Data privacy is important so that’s why I’ve written this statement. I don’t collect a lot of data, but the data I do collect I promise to keep as safe as possible and never to use it for purposes that it wasn’t intended for. I explain below what data I collect, how I use it and what your rights are to this data. All of this has been written to comply with the new General Data Protection Regulation (GDPR). If you would like any more information, then send me an email and I’d be happy to help: consent [at] ennabartlett.co.uk.
To make sure your data is kept as safely as possible, I have put in place measures, both digital and physical, to protect against theft, loss or damage. Of course, there are no completely foolproof methods, especially online, so if you would like to transfer any data to me by alternative means then you are more than welcome to.
Here’s what I mean when I use some of the terms listed below. For the most part I refer to the “controller” as “me” and the “data subject” as you. If anything isn’t clear, please let me know.
Personal data is any information that can identify a natural person (“data subject”). Personal data can include; a name, an identification number, location data, an online identifier or something that describes their physical, physiological, genetic, mental, economic, cultural or social identity.
The data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Controller or controller responsible for the processing
The controller or controller responsible for the processing is me (Enna Bartlett Photography). I determine which personal data is collected and how it is processed once it has been collected.
A processor is a person or other body that processes personal data on behalf of the controller.
Processing is what happens to the data once it has been collected. This includes, but is not limited to; recording and organising the data, storing and retrieving the data, adapting and altering the data and destroying the data.
Profiling is using collected data to evaluate certain personal aspects of that person. For example, this could be analysing a person’s data to predict their preferences and interests so that you can tailor your marketing towards them.
Pseudonymisation is processing personal data so that it can no longer be linked to a real person. This is usually what happens when statistics are produced from collected data for reports.
The recipient is a person or other body, to whom the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
A third party is a person or other body who is not the data subject, controller, processor or other person authorised to process the data.
Consent under the new GDPR regulations is defined as being freely given and is informed and unambiguous. It is given through an affirmative action and shows that the data subject agrees with the terms for processing their personal data.
Name and Address of the controller
The controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Enna Bartlett Photography
Phone: 07464 001937
Email: consent [at] ennabartlett.co.uk
If you don’t want the cookies to be placed on your computer, you can at any point change the settings in your internet browser to prevent them from being dropped. You can also clear your cookie settings to remove any cookies that already exist on your computer. If you do decide to turn off cookies in your internet browser, then some of the features of this site may not work correctly.
Collection of general data and information
As mentioned in the cookies section, this website collects some data through Google Analytics about your visit to the site. Some of the things the site collects include; the browser you use, the operating system of your computer, the websites you have come from if you have followed a link to my site, the date and time you accessed my site, your IP address, your internet service provider etc. This data doesn’t identify you as a person, but helps me to optimise the content on my site and informs my marketing strategies. The data collected through analytics tracking on this website is stored separately from any data collected through contact forms or email exchanges and cannot be linked directly to you.
Contact possibility via the website
This website allows you to contact me via a webform as well as by email. If you contact me by either of these methods then your personal data is automatically stored as part of your message. By emailing or contacting me through the webform I assume that you agree to your details being captured as part of the message. Any details captured are used purely for the purposes or communication and are never shared with anyone else (third parties).
Comments function in the blog and on the website
On this site, you have the ability to leave comments on my blog posts. If you leave a comment on one of my posts your data will be stored on this site and your comment made publicly visible. Your screen name, date and time of commenting will also be visible to others visiting the site. Alongside this, your IP address is stored by my site. This data will never be shared with anyone else.
Erasing personal data
I will only keep your data for as long as is necessary, when it is no longer necessary to hold your data I will delete it. You can request at any time that I erase any information that I hold on you.
You have the right to contact me to ask if I hold any data on you as well as the right to access, for free, all data that I hold on you. You also have the right to:
- know the purpose of me processing your data
- know what personal data I hold
- request all of the data I hold on you to be sent to you
- know who I have shared your data with
- know how long your data will be stored for
- update the information I hold on you
- object to the processing of your data, and any profiling based upon your data
- request the erasure of your data
- know where I got your data from
- know how your data is processed
- know how your data is being safeguarded
- ask me to send your data to another data controller
There are elements of Facebook integration on this site; with each load of a page your web browser downloads information from Facebook for any Facebook component present on that page and shares with Facebook any use of these Facebook elements. If you are logged in to Facebook at the same time, data is sent from this site to Facebook about your activity here and is subsequently stored by Facebook. This data is primarily collected so that features such as the ‘like’ button and Facebook commenting and sharing is available. However, if you are logged into Facebook while you are visiting this site, Facebook collects data about your visit regardless of whether you interact with these features or not. If you would prefer that Facebook doesn’t collect this data, it is advised that you log out of your Facebook account.
For more information about how Facebook uses your information, please visit the following links:
Google Analytics (with anonymisation function)
I use Google Analytics to track the performance of my website. All the data collected through Google Analytics is anonymised so that no, one individual can be picked out from the data. To do this, the “_gat. _anonymizeIp” application abridges your IP address so that the full IP address is not available.
Google Analytics places a cookie on your computer which allows it to record how the website is used by you and other visitors. This allows me to analyse how well the content on my site is performing.
Every time you load a page on my site, the Google Analytics cookies and applications will collect information about how you use my site (ie how long you spend looking at a page and which pages you visit among other things). The data collected like this is also stored by Google which helps them to develop their products and is also used to inform Google advertising across the web (not just limited to this site). If you would rather not have information like this collected about your visit to my site, it is recommended that you turn off cookies in your browser.
Additionally, you can download a browser add-on that will block information about your visits to websites being collected by Google Analytics. You can download that here:
For more information about how Google uses your information, please visit the following links:
I have integrated elements from Instagram into this website. Every time that you load a page on this site, the site communicates with Instagram to ensure that those elements are working correctly. As this happens, Instagram collects information about the pages that you have visited on the site (ie they know that an Instagram element was loaded on a specific page of this site). If you are logged into your Instagram account at the same time as visiting this site, then the actions you take here are linked to your Instagram profile. If you would prefer that Instagram does not collect this data about your visit to this site, it is recommended that you log out of your Instagram account.
For more information about how Instagram uses your information, please visit the following links:
Jetpack for WordPress
Alongside Google Analytics, I also have Jetpack for WordPress installed on this site. This is a WordPress plug-in that provides me with additional features, such as; displaying related posts when you read a blog article, enhanced security functions to help prevent against hacking, and optimising the loading of pages among other things.
To do these things, Jetpack drops a cookie on your computer that works in a similar way to the Google Analytics one. Every time you load a page, the cookie collects information about how you use the site to optimise the site’s performance. Because of this, your usage data is shared with Jetpack’s parent company Automattic. Again, if you would rather not have cookies collecting data about your visit to this site, please turn off cookies in your browser.
Just like with Google Analytics you can opt-out of Jetpack collecting data on your visit. Visit the following link to find out more:
Please bear in mind that if you opt out of the Jetpack cookies, this site may no longer operate as it should, and some features may be unavailable to you.
For more information about how Automattic uses your information, please visit the following links:
This website has elements of Twitter integration. Every time you load one of the pages on this site that has a Twitter element on it, Twitter collects information about your visit to the site and the use of that page. There are various Twitter ‘buttons’ that are used on websites, you can find out more about those here:
The reason Twitter has been integrated into this site is so that you can share my content on Twitter and connect with me on that social platform.
As with the other social media platforms, if you are logged into Twitter while you are visiting and using this site, your data is linked to your profile and stored by Twitter. Again, if you would rather this didn’t happen, please ensure that you are not logged into Twitter while you are using this site.
For more information about how Twitter uses your information, please visit the following link:
Legal basis for the processing
Under GDPR (Article 6(1) lit. a) and with your consent, I have a legal basis for processing your data. Where the collection of your personal data is necessary to fulfil a contract that we agree to, the legal grounds for processing your data is covered by Article 6(1) lit. b GDPR. The same applies to any processing that is necessary for carrying out pre-contractual measures, for example in the case of enquiries concerning my products or services. If I am subject to a legal obligation where processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject (you) or of another natural person. This would be the case, for example, if someone was injured as a result of my actions or equipment and where I have an obligation to process and share their name and any other necessary information with a doctor, hospital or other third party as required. This processing would be based on Art. 6(1) lit. d GDPR.
Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the previously mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
Period for which the personal data will be stored
I will keep your personal date for the duration of our contract plus five years. After that time, your data will be deleted.
Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
I clarify that the provision of personal data is partly required by law (eg tax regulations) or can also result from contractual provisions (eg information on the contractual partner).
Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.
Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.
Existence of automated decision-making
As a responsible company, I do not use automatic decision-making or profiling.