Go West Photography has always prioritised data and system security as part of it’s obligation to provide secure and well-managed systems therefore adhering to best practice guidelines such as The Data Protection Act as given by the Information Commissioner’s Office (ICO) and the new GDPR Law from May 2018.
Go West Photography is following updates to the GDPR interpretation using information provided by the ICO ensuring the most recent guidelines are followed.
1. Firstly Go West Photography can confirm and assure you, that an image alone is NOT DATA. It only becomes data when a name or any other personal information is linked which then identifies the image.
2. Go West Photography are booked to take either individual, group, corporate and website photographs and the client will have given consent to that they are happy to be photographed.
3. All information received for photo processing is stored on our encrypted computer system while in use and deleted as soon as the client’s request is completed.
4. All printed information containing data for the images produced while processing orders are destroyed via our confidential waste processor.
5. All systems are developed along industry standard best practice guidelines.
6. Access to our systems is governed by sophisticated Firewall configuration and audited quarterly by our IT support specialist.
7. We do not currently use any images or information received for any e-mail marketing.
8. Similarly, all images are stored on a dedicated encrypted hard drive, locked in a secure location, whereby Carolyn West (the Data Processor) is the only member of our staff with access and no passwords are stored. These images from May 2018 will be held for a maximum period of 18 months, a period we deem acceptable for orders to be placed.
9. All staff who assist with photographs have signed confidentiality contractual agreements.
10. As part of our existing PCI DSS accreditation we do not store any credit card information for Go West Photography.
11. Access to individual images via our online service is limited to a unique Access Code, these are non-sequential and unique to each booking.
12. Personal details received for us to produce orders through our online system will be destroyed once the orders has been processed. The information received by us when ordering will only be used should there be a query regarding the order. As per our current system all personal details will be destroyed via our shredding system waste processor as soon as orders are completed.
13. Digital image purchases made via our online ordering system are delivered via download from within the client’s secure area under https encryption.
14. All online ordering will now only be available for 18 months and images will be permanently deleted from the system.
15. Please note we must keep a record of order data as it is a mandatory requirement for HMRC, but this will be kept on our designated encrypted system.