Privacy Policy

My website address is:

Here at NICK BRIGHTMAN PHOTOGRAPHY I take your privacy very seriously. This privacy policy has been prepared in line with the General Data Protection Regulation (GDPR), which promotes fairness and transparency for all individuals in respect of their personal data. This privacy policy applies to all data I process, and by using NICK BRIGHTMAN PHOTOGRAPHY you consent to the collection and use of such data

1. The Data I Collect

As a data controller I collect a variety of data in order to deliver my services, and I will manage your personal data transparently, fairly and securely.

Active Data Collection

I may ask you to provide me with the following data –

  • Identity Data may include your first name, last name, title and gender
  • Contact Data may include your home address, delivery address, email address and telephone numbers
  • Financial Data may include your bank account  details.
  • Transaction Data may include records of payments made by you and details of purchases made.
  • Technical Data may include your IP addresses, browser type, time zone and location, operating system and platform and other technology on the devices you use to access our site.
  • Usage Data may include information about how you use our website, products and services.
  • Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
  • Obviously being a photographic business I also create and manage images as per our contractual agreement(s)

I use the above date to deliver my service to you, for marketing purposes, to personalize your experience and to provide account access

I collect the above data on the following lawful basis, to arrange or fulfill a contract and to meet my legal obligation under said contract

Passive Data Collection

​As you navigate through a Web site, certain information can be passively collected (that is, gathered without your actively providing the information) using various technologies and means, such as Internet Protocol addresses, cookies, Internet tags, and navigational data collection.

This site may use Internet Protocol (IP) addresses. An IP Address is a number assigned to your computer by your Internet service provider so you can access the Internet and is generally considered to be non-personally identifiable information, because in most cases an IP address is dynamic (changing each time you connect to the Internet), rather than static (unique to a particular user’s computer). I use your IP address to diagnose problems with my server, report aggregate information, determine the fastest route for your computer to use in connecting to my site, and administer and improve the site.

A “cookie” is a bit of information that a Web site sends to your Web browser that helps the site remember information about you and your preferences. This site uses cookies.

“Session” cookies are temporary bits of information that are erased once you exit your Web browser window or otherwise turn your computer off. Session cookies are used to improve navigation on Web sites and to collect aggregate statistical information. This site uses session cookies.

“Persistent” cookies are more permanent bits of information that are placed on the hard drive of your computer and stay there unless you delete the cookie. Persistent cookies store information on your computer for a number of purposes, such as retrieving certain information you have previously provided (e.g., passwords), helping to determine what areas of the Web site visitors find most valuable, and customizing the Web site based on your preferences. This site uses persistent cookies.

 “Navigational data” (“log files”, “server logs”, and “clickstream” data) are used for system management, to improve the content of the site, market research purposes, and to communicate information to visitors. The information collected for these purposes is the IP address that requested the web page. This site uses navigational data.

2. Which third parties do I share Personal Data with?

I may share personal data with the following third parties:

Google Analytics and Google Calendar

Zoho Email system

Mailchimp email marketing system

Tave client management system

Pixieset image hosting galleries

Album manufacturer

Print lab

Siteground – website host

Backblaze – Data backup provider

I require all third parties to whom I transfer your data to respect the security of your personal data and to treat it in accordance with the law. I only allow such third parties to process your personal data for specified purposes and in accordance with my instructions

I may transfer personal data to a country outside of the European Economic Area (EEA) if necessary eg if a third party I utilise could have servers located outside of the EEA. If this is the case, I will either obtain your consent or otherwise ensure that the transfer is legal and your data is secure by following the EU’s guidelines.

3. Why do I share your Personal Data with the above?

I share your date in order to deliver my service to you, for marketing purposes, to personalize your experience and to provide account access

4. How do I keep your personal data secure?

I keep your date secure by following internal policies of best practice, encryption and passwords and by using secure socket layer (SSL) technology when information is submitted to me online

In the unlikely event of a criminal breach of my security I will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, I will also inform you.

5. Changes to my privacy policy and control

I may change this privacy policy from time to time. When I do, I will let you know by changing the date on this policy, notifying customers of only significant changes. By continuing to access or use my services after those changes become effective, you agree to be bound by the revised privacy policy.

6. You have the following rights –

  • the right to be informed about the collection and use of your personal data
  • the right of access to your personal data and any supplementary information
  • the right to have any errors in your personal data rectified
  • the right to have your personal data erased
  • the right to block or suppressing the processing of your personal data
  • the right to move, copy or transfer your personal data from one IT environment to another
  • the right to object to processing of your personal data in certain circumstances
  • rights related to automated decision-making (i.e. where no humans are involved) and profiling (i.e. where certain personal data is processed to evaluate an individual)
  • ​I also give you the option to manage your data via email 

While I do not hold personal data any longer than I need to, the duration will depend on your relationship with me, and whether it is ongoing. I may keep some of your personal date for up to 7 years after my working contract with you has finished for tax legislation purposes. After this time I will archive your photographs indefinitely along with your relevant details and consent forms. This is due to requests for replacement images being made several years after being taken

7. Your acceptance of these terms

By using my website and services, you signify your acceptance of this policy. If you do not agree to this policy, please do not use my services. Your continued use of my site following the posting of changes to this policy will be deemed your acceptance of those changes.