Privacy Policy for Mark Bramley Photography Last Updated: 4 August 2025

Our Commitment to Your Privacy

As your equine and pet portrait photographer, your trust is paramount. I am committed to protecting and respecting your privacy. This policy explains what personal data I collect, why I collect it, how I use and protect it, and your rights concerning your data.

For the purpose of the UK General Data Protection Regulation (UK GDPR), the data controller is Mark Bramley, trading as Mark Bramley Photography ("we", "us", "our").

1. The Personal Data We Collect and Why

We collect data to provide you with our photography services, manage our business, and, with your permission, keep you informed about our offers. We collect this data on the lawful basis of contractual necessity, legitimate interest, and consent.

  • To Fulfil Our Contract With You (Contractual Necessity):

    • Contact Information: Your name, email address, phone number, and postal address. We need this to communicate with you about your session, deliver your products, and send invoices.

    • Session Information: Your horse's details, your chosen location (including address and postcode), and any other information provided in your questionnaire. This is essential for planning and executing your photoshoot.

    • Transaction Data: Your billing address and payment history. Note that we do not store your full card details; these are processed securely by our third-party payment providers.

  • For Our Business Needs (Legitimate Interest):

    • Photographic Images: The portraits we create. Our legitimate interest is in creating the images as part of our service, using them for our professional portfolio (as agreed in our contract), and archiving them for your future needs.

    • Enquiry Details: If you contact us with a query, we will keep a record of our correspondence.

    • Security Information: We may log IP addresses for website security and authentication purposes.

  • With Your Permission (Consent):

    • Marketing Communications: Your name and email address to send you newsletters, special offers, and information about our services. You can unsubscribe from this at any time by clicking the link in our emails or contacting us directly. We will never use your details for third-party marketing without your explicit, separate consent.

2. Cookies and Website Data

When you visit our website, we use cookies. These are small data files that help our website function and allow us to provide you with a personalised experience. We use:

  • Essential Cookies: To make our site work (e.g., for client galleries and shopping carts).

  • Performance & Analytics Cookies: To understand how visitors use our site so we can improve it.

  • Marketing Cookies: To show you relevant adverts on other platforms like social media.

You will be asked for your consent to use non-essential cookies via a banner when you first visit our website. You can manage your preferences at any time.

3. Who We Share Your Data With (and International Transfers)

We will never sell your personal data. However, to run our business and deliver your products, we may share your data with trusted third-party service providers, such as:

  • Professional Print Labs & Album Suppliers: To fulfil your product orders (e.g., Digitalab). They receive only the data necessary for production and delivery (e.g., your name, address, and the selected images).

  • Gallery & Business Management Software: To host your online viewing gallery and manage our client workflow (e.g., Pic-Time, Studio Ninja).

  • Payment Processors: To securely process payments for your session and products (e.g., Stripe, PayPal).

  • Accountancy Services: To manage our financial records (e.g., Quickbooks).

  • Marketing & Email Providers: To send you newsletters if you have consented (e.g., Mailchimp).

Some of these providers are based outside the UK. When we transfer data internationally, we ensure it is protected by appropriate legal safeguards. For transfers to the United States, we rely on providers certified under the UK Extension to the EU-U.S. Data Privacy Framework or who have signed UK Standard Contractual Clauses (SCCs).

We may also share data if required by law, for example, to comply with a court order or to protect the life of an individual.

4. How We Keep Your Data Secure

We take data security seriously. We have implemented the following measures:

  • Using Secure Socket Layer (SSL) technology to encrypt data submitted online.

  • Working with trusted, GDPR-compliant third-party providers.

  • Implementing internal best practices for data handling.

  • Maintaining secure backups of our data.

In the unlikely event of a significant data breach, we will notify the Information Commissioner's Office (ICO) and any affected individuals within 72 hours.

5. How Long We Keep Your Data

We only retain your personal data for as long as necessary.

  • Financial Records: We are required by UK law to keep records of all transactions for at least 7 years for tax purposes.

  • Purchased Images: Your final, purchased images are archived as part of our service to you, allowing for future orders or replacements.

  • Unpurchased Images: Images from your session that are not purchased are securely deleted 60 days after your ordering appointment.

  • Marketing List: If you consent to marketing, we will retain your details until you choose to unsubscribe.

6. Your Data Protection Rights

Under UK law, you have the right to:

  • Be Informed: About how we use your personal data (which is the purpose of this policy).

  • Access: A copy of the personal data we hold about you.

  • Rectification: Have any inaccurate personal data corrected.

  • Erasure (the 'right to be forgotten'): Have your personal data deleted, though this is subject to legal and contractual obligations (e.g., our need to keep financial records).

  • Restrict Processing: To limit how we use your data.

  • Data Portability: To receive your data in a common format.

  • Object: To the processing of your data for certain purposes (like direct marketing).

To exercise any of these rights, please contact us at privacy@markbramley.co.uk.

7. Changes to This Policy

We may update this policy from time to time. The latest version will always be available on our website. For significant changes, we will notify clients directly.

8. How to Complain

If you have any concerns about our use of your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues.

  • Website: https://ico.org.uk/concerns