Data Protection


I am committed to protecting your privacy and security. This policy explains how and why I use your personal data, to ensure you remain informed and in control of your information.

From 1st January 2018, I will ask my clients to “opt-in” for marketing communications. This is due to a change to the rules which govern how I can communicate with you and a new regulation on personal data (the General Data Protection Regulation) now in force. Therefore I now rely on you giving me your consent about how I can contact you. This means you’ll have the choice as to whether you want to receive these messages.

You can decide not to receive communications or change how I contact you at any time. If you wish to do so please contact me by emailing susan@sptphotography.com.

I will never sell your personal data, and will only ever share it with organisations I work with where necessary and if its privacy and security are guaranteed.



Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by the Susan Porter-Thomas photography, operating as SPT Photography, registered company and data controller number ZA308496.


Both I and my studio are based at 31 Wellington Road, Ealing, London, W5 4UJ.  For the purposes of data protection law, I will be the controller.



Personal data you provide

I collect data you provide to me. This includes information you give when you contact me with regard to employing me as a photographer. For example:

  • personal details (name, email, address, telephone etc.) when you make an enquiry
  • financial information (payment information such as credit/debit card or direct debit details. Please see section 8 for more information on payment security); and
  • details about your children, their names and their ages

If you purchase a gift certificate for a friend or relative, your details will be recorded (as will the recipients) and your relationship to that person will be recorded.

Information created by your involvement with me

Your activities and involvement with me will result in personal data being created. This could include details of what you do for a living, what style you like in photography and where you live.

Information I generate

Information from third parties


If your friend has bought a gift voucher for a photo shoot, then I may have information about you in order to process that gift, such as name, address, email address and number of children.


Sensitive personal data

I do not normally collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation) about supporters and members. However there are some situations where this will occur (e.g. if you are pregnant with twins or are expecting to have a difficult birth). If this does occur, I’ll take extra care to ensure your privacy rights are protected.

Accidents or incidents

If an accident or incident occurs on our property, then I’ll keep a record of this(which may include personal data and sensitive personal data).


I only ever use your personal data with your consent, or where it is necessary in order to:

  • fulfil my role as a photographer;
  • comply with a legal duty;
  • protect your vital interests;
  • for our own (or a third party’s) lawful interests, provided your rights don’t override the these.

In any event, I’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes):


I use personal data to communicate with people, and to promote my work. This includes keeping you up to date with our news, updates, campaigns and special offers. For further information on this please see Section 5 (Marketing).



I use personal data for administrative purposes. This includes:

  • receiving payments (e.g. direct debits);
  • maintaining databases of clients and possible clients;
  • performing my obligations in fulfilling my role as your photographer;
  • fulfilling orders for goods or services (whether placed online, over the phone or in person);
  • helping me respect your choices and preferences (e.g. if you ask not to receive marketing material, I’ll keep a record of this).


Client evaluation and profiling

I evaluate, categorise and profile personal data in order to tailor marketing materials, services and communications (including targeted advertising) and prevent unwanted material from filling up your inbox. This also helps me understand my clients, improve my business and carry out research.





I will never sell your personal data. If you have opted-in to marketing, I may contact you with information about my suppliers, or third party products and services, but these communications will always come from me and are usually incorporated into my own marketing materials.

I may share personal data with subcontractors or suppliers who provide me with services. For example, if you have ordered an album and would like it sent straight to you rather than collect from me, then they will need your address and mobile number for delivery purposes.  However, these activities will be carried out under a contract which imposes strict requirements on my supplier to keep your information confidential and secure.


From 1st January 2018, I will ask my clients to “opt-in” for most communications. This includes all my marketing communications.

This means you’ll have the choice as to whether you want to receive these messages and be able to select how you want to receive them (post, phone, email, text).

You can decide not to receive communications or change how I contact you at any time. If you wish to do so please contact me at susan@sptphotography.com or telephone on 07815864884.

What does ‘marketing’ mean?

Marketing does not just mean offering things for sale, but also includes news and information about:

  • any special offers I may be offering to past clients;
  • new products or ideas for photo shoots;
  • work I’m doing that I feel may interest you in any way;
  • products, services and offers (our own, and those of third parties which may interest you);


When you receive a communication, I may collect information about you respond to or interact with that communication, and this may affect how I communicate with you in future.

Anonymised data

I may aggregate and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as recruiting new supporters, or to identify trends or patterns within our existing supporter base.  This information helps inform our actions and improve our campaigns, products/services and materials.



In order to build my portfolio of work and therefore to get new clients I will be asking you if I can use some images from your shoot and sharing these online in facebook, Instagram and in my website portfolio.  I will ensure the following

  • when you book me to photograph you and/or your children, you will be sent a contract which gives you the following opt-in boxes to tick
    • if you are happy for me to share images in social media such as facebook and Instagram
    • if you are happy for me to share images on my website portfolio
    • if you are happy for me to use your images to update my marketing material such as flyers and price lists
  • no image will have a clients name anywhere in the digital date associated with that image so it can not be linked back to my client
  • if you decide you do not want me to use the images in any way I will make a note of this and ensure the images are never used or shared unless with you as my client
  • I keep your images for a reasonable time (currently about 10 years) both on my own external hard drives and in a secure cloud location (shootproof.com)
  • You are welcome at any time to contact me and ask for your images to be removed from my website or social media.



Parental permission: If your child is under 18 then I’ll need permission from you as their parent or guardian for me to take their images and to share these images (without any of their names or data attached) as for above purposes.



I employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.

Electronic data and databases are stored on secure computer systems and I control who has access to information (using both physical and electronic means). I have undergone data protection training and I have a set of detailed data protection procedures which I am required to follow when handling personal data.

I never use your or your children’s names when labelling the images taken so that they can not be traced to you if they should be used online.

Payment security

All electronic forms that request financial data will be handled by external financial bodes that comply with EU data protection laws (Stripe, Braintree)

Of course, I cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our Ibsite) are at the meer’s own risk.


Where I store information

My business is based in the UK and I store my data within the European Union. Some organisations which provide services to me may transfer personal data outside of the EEA, but I’ll only allow them to do if your data is adequately protected.

The images I take are saved in a number of places for security sake (Shootproof, local hard drives) , and storage may be outside of the EEA, I also use a CRM software (17hats) to manage my business which is an American based company and their server is based in the US.  As a result personal data may being transferred to or accessible from the US. However, I’ll allow this as I am certain personal data will still be adequately protected (as 17hats is certified under the MEA’s Privacy Shield scheme).

When sending images to my clients I often send them via wetransfer.com which is based in the US and is an encrypted transfer facility.  I will also attach a password for that user to use to ensure only the correct recipient will be able to download those images.

How long I store information

I will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask me not to send you marketing emails, I will stop storing your emails for marketing purposes (though I’ll keep a record of your preference not to be emailed).

I will keep your images safe for 10 years in case you loose or would like to replace your images.

I continually review what information I hold and delete what is no longer required. I never store payment card information.


I want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:

  • the right to confirmation as to whether or not I have your personal data and, if I do, to obtain a copy of the personal information I hold (this is known as subject access request);
  • the right to have your data erased (though this will not apply where it is necessary for me to continue to use the data for a lawful reason);
  • the right to have inaccurate data rectified;
  • the right to object to your data being used for marketing or profiling; and
  • where technically feasible, you have the right to personal data you have provided to me which I process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.

Please keep in mind that there are exceptions to the rights above and, though I will always try to respond to your satisfaction, there may be situations where I am unable to do so.


If wish to make a complaint about your data protection and privacy rights, you can contact me on susan@sptphotography.com

If you are not happy with my response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk



Our website uses local storage (such as cookies) to provide you with the best possible experience and to allow you to make use of certain functionality (such as being able to shop online).

Links to other sites

My website contains hyperlinks to many other websites. I am not responsible for the content or functionality of any of those external websites (but please let me know if a link is not working by using the ‘Contact me’ link at the top of the page).

If an external website requests personal information from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by the I’s Privacy Policy. I suggest you read the privacy policy of any website before providing any personal information.

When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with me.


I’ll amend this Privacy Policy from time to time to ensure it remains up-to-date and accurately reflects how and why I use your personal data. The current version of our Privacy Policy will always be posted on our website.

This Privacy Policy was last updated on 18.01.2018.



error: Content is protected !!
error: Alert: Content is protected !!