Ian Wallis Photography
  • |
    Home
  • |
    Reviews
  • |
    My Portfolio ▴
    • My Portfolio
    • School Photos
    • Portraits
    • Proms
    • Events
    • Commercial
  • |
    About Me
  • |
    School Photography
  • |
    Portraits
  • |
    My Artwork
  • |
    Prom Photography
  • |
    My GDPR & Privacy Policy
  • Contact Me
MENU
Ian Wallis Photography
  • Home
  • Reviews
  • My Portfolio
  • About Me
  • School Photography
  • Portraits
  • My Artwork
  • Prom Photography
  • My GDPR & Privacy Policy
  • Contact Me
© 2025 Ian Wallis Photography  -  Cookie Policy 
© 2025 Ian Wallis Photography  -  Cookie Policy 
My GDPR & Privacy Policy

PRIVACY POLICY

INTRODUCTION

At Ian Wallis Photography I take data security very seriously. I recognise the importance of ensuring that personal data is only collected when it is completely necessary, and that it is processed only when I have legal basis to do so. I continuously monitor my procedures to ensure that the environments in which any data is stored are protected adequately to industry-recognised standards.

As a valued customer it is my responsibility to process any data you provide for me, or that I collect on your behalf, in a secure environment, and – if necessary - I only use staff who are specifically trained as to the sensitivity of the data that passes before them in the course of their employment.

Under the General Data Protection Regulation (UK GDPR in the UK and EU GDPR in the EEA (European Economic Area)), I have responsibilities defined for me which I accept and fulfil. In the case of data provided by you while placing an order, I am the data controller, which means that I will make decisions as to how I process your data in order to fulfil your order. Subsequently, I may contact you to give you the opportunity to make purchases of other photographs I may have captured of you or your child, and you can choose to unsubscribe from such further contact at any time.

My Privacy Policy is designed to reassure website users, subscribers and all customers who make purchases through the website, that I will only process your data when is necessary, and even then,within secure physical and electronic environments. In addition to that, the GDPR (UK GDPR in the United Kingdom, EU GDPR in the EEA (European Economic Area)) gives you certain rights, one of which is The Right to be Informed. In line with this right, this Privacy Notice will inform you of the following:

The Information that I Gather

Disclosure and Transfer of Personal Information

Sources and Legal Bases for Processing of Personal Data

Retention and Deletion of Personal Data

Your Rights 

How to Contact Me

I review my privacy practices from time to time, in line with suggested Information Commissioner’s Office (ICO) guidelines. To contact me about privacy issues relating to my website, to report a violation of my Privacy Policy, or to raise any other issue, please e-mail me at ianwallisphotography@me.com.

THE INFORMATION I GATHER

I gather two types of information about users:

1. Tracking information: Information that is collected about every user of my website, whether such user registers or not, and is automatically gathered using "cookies." A cookie is a small bit of data that is written to the user's hard drive by a web server and used to track the pages the user has visited. Cookies do not include personal information about you, rather they are unique to each user, which allows my computers to distinguish between individual users, and personalise your experience if you have previously provided information about yourself. Cookies are only read by the computer that placed them and cannot execute any code or virus.
2. Personal information: Information that relates to an identifiable individual. When/if a user registers for my website (which is sometimes necessary) the user may be required to provide personal information such as their name and email address, to select a login name and password, and then will be passed on to a payment processing company to securely provide their credit card information (number, type and expiration date), a telephone number and a billing address.

Use of the Information:

1. Tracking Information: I use tracking information in aggregate form to build higher-quality, more useful services by performing statistical analyses of users' activities, and by measuring demographics and interest regarding specific areas of my website.
2. Personal Information: At registration, and when a user is purchasing goods via my website, the user provides personal information which could be collected during anyregistration and/or ordering process (as applicable). This privacy statement is notice that such information is collected.

Your contact details and other data you may supply as part of the registration process are stored and processed by me to enable you to access the services on my website and to provide you with the goods you have purchased or the information you have requested.

If you have provided an address when purchasing goods, my website may automatically fill in that information on a subsequent order form for your purchase of goods. This is simply a convenience - no information is released to anyone unless you authorise its release, such as by clicking a "Submit" button.

I may pass your contact details only on to a chosen delivery company, for the sole purpose of delivering your order and informing/updating you on the delivery progress of your order, if needed.

I will hold your personal information for as long as is necessary to provide excellent service to you in respect of the product you purchase. This is of particular importance where similar products are purchased over a number of years and if a customer wishes to check the make-up and detail of previous orders.

DISCLOSURE AND TRANSFER OF PERSONAL INFORMATION

I do not sell, trade or lease the personal information you entrust to us.

The data I control is always kept within the British Isles. Data is never transferred outside of geographical Europe.

I use the appropriate security methods to protect the data that resides on any servers that I may have. However, no security system is impenetrable. I cannot guarantee the security of any servers that I use, nor can I guarantee that information that users supply will not be intercepted while being transmitted to me over the internet.

I may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which I am subject, or in order to protect your vital interests or the vital interests of another person.

SOURCES AND LEGAL BASES FOR PROCESSING OF PERSONAL DATA

Under the GDPR (UK GDPR (United Kingdom General Data Protection Regulation) in the United Kingdom, EU GDPR (European Union General Data Protection Regulation) in the European Economic Area (EEA)) I am required to provide you with certain information relating to the data I process. These are as follows:

The general categories of personal data that I may process.

In the case of personal data that I did not obtain directly from you, the source and specific categories of that data.

The purposes for which I may process personal data.

The legal basis of the processing.

When you register an online account with me, such as when you place an order through the website, I may ask you for your contact details, including your name, address, telephone number and email address. I may process this data to allow essential functions to include communication with you, ensuring data security, and completing your order(s). There are several legal bases for these activities, such as fulfilment of my contract with you, and conducting my legitimate business interest of ensuring good customer service.

I may process data about your use of my website and services, and this may include pages you visit, links you follow and ordering data. This usage data may be processed to analyse the use of the website and services.  This is in order to make improvements and is made available to me through my web-analytics reporting system via a company called Online Picture Proof, who host and maintain my website. The legal basis for this processing is my legitimate business interest of making my website as efficient and effective as possible.

I may process information that you provide to me to send you email notifications and/or newsletters, or to send you special offer emails. The legal basis for this processing is legitimate business interest of generating sales through the website.

Subject data is provided by a school, college or organisation with whom I potentially have a data protection agreement (DPA) – if a DPA is deemed necessary. This data is limited only to that which is required in order to sufficiently identify who is contained in the photographs; such as full name, classidentification, admission number and academic or boarding house information, and any other information that may be required. Processing is performed in order to provide the services that the school or organisation have engaged me to perform. The processing is carried out in line with anycontractual obligations with a school, under the terms of any DPA that may be in place.  This is performed even if I do not have a DPA in place with the establishment with whom I am working.

I capture and process photographs (deemed to be personal data under the GDPR (UK GDPR in the United Kingdom, EU GDPR in the EEA (European Economic Area))) as my central and core service. The photograph data is processed to provide the service I have been contracted to complete. I amengaged to capture the photographs on behalf of the school or organisation, so they need to have a lawful basis for the processing. The school or organisation is also responsible to make sure that no one is presented for photography whose preference is that they are not included. Under the GDPR this preference can be expressed by the parent or guardian and/or the person themselves if they are 12 or over. All processing carried out by Ian Wallis Photography as controllers or joint controllers to make the images available for sale to parents, pupils and/or subjects is based on legitimate interest.

In addition to the specific information related to processing noted above, I may retain your personal data where such retention is necessary for compliance with a legal obligation to which I am subject, or in order to protect your vital interests or the vital interests of another person.

RETENTION AND DELETION OF PERSONAL DATA

The GDPR (UK GDPR (United Kingdom General Data Protection Regulation) in the United Kingdom, EU GDPR (European Union General Data Protection Regulation) in the European Economic Area (EEA)) requires me to maintain a company policy in relation to how long I keep various categories of personal data.

Personal data is kept for no longer than it is needed in order to serve the purpose for which it was collected.

I do not store credit card information on my systems.

A summary of the length of time I retain different types of information is as follows:

Photographs: These are the intellectual property of the company, and copyright on such work lasts for 75 years. I will, therefore, retain photographs for 75 years. After this point images are reviewed for longer preservation, to assess their historical relevance. If they are likely to become valuable historically, they are added to an archive.

Order Data: This is kept for 40 years in order to be able to inform you whether or not you have previously ordered a particular photograph or photographs.

Identification Data (Name, Admission Number and/or Class - provided by the school or college): This is kept electronically alongside portraits, and is kept in a secure database - only accessible by authorised users - for 75 years in line with copyright, and to ensure that these are made available only to the subject, or to close relatives of the subject.

In addition to the specific information related to retention and deletion noted above, I may retain your personal data where such retention is necessary for compliance with a legal obligation to which I am subject, or in order to protect your vital interests or the vital interests of another person.

YOUR RIGHTS

The GDPR (UK GDPR (United Kingdom General Data Protection Regulation) in the United Kingdom, EU GDPR (European Union General Data Protection Regulation) in the European Economic Area (EEA)) defines certain rights that you as a data subject may exercise in relation to your personal data. 

In summary, these rights are as follows:

The Right of Access

The Right to Rectification

The Right to Erasure

The Right to Restrict Processing

The Right to Data Portability

The Right to Object

Rights in Relation to Automated Decision Making and Profiling.

Some of the details of terms listed above are explained as follows. As some of these terms are complex, this should not be seen as a full explanation, and I certainly recommend that you read information presented by the regulatory bodies for further details.

The Right of Access

You have the right to request copy of the personal data I hold, plus supplementary information, such as whether I am processing your data, along with the reasons. In most cases, as long as the rights of a third party aren't compromised, I will comply with your request within a calendar month.

For clarity, I only hold data necessary to record what you have ordered, to make sure the order gets to you at the correct address, and to contact you about your order, and about potential future orders. I don't collect or store any data which isn't needed for these purposes.

The Right to Rectification

If any data I hold is incorrect, you have a right to request that this is corrected for you.

The Right to Erasure

If you no longer wish me to store or process your personal data, you have a right to request that any data I hold is erased or deleted. If you contact me to request a Right to Erasure, I will comply where possible, but there are exceptions, or exclusions to this right. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims. It may also be that the legitimate business interests of the company would be threatened by the erasure. For these reasons, the company has the right to reject a request under the Right to Erasure, but I will always explain to you clearly why the decision was taken, and what you can do next.

The Right to Restrict Processing

You may have a reason to request that I do not process your data for a specific period of time. Legal bases for this could be:

1. You contest the accuracy of the personal data.
2. Processing is unlawful but you don't want the data to be erased.
3. I no longer need the personal data for the purposes of my processing, but you need the personal data for the establishment, exercise or defence of legal claims.

As an alternative to the Right to Erasure, you may wish to request that I do not process your data for a specific period of time. You can make this request under your Right to Restrict Processing.

There are several legal exemptions to the Right to Restrict Processing: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another person; or for reasons of important public interest. It may also be that the legitimate business interests of the company would be threatened by the restriction. For these reasons, the company has the right to reject a request under the Right to Restrict Processing, but I will always explain to you clearly why the decision was taken, and what you can do next.

The Right to Object

You have the right to object to my processing of your data in relation to marketing. If you object, I will cease to contact you for this reason from the date of your request.

You also have a right to object to my processing of your personal data on grounds relating to your particular situation, but the processing may be necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by me or by a third party. If you exercise your Right to Object, I will cease to process the personal information unless there are legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims. It may also be that the legitimate business interests of the company would be threatened by the objection. For these reasons, The Company has the right to reject a request under the Right to Restrict Processing, but I will always explain to you clearly why the decision was taken, and what you can do next.

Rights in Relation to Automated Decision Making and Profiling.

To the extent that the legal basis for my processing of your personal data is: (a) consent; or (b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from me in a structured, commonly used and machine-readable format.

If you consider that my processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state where you normally live, your workplace or the place of the alleged infringement.

If the lawful basis for processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal of consent cannot be backdated from the actual date of receipt.

 

 

HOW TO CONTACT ME

If you wish to exercise any of your rights in relation to the data I hold about you, you may do this in writing.

You may also ask me any questions about this privacy statement.

You may email me at ianwallisphotography@me.com.

If you would prefer to contact me by post, please write to:

c/o Data Protection Officer
Ian Wallis Photography
2 Advent Way
Manchester
M4 7LL

The address above is also my business address, where I conduct my business securely and safely, as Ian Wallis Photography.

If you wish to view my ICO Data Protection Registration Certificate, then please visit the below webpage and search for Ian Wallis Photography:

https://ico.org.uk/ESDWebPages/Search

I can also email you a copy of the certificate, should you require this.

And finally, you can telephone the designated Data Protection Officer for Ian Wallis Photography on 07793009918 (name, Mr Nicholas Markley) for any advice and information regarding GDPR relating to Ian Wallis Photography.

 

© 2025 Ian Wallis Photography

Find us on facebook
 
Contact Me
© 2025 Ian Wallis Photography  -  Cookie Policy 

Cookie Policy

We use cookies to offer you a better browsing experience, analyze site traffic and assist in our marketing efforts. Read below about how we use cookies and how you can control them by clicking "Cookie Settings". If you continue to use this site, you consent to our use of cookies.

What are cookies

Cookies are small text files that are stored on a user's computer or mobile device. They are used for a variety of purposes, including personalising pages, remembering visitor preferences, analysing visitor behaviour, managing shopping carts and delivering targeted advertising. Cookies are used to improve the online experience of almost every website, including our own.

Types of cookies

When you use our website, the following four types of cookie may be set on your device:

Necessary cookies:
Necessary cookies are essential for the use of the features and services we offer on this website. Without these cookies, the services you want to use (such as view and buy your images) cannot be possible.

Functional cookies:
These cookies allow us to provide you with a better online experience when you use our website. They do not gather or store any information which would allow us to identify you personally.

Performance cookies:
Performance cookies collect information about how our customers use our site so that we can improve our site. These cookies collect anonymous information on the pages visited. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages.

Targeting cookies:
These cookies collect information about your browsing habits in order to make advertising more relevant to you and your interests. Advertising Bureau has put together a great resource for information on behavioural advertising: how it works, further information about cookies, and steps you can take to protect your privacy on the internet. For more information please visit www.youronlinechoices.com

Managing Cookies

Most internet browsers allow you to erase cookies from your computer hard drive, block all cookies (or just third-party cookies) or warn you before a cookie is stored. You can choose to restrict or block cookies through your browser settings at any time.

For more information about how to do this, and about cookies in general, you can visit www.allaboutcookies.org. Please note that certain cookies may be set as soon as you visit this website, but you can remove them using your browser settings.

However, please be aware that restricting or blocking cookies may impact the functionality or performance of our website. Some cookies on this site are essential, and the site won't work as expected without them. These cookies are set when you submit a form, view pictures, login or interact with the site by doing something that goes beyond clicking on simple links.