Privacy policy.

This privacy policy sets out how Andrew Heeley Photography collects, uses, stores and protects any information that you give when you use the website at www.andrewheeley.co.uk (“this website”).

This website is hosted by Squarespace.

I am committed to ensuring that your privacy is protected. Should I ask you to provide certain information from which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy policy statement and with the requirements laid down by law in the Data Protection Act (DPA) 1998, The Privacy and Electronic Communications (EC Directive) Regulations (PECR) 2003 and the new General Data Protection Regulation (GDPR) 2018. Andrew Heeley is the data controller and responsible for your personal data. My contact details are as follows:

I may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 23 January 2020.

What I collect

I may collect the following information (by choice or automatically through cookies):

  • Your name and job title.

  • Contact information including your email address, postal address and telephone number.

  • Demographic information such as postcode, preferences and interests.

  • Other information relevant to customer surveys and/or offers provided by us.

It is important that the personal data I hold about you is accurate and current. Please keep me informed if your personal data changes during your relationship with me.

I do not collect any special categories of data.

The legal basis for processing your data

I collect this data from you on at least one of the following legal bases:

  • In the case of customer surveys and marketing to individuals, sole traders, or partnerships, that you have provided your explicit opt-in consent for me to do so.

  • In the case of enquiries, orders and requests for service, that I need to in order to fulfil my contractual obligations to you (which includes the provision of quotations or estimates as a result of a request from you).

  • In the case of your corporate email address (where you have provided me with this), that I have a legitimate interest in doing so for my own commercial marketing activities and activities related to customer satisfaction and product development and service improvement where my use of your data is proportionate, has a minimal impact on your privacy and promotes an activity that you might reasonably expect me to be engaged in.

How is your data collected?

I use different methods to collect data from and about you, including through:

  • Direct interactions with you when you fill in a form or correspond with me by post, phone, email or otherwise;

  • Automated technologies or interactions, for example as you interact with this website I may automatically collect technical data about your equipment, browsing actions and patterns or by using cookies.  Please see below for more information on how this website uses cookies.

What I do with the information I gather

I use, store and process this information to understand your needs and provide you with a better service, and in particular, for the following reasons:

  • Internal record-keeping and to administer any account(s) that you might have with me.

  • I may use the information for my legitimate business interests  to improve my products and services to you.

  • I may periodically send promotional emails about new products or services, special offers or other information which I think you may find interesting using the email address which you have provided and given me consent to use or, where you have provided me with a corporate email address, for my legitimate interests (as described above), provided you have not unsubscribed.

From time to time, I may also use your information to contact you for my own market research and survey purposes. I may contact you by email, phone, fax or post but only in accordance with your express and explicit consent for such contact. I may also use the information for my internal business purposes and legitimate interests of improving customer satisfaction to customise my website(s) according to your interests to provide you with a better experience.

How long do I keep your personal information for?

I will only retain your personal information for the minimum time that is necessary for the purpose for which it was collected. For some purposes such as my business accounting obligations, this length of time will be determined by legislation. In relation to financial and transactional data this will be for a period of approximately 6 years after the date of the transaction.  In the case of marketing consent, I will contact you to renew this every two years.

Controlling your personal information – your rights

You may choose at any time to restrict the collection or use of your personal information in the following ways:

  • Whenever you are asked to fill in a form on our website(s), look for the box or boxes that you can choose to tick to indicate that you agree or opt-in, so that the information can be used by us for direct marketing purposes – if you don’t agree then don’t tick.

  • Right to withdraw consent, data retention and the right to be forgotten - If you have previously agreed to me using your personal information or I am using your contact details for my legitimate interests for direct-marketing purposes, you may change your mind at any time by emailing me at andrew@andrewheeley.co.uk. I will comply with your request within one month of receiving it. Please note, there may be certain circumstances such as a legal obligation I may have, that mean the right to be forgotten (your right to have your data erased) cannot be implemented but I will inform you of this should you contact me on this basis.

  • Right of data portability – You have the right to request a copy of the data that I hold about you in order that you can reuse it for your own purposes across different services. This right is only applicable if you have given me explicit consent to process your data or if I have used it for the performance of any contract(s) I may have (had) with you. If you wish to do this, please email me at andrew@andrewheeley.co.uk. I will provide the information in a commonly used and machine-readable format free of charge.

  • Right of access to your data - You may request details of personal information which I hold about you. If you would like a copy of the information held on you please write to or email me at andrew@andrewheeley.co.uk. You will not need to pay a fee to access your personal data.

  • Right to rectification of inaccurate data - If you believe that any information I am holding on you is incorrect or incomplete, please write to or email me at andrew@andrewheeley.co.uk as soon as possible. I will promptly rectify any information found to be incorrect.

  • Right to object to processing of your data – You have a right to object to me using your data for marketing under the basis of ‘legitimate interests’ and if you wish to do so, please contact me at andrew@andrewheeley.co.uk.

Disclosures of your personal data

I will not sell, distribute or lease your personal information to third parties unless I have your permission or are required by law to do so. I may use your personal information to send you promotional information about third parties which I think you may find interesting but only if you tell me that you wish this to happen.

I may need to disclose your data to third parties to whom I may choose to sell, transfer, or merge parts of my business or my assets. Alternatively, I may seek to acquire other businesses or merge with them. If a change happens to my business, then the new owners may use your personal data in the same way as set out in this privacy notice.

I require all third parties to respect the security of your personal data and to treat it in accordance with the law. I do not allow my third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with my instructions.

International Transfers

I may transfer your personal data outside the European Economic Area to my marketing mailing list software provider, MailChimp. Where I do, I ensure a similar degree of protection is afforded as applies to you in the EEA. I do this by implementing one of the following safeguards:

  • I may use specific contracts approved by the European Commission which give personal data the same protection it has within the EEA.

  • I will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commissioner or to which we can impose or adopt necessary safeguards to ensure the protection of your personal data and yours rights in respect of it.

Please contact me if you want further information on the specific mechanism used by me when transferring your personal data outside of the EEA.

Security

I am committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, I have put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information I collect online. All your information is stored either electronically on our secure servers, our customer relationship management software’s secure servers, or our marketing mailing list software’s secure servers, or in the case of paper documentation, in secured cabinets only accessible by the Data Controller, me or my staff or those nominated by the Data Controller as Data Processors.  I limit access to your personal data to those employees and other third parties who have a business need to know. They will only process your personal data on my instructions and they are subject to a duty of confidentiality.

In the event of any data security breach, I will comply with our legal responsibilities to notify the applicable regulator and you as outlined in the applicable legislation.

Any password(s) which you might use to access our website or other platforms that are operated by me using third-party providers are your own responsibility and you undertake not to share them with anyone else, save as to making provisions in your will. If you believe your password(s) has/have been compromised, you must inform me straightaway and change it.

Complaints

If you have reason to make a complaint, then you should contact me in writing as soon as possible at andrew@andrewheeley.co.uk.

How we use cookies on our website(s)

A cookie is a small text file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

  • Forms related cookies - When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.

  • This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.

  • From time to time I test new features and make subtle changes to the way that the site is delivered. When I am still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring I understand which optimisations our users appreciate the most.

  • As I sell products it’s important for me to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that I can accurately make business predictions that allow me to monitor my advertising and product costs to ensure the best possible price.

Overall, cookies help me provide you with a better website experience, by enabling me to monitor which pages you find useful and which you do not. A cookie in no way gives me access to your computer or any information about you, other than the data you choose to share with me.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our website(s).

Meta Visitor Action Pixel

I use the “visitor action pixel” from Meta Platforms, Inc. (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on my website. This allows user behaviour to be tracked after they have been redirected to my website by clicking on a Facebook ad. This enables me to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to me, i.e. I do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why I are informing you, based on my knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.

Links to other websites

My website(s) may contain links to other websites of interest. However, once you have used these links to leave my website, you should be aware that I do not have any control over those other websites. Therefore, I cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should look at the privacy statement applicable to the website in question.