Yes, we’re afraid it’s another of those privacy policies that we’ve all heard so much about. Ours is pretty standard for a small business in the UK, and shouldn’t contain any surprises, but we encourage visitors to review our policy to ensure they are happy with it before getting to the real reason you came to this site. Thank you for your kind attention.
Who we are
Our website address is: https://gycphoto.com
GYC Photography (https://gycphoto.com) is a trading name of Limegreendreams Ltd and for the purposes of data protection legislation, is a controller of your personal information. Its registered address is Unit 10, Saxon Way, Melbourn, Royston SG8 6DY, United Kingdom.
GYC Photography will be referred to in this privacy notice as “GYC Photography”, “we”, “us” or “our”.
Your data will be referred to as ‘data’ or ‘information’.
GYC Photography takes your privacy as seriously as we take our own, and we are committed to keeping your information confidential. Any information you provide to us will be used solely for the purpose providing the best photographic and customer service we can.
We will only use the information collected from you lawfully in accordance with GDPR and this policy. We comply with GDPR legislation completely and will never sell your data. However, in order to fulfil our services, GYC Photography needs to store some information about you and this notice explains how we collect, store and use that data, and how you can control it.
What this notice applies to
This notice applies to personal information we collect about you when you interact with us (for example when you use this website or that we collect from third parties), as described in this privacy notice. It sets out:
- what information we collect, and from whom;
- how we use that information;
- who we share your information with;
- how your information is protected;
- your rights in relation to the information we hold about you; and
- how long we keep your information.
Changes to this privacy notice
We review our privacy notice regularly, and we encourage you to review this page periodically for the latest information on our privacy practices. Any material changes will be notified to you by updating them on our website.
This privacy notice was last updated on 21st June 2018
What counts as personal data?
Under Article 4 of GDPR, personal data is any data that can be used to identify a living person. For example:
- Physical address or email address
- Phone number
- Last four digits on a credit/debit card
- Shipping tracking numbers (as these are unique to an order, and thus a person
- Location data
- IP address
GYC Photography may store some of the above information as outlined below.
Article 4 also identifies a special class of personal data called Sensitive Personal Data. This includes:
- Health status
- Sexual orientation
- Religious beliefs
- Political beliefs
GYC Photography will never store Sensitive Personal Information (and we wouldn’t ask you for it in the first place).
What personal data we collect and why we collect it
In addition to ‘personal data’ as outlined above, GYC Photography may store the following:
- details of products and services we provide to you
- information you provide on other individuals
- correspondence you have had with us
Information you provide to us voluntarily
You may give us your personal information when you:
- order products and services from us;
- use our products and services;
- use, or provide a comment or write a review on this website;
- correspond with or contact us;
- enter into any of our competitions, promotions or surveys;
- interact with us on social media platforms;
- sign up to one of our newsletters or other communications;
- take part in our research;
Where we request information from you we will collect the information set out in the relevant forms or pages, or as explained to you over the telephone.
This information is collected in order to help us respond to your requests and better serve your photographic needs.
Information we collect automatically
Via Google Analytics (see ‘Information we collect from third party sources’ below), we collect certain related data of visitors to our website automatically including what pages you have viewed while here, for how long and your website journey.
Information we collect from third party sources
On occasions, we acquire information from another company, for example, Google Analytics. Where this happens we will take appropriate steps to assure ourselves that your information was collected legally.
At present, we use Google Analytics to collect information about how visitors to our website use the site, including collecting information on how long visitors spend on our content items, how often they return to visit our website and what demographic categories they fall into.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Data collected via the contact form is outlined on the form itself and is used for the purpose of replying to you and serving your photographic requirements.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
What we use your personal information for
- to deliver our products and services;
- to manage payments;
- to manage our relationship and communicate with you;
- to provide you with advice about our products and services;
- to respond to complaints and seek to resolve them;
- to develop and carry out marketing activities and competitions;
- to understand your website journey, including what pages you have viewed and for how long;
- to obey laws and regulations that apply to us.
Who we share your data with
No-one else. Ever. Period.
Performance and Display/Contextual Advertising
We don’t do that.
We don’t do that either.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Personal data submitted to us will only be retained as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting or reporting requirements. Different retention periods will apply for different types of data, but the longest we will hold your data is 6 years plus the current financial year. Details of retention periods for personal data are available in our data retention policy, which you can request by contacting us at the address below.
What rights you have over your data
Under GDPR, you have the following rights with regards to your personal data:
- Access: The right to request access to and a copy of your personal information (which can be done by emailing
- Restriction:You can ask us to pause processing your information in certain circumstances (e.g. you are disputing its accuracy);
- Rectification:You can have any inaccuracies in your personal information corrected;
- Deletion: You can ask us to delete all your personal information in certain circumstances (e.g. if the information is no longer necessary for the purposes for which it was collected);
- Objection: You can object to us processing your personal information in certain circumstances;
- Objection to marketing: Please use the ‘unsubscribe’ link in any of our marketing emails to you, or email firstname.lastname@example.org to opt out of direct marketing communications;
- Portability: You can ask us to transfer your information electronically to you or another organization in certain circumstances;
- Withdrawal of consent: Where we rely on your consent to process your information, you can withdraw consent at any time, although this does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
By submitting your information via the Contact Form, in person (e.g. via a business card) and/or via a purchase, you give your consent for your contact information to be stored for administrative and legal purposes. Your data will be stored on a secure UK-based server that is not accessible to third parties.
Having given your consent to be contacted, we may send an occasional newsletter to you via the email address you initially supplied. You may unsubscribe from these newsletters at any time.
How we protect your data
Your data is held on UK-based SSL-encrypted servers.
Our online payment portal (PayPal) uses SSL encryption.
What data breach procedures we have in place
While every reasonable precaution has been taken to ensure that your data is secure, hackers, fraudsters and malicious so-and-sos have become very sophisticated in the methods they use to try and access people’s data. To that end, we have the following procedures in place in case the so-and-sos manage to access your data:
In the event of a data breach that does not include sensitive personal information (as outlined above), we will seek to identify the cause of the breach, any weaknesses in our security that allowed the breach to occur and take whatever reasonable steps we can to ensure that this does not happen again. We may not contact to inform you of a breach if no sensitive information was compromised.
If a data breach does include sensitive personal information (as detailed above), we will contact you as soon as possible to inform you of the breach and what kind of data was compromised. If your login details could have been compromised, we will advise you to change your password (especially since many people use the same email address/password combination across multiple sites). We will seek to identify the cause of the breach, any weaknesses in our security that allowed the breach to occur and take whatever reasonable steps we can to ensure that this does not happen again.
If you have concerns about a data breach, please email us on email@example.com. If you feel that our response is not satisfactory, you are entitle to lodge a complaint with the Information Commissioner’s Office.
To lodge a complaint with the Information Commissioner’s Office (“ICO”) or other relevant supervisory authority
You can complain to the ICO (www.ico.org.uk/global/contact-us/email) or other relevant supervisory authority about any aspect of our handling of your information.
More information about the right to complain can be found at https://ico.org.uk/for-the-public/. If you have any questions about these rights, or you would like to exercise them, please contact us using the details below.
Please be aware that you are under no obligation to provide us with your personal information, but choosing not to will prevent us from being able to provide you with products and services, or otherwise interact with you.
When exercising your data protection rights we may ask you to verify your identity in order to help us respond efficiently to your request.
If you would like to exercise any of the above rights, please email or write to us using the details outlined below. All of these rights are free to exercise and we will do our best to respond to you as quickly as possible and in any event, within one month of receipt of your written request. We will inform you within one month of receipt of such request if we will need longer to respond, for example due to the complexity of the request.
We want to make sure that your personal information is accurate and up to date. Please always let us know if you think that it is not and needs updating.
If you made it this far, I offer my congratulations and £25 off any spend on products from your shoot 🙂
Policy last reviewed 28th September 2020