Thistle + Stone Photography (“TSP”, “I”, “me”, or “my”) is committed to protecting your privacy and handling your personal data with care and transparency. This Privacy Policy explains how I collect, use, store, and protect personal information when you visit my website, make an enquiry, or work with me.
This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
⸻
Information I Collect
I may collect and process the following types of personal data:
• Contact information, such as your name, email address, phone number, and mailing address
• Enquiry and planning information, including details you provide through contact forms, consultations, contracts, and client portals
• Planning questionnaires and related responses, including personal preferences, comfort levels, and logistical details provided for the purpose of delivering services
• Session-related information, such as dates, locations, preferences, and logistical details
• Payment-related information, where relevant, processed via third-party providers (Wise, Square, or bank transfer)
• Website usage data, including IP address, browser type, pages visited, and similar analytics data collected through cookies and website analytics tools
I only collect information that is necessary to communicate with you, provide my services, and operate my business.
⸻
How I Use Your Information
Your personal data may be used to:
• Respond to enquiries and communicate with you, including reasonable follow-up related to your enquiry
• Manage bookings, contracts, questionnaires, and planning
• Provide photography and planning services
• Deliver image galleries and related products
• Process payments and maintain accounting records
• Comply with legal, tax, or regulatory obligations
• Improve website functionality and user experience
This includes information provided through planning questionnaires used to tailor services to the CLIENT and support thoughtful, safe, and personalised planning.
I do not use your personal data for email marketing or newsletters.
⸻
Legal Basis for Processing
Under UK GDPR, I process personal data under the following lawful bases:
• Performance of a contract – where processing is necessary to provide agreed services
• Legitimate interests – for business administration, communication, and service delivery
• Legal obligation – where required for tax, accounting, or regulatory purposes
Where consent is required (for example, where separate permissions apply), it will be requested clearly and explicitly.
⸻
Sharing Your Information
I do not sell or trade personal data.
Your information may be shared only with trusted third-party service providers where necessary to operate my business, such as:
• Client relationship management (CRM) systems
• Third-party form providers
• Online image gallery and delivery platforms
• Payment processors (Wise, Square, or banking institutions)
• Website analytics, cookie tools, and hosting providers
These providers only process personal data on my behalf and are required to comply with applicable data protection regulations.
⸻
Cookies & Website Analytics
My website uses cookies and analytics tools to understand how visitors interact with the site and to improve functionality and performance.
Cookies may collect information such as:
• pages visited
• time spent on the site
• browser and device information
You can control or disable cookies through your browser settings. Continued use of this website implies acceptance of cookie use.
⸻
Data Retention
I retain client data indefinitely, unless a request for deletion is made, in order to:
• maintain records of services provided
• fulfil legal and accounting obligations
• support long-term client relationships
If you make an enquiry but do not book my services, your personal data will be deleted once your intended Session Date has passed, at my earliest reasonable convenience.
You may request deletion of your personal data at any time, subject to legal retention requirements.
⸻
Data Security
I take reasonable technical and organisational measures to protect personal data from unauthorised access, loss, misuse, or disclosure. Access to personal data is limited to systems and providers necessary for business operations.
⸻
Your Rights Under UK GDPR
You have the right to:
• Access the personal data I hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data
• Restrict or object to certain processing
• Request data portability where applicable
To exercise any of these rights, please contact me using the details below.
⸻
Children’s Privacy & Age Requirement
This website and the services offered are intended for individuals aged 18 and over. By using this website, you confirm that you are at least 18 years of age.
I do not knowingly collect personal data from individuals under the age of 18. If you believe that personal data has been provided by someone under 18, please contact me and I will take reasonable steps to delete that information.
⸻
International Data Transfers
Some third-party service providers I use may process personal data outside the UK. Where this occurs, appropriate safeguards are in place to ensure compliance with UK GDPR requirements.
⸻
Changes to This Policy
This Privacy Policy may be updated from time to time to reflect changes in legal requirements or business practices. The most current version will always be available on my website.
⸻
Contact
If you have any questions about this Privacy Policy or how your personal data is handled, you can contact me at:
Thistle + Stone Photography
Email: info@thistleandstonephoto.com
Website: thistleandstonephoto.co.uk
Privacy Policy
