.
2. Why do I collect this data from you?
I use the above data to enable me to provide account access and to
deliver my service to you.
3. Which third parties do I share Personal Data with? If you order prints, your information, in the form of your address and or your email address and your phone number may also be shared with a professional photo lab - data is not transferred outside of the European Economic Area - and the payment processor Stripe - data is not transferred outside of the European Economic Area.
The mwpix.co.uk website is hosted on a platform provided by an American company called Zenfolio – who provide a service to professional photographers. Zenfolio transfers your data outside of the European Economic Area to the United States under the protection of EU/US Privacy Shield. Client and Photographer data stored on Zenfolio resides on Zenfolio’s secure corporate servers located in the US. Certain banking and merchant information is shared with the respective financial institution in order to process payments and refunds. If you commission me for a shoot, the photographic data that you pay me to produce for you is uploaded onto my mwpix.co.uk website. Unless otherwise agreed, all your photographs will be put into a password protected gallery on this website: this prevents other people from viewing your photos online. I will inform you of the password for your gallery. I will choose a photo taken at the shoot / wedding as a cover photo from the album. If you have any specific requirements as to who should or should not figure in this photo, please advise me at the time of booking. All photographs taken at a commissioned photographic event have inferred consent to photograph all persons present as a result of the photographer being booked for said event. No parental consent is required for photography of minors at a wedding, as consent is inferred through the contract with the bride and groom.
The data that you enter into my website may be stored on my MAC, my external hard drive (both located at my home office) and also on Zenfolio's servers. Your email address is similarly shared with my email service provider. There are also certain situations in which I may share access to your personal data without your explicit consent; for example, if required by law, to protect the life of an individual, or to comply with any valid legal process, government request, rule or regulation
4. Why do I share your Personal Data with the above?
The reason for sharing any information about you with anyone else is in order that my services to you can be fulfilled, according to our agreed contract. Additionally, I may share information regarding my services and associated fees with my accountant. All of my suppliers, unless specified otherwise, are based within the EU. I share your data in order to deliver my service to you
; personalise your experience
; provide account access
5. How do I keep your digital personal data secure?
I keep your data secure by upholding the highest personal standards of honesty and integrity, and by using Secure Socket Layer (SSL) technology for all pages that have credit card info and personal data on them – (an https page). I do not use an image Back-Up service provider(s)
In the unlikely event of a criminal breach of my security I will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, I would also inform you.
When you visit my website I also collect (a minimal number of) Cookies. These are small pieces of data that websites send to a user's computer and are stored on the user's web browser. They are designed to enable the website to remember information, such as what a user might have put in a shopping cart for example. They are designed to be informative, personal, and as user-friendly as possible, and cookies help me to achieve that goal. These cookies are essential to ensure that you can navigate and use all features of the site. This includes browsing pages, remembering your preferences, saving favourite images, secure registration, placing orders, and other essential features. These cookies don't gather any information about you that could be used for marketing or remembering where you've been on the Internet. Cookies help me to personalise your experience and to deliver my service to you
8. You have the following rights;
the right to be informed about the collection and use of your personal data; the right of access to your personal data and any supplementary information; the right to have any errors in your personal data rectified
; the right to have your personal data erased; the right to block or suppressing the processing of your personal data; the right to move, copy or transfer your personal data from one IT environment to another
; the right to object to processing of your personal data in certain circumstances, and rights related to automated decision-making (i.e. where no humans are involved)
and profiling (i.e. where certain personal data is processed to evaluate an individual).
I also give you the option to manage your data by contacting me both through email and through telephone. Should you wish to exercise any of your legal rights, as listed above, please contact me at mwpix.co.uk either via email or via my mobile phone, as listed on the mwpix.co.uk website.
9. Holding personal data
While I do not hold personal data any longer than I need to, the duration will depend on your relationship with MW Photography, and whether it is ongoing. I may keep some of your personal data for a period of over 7 years after our working contract with you has finished for my own tax legislation purposes. After this time I will archive your photographs indefinitely along with your relevant details and consent forms. This is due to the possibility of requests for replacement images being made several years after being taken.
Personal data (usually referred to just as "data" below) will only be processed by me to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered therein.
Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.
I. Information about me as a controller of your data
The party responsible for this website (the "controller") for purposes of data protection law is:
II. The rights of users and data subjects
With regard to the data processing to be described in more detail below, users and data subjects have the right to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR); to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR); to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR; to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR); to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR). In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients. Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller's future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.
III. Information about the data processing
Your data processed when using this website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.
Cookies - don't we all hate cookies?!
a) Session cookies
This website automatically sets cookies, if you accept them. This is just how Zenfolio functions, and I regret that I cannot entirely to switch them off. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address.This processing theoretically makes my website more user-friendly, efficient, and secure, as well as allowing me to offer a shopping basket function. The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.
If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR. When you close your browser, these session cookies are deleted.
b) Third-party cookies
c) Disabling cookies
If you contact me via email or by using the contact form, the data you provide will be used for the purpose of processing your request. I must have this data in order to process and answer your inquiry; otherwise I will not be able to answer it in full or at all. The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.