GDPR Policy
Customers/New enquires
Emails
Emails are retained in a sub-folder on my webmail account.
Emails are held for record of conversations and reference to business related purposes i.e. photography bookings, courses delivered, costs and details agreed, events, consents. Emails will be deleted after 12 months of a completed job or course delivery or if the individual or company instructs me to do so.
I have not provided anyone access to my email account.
Information
Key personal data may be retained on Quickfile.
Key information held -
Name
Telephone number
Mobile number
Email address
Company address
Booking details

The personal data held is to record contact information, what photography services they have received or are interested in, costs discussed, quotes.
Notes are kept on conversations, emails and photography sessions delivered or quoted for.
Information is held for 24 months for record of business transactions and conversations.
Information will be deleted within 24 months if the individual or company instructs me to do so.

I have not provided anyone access to my filing system.

Invoices
Key information is retained on Quickfile.
Key information held -
Name
Address
Email
Phone number

Information is held for accounting purposes and for the legally required length of time to do so.
I have not given access to my files or account to anyone else.
Emails/Newsletters
Basic information is retained on Mailchimp for newsletter campaigns.
Key information held -
First Name
Surname
Email address
I have not provided anyone access to my Mailchimp account.
Mailchimp provides the opportunity for clients to unsubscribe from my newsletters. When an individual unsubscribes from my Newsletter database I delete their details from Mailchimp completely.
Where the information comes from
Emails may be received from the individual/company directly asking for information and/or quotes.
Information may come via a third-party recommendation or from the individual downloading a document, or via a link on my website.
Third parties include
Pixieset
Meetup
Mailchimp
Suppliers
Previous/existing customer referrals
Sharing information
On occasions I may share names and email addresses of my contacts with other contacts as a way of introduction. This is carried out only with the strict permission of the individual whose information I would be sharing.
Suppliers
Emails
Emails are retained in a sub-folder on my webmail account.
Emails are held for record of conversations and reference to business related purposes i.e. product information, quotes, proofs. Emails are deleted periodically once a job is completed and signed off if there is no further reason to keep.
Emails will be deleted if the individual or company instructs me to do so.
I have not provided anyone access to my email account.
Invoices
Key information is retained on file
Key information held -
Name
Telephone number
Mobile number
Email address
Company address
Information is held for accounting purposes and for the legally required length of time to do so.

I have not given access to my files or account for accounting purposes.
Where the information comes from
Emails may be received from the individual/company directly.
Information may come via a third-party recommendation or from the individual downloading a document on my website.
Third parties include
LinkedIn
Twitter
Meetup
Pixieset
Mailchimp
Suppliers
Previous/existing customer referrals
Networking events
Exhibitions
Sharing information
On occasions I may share names and email addresses of my contacts with other contacts as a way of introduction. This is carried out only with the strict permission of the individual whose information I would be sharing.
Processing Activities
Transferring details onto CRM system
Key information received is updated onto the Insightly CRM system. I only add information to Insightly of companies or individuals I have quoted for, worked with or who have booked my services.
Once the transfer has been completed, the client is replied to and, if applicable, the email is filed in the client sub-folder.
Raising invoices
The invoice is raised on Quickfile with all the relevant details and is emailed to michelle@stormfresh.co.uk
Once the invoice has been checked to be correct, it is emailed directly to the client.
The original invoice received from Quickfile is filed in the admin sub-folder on a secure encrypted cloud account.
Booking me
I will talk through the specific photography services required for each client and create a booking confirmation assessment for them detailing their brief for the project. This is saved to the client’s file section on Insightly CRM system.
Once the client has agreed the booking details and confirmed the photography session date, a booking deposit (50% of fee) and contract is emailed to the client. This is stored in the client’s file on Insightly.
I require that the client signs the contract and returns the signed copy to me, and pays the 50% booking fee to secure the date. This is stored in their file on Insightly.
I will send my privacy policy and terms and conditions to the client with the letter of engagement.

Digital calendar
Once the client has confirmed the date, paid the deposit, an event is raised on my digital calendar. The information this includes is photo session description, name of business, site address for photo shoot and in the notes section the names of those to be photographed if applicable.
The names will be deleted from the calendar event once the photo session has taken place.
Any information from a client that is shared in confidence during the photo shoot is not shared with anyone else.
Follow-up emails and telephone calls
I may email or call or connect via LinkedIn messaging with a client post photo shoot to ask for a review, discuss their experience and check that they are happy with my services and the photography provided
Deleting client’s information
When a client contacts me to request having information deleted/removed, I always acknowledge their request, locate the information they wish to remove and confirm I have complied by email, all in accordance with GDPR.
If their information has been deleted to the recycling bin, I will locate it and delete it permanently.
If I have hard copies of information that needs to be confidentially destroyed, I have a firepit where all paperwork is burnt.
Access requests
A client’s information is accessible to them at any given time. Upon request for access, I will locate all relevant information and create a secure, password-protected zip folder and email it to them.
I will text or call them with the password as required.
I advise the client that it could take up to 72 hours to retrieve information unless their request is urgent.
Back-up
All company information is backed-up to a secure encrypted cloud account.
Contracts
All completed contracts of engagement are stored in the customer’s record on Quickfile.
Back to Top