Privacy Policy

Harriet Hern Photography
Last updated: 12/03/26

1. Introduction

Harriet Hern Photography is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal data when you interact with us, including when you visit our website, make an enquiry, book photography services, or communicate with us.

This policy has been written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using this website or engaging with Harriet Hern Photography, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

For the purposes of UK data protection law, the data controller responsible for your personal data is:

Harriet Hern Photography – Sole trader
Email: hello@harriethern.co.uk
Phone: 07824700200

The data controller determines the purposes and means of processing personal data.

3. What Personal Data We Collect

We may collect, store and process the following types of personal data:

Information you provide directly

When you make an enquiry, book a shoot, or contact us, we may collect:

  • Full name

  • Email address

  • Telephone number

  • Postal address

  • Event details (such as wedding date, venue or location)

  • Social media handles or website links

  • Details about family members or guests involved in the photography session

  • Information relevant to your photography requirements

Information collected automatically when using our website

When you visit our website, we may collect:

  • IP address

  • Browser type and version

  • Device information

  • Pages visited

  • Time spent on pages

  • Referral sources

This information may be collected through analytics tools and cookies.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To respond to enquiries

  • To communicate with you about photography services

  • To prepare quotations and contracts

  • To deliver photography services

  • To manage bookings and scheduling

  • To deliver photographs and galleries

  • To manage client relationships

  • To maintain financial and accounting records

  • To improve our website and services

  • To send marketing communications where you have provided consent

  • To comply with legal obligations

We will only use your data where we have a lawful basis to do so.

5. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases for processing personal data:

Contractual Necessity

Processing is necessary to perform a contract with you, such as delivering photography services or responding to booking enquiries.

Legitimate Interests

Processing is necessary for the legitimate interests of Harriet Hern Photography, including:

  • managing client relationships

  • responding to enquiries

  • maintaining business records

  • promoting our services through portfolio work

These interests are balanced against your rights and freedoms.

Consent

Where required, we rely on consent, including for:

  • newsletter subscriptions

  • certain marketing communications

You may withdraw consent at any time.

Legal Obligation

Some data must be retained to comply with legal obligations, including tax and accounting requirements.

6. Data Retention

We only keep personal data for as long as necessary.

Typical retention periods are:

Data TypeRetention PeriodEnquiriesUp to 36 monthsClient records7 yearsContracts & invoices7 yearsPhotographic filesMinimum 3 months

Retention periods may vary where necessary for legal, insurance or accounting purposes.

7. Image Storage and Photographic Data

Photographs and related files may be stored on secure cloud services or external storage devices.

Images may be stored using:

  • secure cloud storage services

  • two-factor authentication

Raw image files may be retained for a minimum of 3 months, after which they may be archived or deleted at our discretion.

Clients are encouraged to download and back up their delivered images.

8. Sharing Your Data with Third Parties

We do not sell or trade your personal data.

However, we may share data with trusted third-party service providers where necessary to deliver services, including:

  • Google Workspace – for email communication, virtual meetings and file storage

  • Pixieset – for online wedding image galleries and delivery

  • Website hosting platforms (e.g. Squarespace)

  • Accounting services where required

These providers process data only on our behalf and must comply with applicable data protection regulations.

9. Website Cookies and Analytics

Our website may use cookies and tracking technologies to improve functionality and understand how visitors use the site.

This may include:

  • Google Analytics

  • Squarespace analytics

  • Meta Pixel (Facebook Pixel)

These services may collect information such as IP addresses, browser type, and interaction with our website.

You may disable cookies in your browser settings if you prefer.

10. International Data Transfers

As a photography business, we may occasionally work with clients, venues or vendors located outside the United Kingdom.

Where personal data is transferred internationally, we will ensure appropriate safeguards are in place in accordance with UK GDPR, including:

  • transferring data to countries recognised as having adequate data protection

  • using approved contractual safeguards

  • using reputable service providers with appropriate security measures

11. Data Security

We take appropriate technical and organisational measures to protect your personal data.

These measures include:

  • secure password-protected devices

  • two-factor authentication on cloud systems

  • secure Wi-Fi networks

  • restricted access to personal data

While we take reasonable steps to protect data, no system can guarantee complete security.

12. Children’s Data

Photography services may involve photographing children, including during family sessions, weddings, or newborn photography.

Where images or information relate to children, the booking client is responsible for ensuring appropriate consent has been obtained from parents or guardians where required.

We do not knowingly collect personal data directly from children without parental involvement.

13. Use of Images for Portfolio and Marketing

Harriet Hern Photography may display photographs for the purposes of promoting the business.

This may include:

  • website portfolio

  • social media

  • blogs

  • marketing materials

  • wedding blogs

  • publications

  • exhibitions

  • printed promotional materials

Images will always be used respectfully and in a manner consistent with professional standards.

If you would prefer your images not to be used in this way, this must be discussed and agreed in writing prior to confirming your booking.

14. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • request access to your personal data

  • request correction of inaccurate data

  • request deletion of your data where appropriate

  • request restriction of processing

  • object to certain types of processing

  • request transfer of your data to another organisation

  • withdraw consent for marketing communications

Requests can be made by contacting the email address below.

15. Complaints

If you have concerns about how your personal data is handled, please contact:

hello@harriethern.co.uk

We will aim to resolve your concern promptly.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK data protection authority:

Information Commissioner’s Office (ICO)
https://ico.org.uk

16. Changes to this Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in legal requirements or business practices.

The latest version will always be available on this website.