Privacy Policy

This Privacy Policy describes how nomysay.com ("we," "us," or "our") collects, uses, and shares personal information when you visit our family photography website. We are committed to protecting your privacy and ensuring transparency in our data practices.

1. Information We Collect

We collect several types of information from and about users of our website, including:

• Personal Information: Name, email address, phone number, and postal address when you contact us, book a photography session, or sign up for our newsletter.
• Photography Session Information: Dates, locations, preferences, and special requirements related to your photography needs.
• Payment Information: When you make a payment, our payment processors collect necessary billing information. We do not store complete payment card details on our servers.
• Images and Content: Photographs and videos created during sessions, including images of you and your family members.
• Technical Information: IP address, browser type, operating system, device information, browsing actions, and patterns.
• Usage Data: Information about how you use our website, including pages visited, time spent on pages, and interaction with content.

2. How We Collect Information

We collect information through:

• Direct Interactions: Information you provide when filling out forms, contacting us, or booking services.
• Automated Technologies: As you navigate our website, we may use cookies, web beacons, and similar technologies to collect technical information and usage data.
• Photography Sessions: Images and information collected during the provision of our photography services.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our photography services
• Process and fulfill your photography bookings and requests
• Communicate with you about appointments, services, and promotions
• Create and deliver the photographic content you have commissioned
• Personalize your experience and deliver content relevant to your interests
• Administer and protect our business and website
• Analyze usage patterns to improve our website and services
• Comply with legal obligations and enforce our terms and policies

4. Legal Basis for Processing (GDPR Compliance)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our contractual obligations to you when providing photography services.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and marketing our business, provided these interests are not overridden by your rights and freedoms.
• Consent: Processing based on your specific consent, such as for marketing communications or publication of your images.
• Legal Obligation: Processing necessary to comply with our legal obligations.

5. Data Sharing and Disclosure

We may share your personal information with:

• Service Providers: Third-party vendors who perform services on our behalf, such as web hosting, payment processing, and email delivery.
• Professional Advisors: Lawyers, accountants, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
• Regulatory Authorities: Government bodies that require reporting of processing activities in certain circumstances.
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes without your explicit consent.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data
• Regular security assessments
• Access controls and authentication procedures
• Secure backup systems
• Staff training on data protection

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. For photography images, our standard retention period is 12 months after delivery of final images, unless otherwise agreed upon in writing.

8. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate personal information
• Erasure: Request deletion of your personal information under certain circumstances
• Restriction: Request restriction of processing of your personal information
• Data Portability: Request the transfer of your personal information to you or a third party
• Objection: Object to processing of your personal information
• Withdraw Consent: Withdraw consent at any time where we rely on consent to process your personal information

To exercise any of these rights, please contact us through our website. We may need to verify your identity before responding to your request.

9. Children's Privacy

As a family photography service, we understand the importance of protecting children's privacy. We do not knowingly collect personal information from children under 16 without parental consent. If you are a parent or guardian and believe we have collected information from your child without your consent, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the updated Privacy Policy on our website and update the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

11. International Data Transfers

We may transfer, store, and process your information in countries other than your own. If you are located in the European Economic Area (EEA), we ensure that such transfers comply with applicable data protection laws by implementing appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

Last Updated: May 15, 2023