Gdpr policy
What is the GDPR?
The GDPR is the General Data Protection Regulation which replaced the
Data Protection Act from May 2018. It's written to ensure that
organisations have strict policies and practices in place for managing
and handling personal data.
How does the GDPR affect Nursery and school photography?
For the most part, when we take photographs, we don't store any personal
data of the children or staff who we are photographing beyond the shoot.
For Schools, We receive a list of all children’s names and classes and
convert this information in to barcodes to use on shoot day. In all
cases We refer to children by their first name only during their shoot
to build rapport then each image is assigned unique identifier. This is
the reference parents see on their order forms.
After the photographs have been taken, they are then ready for in-house
editing.
We then make a proof sheet for each child and deliver back to setting
for distribution.
On request, Schools are also given a USB with coded images to be
uploaded on to their ID systems. During this process, we do not receive
any additional, personal data about the pupils.
If for any reason a job does require us to collect more personal data,
we will work within the GDPR requirements.
For Your interest - The School or education trust maintains the position
of Data Controller in all Dealings and Your Story Photography is the
Data Processor
Each child is then assigned a personal, password protected gallery on
our hosting site to view their images only. There, they can place orders
for digital images and prints to be posted to their home address or to
school.
We are committed to working closely with all of our schools to ensure
that we assist them with GDPR compliance.
Images are stored on a secure website during the ordering process and
removed after 90 days of order deadline. We do not use your images for
any marketing or display purpose without parent/schools express consent.
They are not shared with any other parents or third parties. The School
or setting are responsible for gaining parent permissions to take photos
initially and to reuse the images for display if selected for marketing
purposes
If you are a parent and would like to know more about how your child’s
image is linked to their school ID please contact your school.
How does the GDPR affect family photography?
When we take your family portraits, we only ask information that’s
relevant to the shoot to get the best from the session. This might be
but not limited to;
First names, children’s birthdates and abilities , family relationships,
address, telephone number and email contact. This information is not
stored with or connected to images online and is for shoot purposes
only.
After the photographs have been taken, they are then ready for in-house
editing then each family shoot is assigned a personal, password
protected gallery on our secure hosting website to view their images
only. There, they can place orders for digital images and prints to be
posted to their home address.
We do not use your images for any marketing or display purpose without
your express consent. They are not shared with any other parents or
third parties.
What happens next?
We are committed to being fully compliant with the GDPR, We review and
test our data processes and continue to work effectively with all our
schools and family sessions
Privacy Policy
We are committed to protecting and respecting your privacy.
1. Information we collect from you
When interacting, photographing and placing orders, We will collect and
process data about you.
Eg Information that you give us by filling in forms on our sites or by
corresponding with us by phone, e-mail etc. It includes information you
provide when you have a photoshoot, register to use our site, place an
order, enter a competition, and when you report a problem with our site,
products or services. The information you give us may include your name,
address, e-mail address and phone number, financial and credit card
information and personal description.
This information is never shared without your knowledge or permission
with any third parties for the purpose of marketing or direct contact
2. Purposes for which we may process the information
We use information held about you in the following ways:
• to carry out our obligations arising from any contracts entered into
between you and us and to provide you with the information, products and
services that you request from us;
• to provide you, with your permission, information about other goods
and services we offer that are similar to those that you have already
purchased or enquired about;
• to notify you about changes to our service;
3. Information we collect about you.
We will use this information:
* to administer our site and for internal operations, including
troubleshooting and data analysis,
* For editing, payment processing, printing and delivering product
* to allow you to participate in interactive features of our service,
when you choose to do so;
* as part of our efforts to keep our site safe and secure;
* to make suggestions to you and other users of our site about goods or
services that may interest you or them
4. Legal basis of processing
4.1. Data Protection Law requires us to meet at least one “legal ground”
for processing, currently set out in Article 6 of the General Data
Protection Regulation. The grounds applicable to the personal data to
which this policy relates are:
4.1.1. Where the processing is necessary for us to perform a contract
that you are party to, or to take steps at your request prior to
entering a contract, that is the ground on which we are processing that
data;
4.1.2. Where the processing is necessary for compliance with a legal
obligation to which we are subject, that is the ground on which we are
processing that data;
4.1.3. Where processing is necessary for the purposes of our legitimate
interests or the legitimate interests of a third party, that is the
ground on which we are processing that data, provided that your
fundamental rights and freedoms which require protection of your data
override those legitimate interests (our legitimate interests comprise
the management, marketing and promotion of our business, products and
services;
4.1.4. If you have given your consent to our processing the data, that
is the basis on which we are processing that data.
If more than one of the above grounds apply to the processing of data in
question, the applicable ground will be the one that is set out first
above.
5. Where we store your personal data
5.1. The data that we collect from you will be stored on our servers or
those of our service providers.
5.2. All information you provide to us is stored on our secure servers.
Any payment transactions will be encrypted using SSL technology. Where
we have given you (or where you have chosen) a password which enables
you to access certain parts of our site, you are responsible for keeping
this password confidential, and for all use made of your account with
such password. We ask you not to share a password with anyone.
5.3 Unfortunately, the transmission of information via the internet is
not completely secure. Although we will do our best to protect your
personal data, we cannot guarantee the security of your data transmitted
to our site; any transmission is at your own risk. Once we have received
your information, we will use strict procedures and security features to
try to prevent unauthorised access.
6. Your rights
You have various rights under Data Protection Law. These include:
6.1 The right to ask us not to process your personal data for direct
marketing purposes, even if you have given consent;
6.2 If our processing is based on your consent, the right to withdraw
any consent you may have given for our processing of your data – if you
exercise this right, we will be required to stop such processing if
consent is the sole lawful ground on which we are processing that data;
6.3. The right to ask us for access to the data we hold about you
6.4 The right to ask us to rectify any data that we hold about you that
is inaccurate or incomplete;
6.5. The right to ask us to delete your data in certain circumstances;
6.6 The right to ask us to restrict our processing of your data in
certain circumstances;
6.7 The right to object to our processing of your data in certain
circumstances;
7. Accessing your data
You have the right to obtain from us:
7.1. Confirmation as to whether we are processing (including holding)
personal data about you; and with what purpose we are processing your
data
7.2 Information as to the recipients or categories of recipients to whom
the data has or will be disclosed;
7.3 Information as to the envisaged period for which we will store the
data, or if the basis on which that period will be determined;
7.4 A copy of the data (further copies are available at a reasonable
charge, which we will inform you of should you request further copies).
Please note that this right is subject to the rights of others in
relation to their own personal data, meaning that we cannot disclose
data to you if it would involve disclosing data about someone else.
8. Changes to our privacy policy
Any changes we make to our privacy policy in the future will be posted
on this page. Please check back frequently to see any updates or changes
to our privacy policy.
Your Personal Data:
What we need
This website will be what is known as the "Controller" of the personal data you provide to us, which may include name, address, email and so on.
Why we need it
Your data is collected primarily for fulfilment of your orders and relaying of messages you send through this website.
What we do with it
Your data provided to this website is relayed to the website owner, and is archived by the website service provider Theimagefile.com. The service provider data archive exists primarily in Ireland.
How long we keep it
Your online order data is stored for a number of years as required by tax law. Some aspects of your online order data can be anonymised at your request and to the extent allowable by law. Your other non-order data (i.e. marketing or messaging data) can be deleted or anonymised at your request, as per requirements of General Data Protection Regulation (GDPR). You may also unsubscribe from marketing communications at any time.
What are your rights?
If at any point you believe the information we process on you is incorrect, you may request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter. Unless otherwise stated in this document, the managing director of this website acts as the EU Data Protection Officer (DPO) and can be reached from the contact page of this website.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner's Office (ICO).
What are cookies?
Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser. They are widely used to "remember" you and your preferences, either for a single visit (through a "session cookie") or for multiple repeat visits (using a "persistent cookie"). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as "first party cookies"), or by other websites who serve up content on that site ("third party cookies").
Cookies on this website
This website uses cookies for a variety of different purposes. These include those that are "strictly necessary" for technical reasons; those that enable a personalized experience for visitors and registered users; and those that interact with selected third party networks. Some of these cookies may be set when a page is loaded, or when a visitor takes a particular action, such as clicking a "like" button. Below is a description of each category of cookies that are in use, along with specific examples.
Strictly Necessary
These are the cookies that are essential for websites to perform their basic functions. These include those required to allow registered users to authenticate and perform account related functions, as well as to save the contents of virtual "carts" on sites that have an e-commerce functionality:
sid - temporary session cookie identifier, used for login sessions and shopping cart
tif_cem - temporary session cookie for current email, used for secure albums requiring email login
tx1_EGS - temporary session cookie storing search term for album searches
tx1_fmm - temporary session cookie allowing viewing desktop site from mobile & vice versa
Unless otherwise noted below, we do not use persistent cookies, nor cookies for optional functionality, AB testing, performance, advertising and so on.
Third Party/Embedded Content
This website may make use of different third party applications and services to enhance the experience of website visitors. These include social media platforms such as Facebook and Twitter (through the use of sharing buttons), or embedded content from YouTube and Vimeo, or tracking services such as Google Analytics. As a result, cookies may be set by these third parties, and used by them to track your online activity. We have no direct control over the information that is collected by these cookies.
Controlling cookies
Visitors may wish to restrict the use of cookies, or completely prevent them from being set. Most browsers provide for ways to control cookie behaviour such as the length of time they are stored - either through built-in functionality or by utilizing third party plugins.
To find out more on how to manage and delete cookies, visit aboutcookies.org. For more details on advertising cookies, and how to manage them, visit youronlinechoices.eu (EU based) or aboutads.info (US based).
It's important to note that restricting or disabling the use of cookies can limit the functionality of sites, or prevent them from working correctly at all.
Web beacons and other tracking technologies
Both websites and HTML e-mails may also contain other tracking technologies such as "web beacons". These are typically small transparent images that provide us with statistics, for similar purposes as cookies. They are often used in conjunction with cookies, though they are not stored on your computer in the same way. As a result, if you disable cookies, the web beacons may still load, but their functionality will be restricted.