Privacy Policy

Effective Date: 18 November 2025 · Last Updated: 6 January 2026

Mae Rose Photography (“we”, “our”, “us”) is committed to protecting your personal information. This privacy policy explains what data we collect, how we use it, how it is stored, and your rights under the UK GDPR and the Data Protection Act 2018.

1. Scope of This Policy

This Privacy Policy applies when you:

Visit our website: www.maerosephotography.co.uk
Use of our contact form, newsletter form, or client membership login
Contact us by phone, email, or social media
Book or participate in a photoshoot
Access your private online client gallery
Order prints or photography products

2. Data We Collect

Information You Provide to Us

We collect personal information when you:

Submit a contact form – name, email address, phone number, enquiry details
Join the newsletter – name and email address
Contact us directly via email, phone, or social media
Book a session – contact information, addresses, participant details
Sign contracts or consent forms – name, email, next of kin, health or medical conditions, signatures, permissions
Order prints or products – name, delivery address, and order details

Payment Information:
We do not collect or store card details. All payments are made via bank transfer only

 2.1 Data Collected Automatically (Website Analytics)

When you visit our website, we may collect:

IP address, browser type, device information
Pages viewed, time spent on site, referring URLs
Cookies and analytics data (see Section 12)

 2.2 Photographs and Related Materials

We collect:

Images captured during your session
Client selections and editing notes
Consent forms for promotional use (where applicable)

2.3 Client Galleries (Membership Area)

Your private online gallery is accessible only by login, using a unique username and password provided to you when your images are ready. The gallery will remain available for 30 days from the date of delivery. After this period, access will expire, and login details will be disabled. These galleries are hosted on our website server, which is accessible only by Warren IT Services with our consent.

2.4 Data Stored Through Contact Forms, Newsletter & Membership

All form submissions, newsletter sign-ups, and client gallery logins may store your name, email, and other details on our secure website server.

When you sign up for our newsletter, your name and email address are collected and stored securely within Flodesk, our third-party email marketing provider. Flodesk stores your data on secure servers in the United States and processes your information in accordance with their own privacy policy and UK GDPR-approved data-transfer safeguards.

3. How We Use Your Data

We use your information to:

Respond to enquiries
Manage your booking or session
Deliver photographs and access to client galleries
Send newsletters (only if you opt in)
Send email updates, blog notifications, seasonal offers, and welcome emails via Flodesk
Provide updates or important service information
Process and deliver print orders
Improve website functionality and security
Meet legal and tax obligations

We never use your images for promotional purposes without your explicit written consent.

4. Legal Bases for Processing (UK GDPR)

We process your personal data in accordance with UK GDPR and the Data Protection Act 2018. The lawful bases for processing depend on the purpose:

Contract:

To fulfil bookings and deliver photography services
To process print or product orders

Consent:

To send newsletters, promotional emails, or marketing communications
To use your images for promotional purposes if you have given explicit consent

Legitimate Interests:

To improve business operations, website functionality, and security
To analyse website usage through anonymised analytics
To prevent fraud or misuse of our services

Legal Obligation:

To comply with tax, accounting, and other regulatory requirements

5. Data Sharing

We do not sell or trade your personal information.

We only share data with trusted third parties when necessary to deliver our services:

Service Providers

Business Gmail Account – for email communication and contact storage Google’s privacy policy: https://policies.google.com/privacy
Website hosting provider & Warren IT Services – for secure server management
Client gallery – system hosted on our website
External print companies – only if you place an order
Analytics providers – anonymised usage data
Flodesk – for managing newsletter subscriptions, automated emails, and delivery of your welcome guide (Flodesk Privacy Policy: https://flodesk.com/privacy)

Flodesk does not use your information for their own marketing or share it with unauthorised parties.

5.1 WordPress

Our website uses WordPress as an open-source content management system, but WordPress itself does not store your personal data.

5.2 Legal Requirements

We may share information where required to comply with the law (e.g., court requests, regulatory requirements).

6. Third-Party Links (UK GDPR)

Our website may contain links to third-party websites, social media platforms, or services. We are not responsible for the privacy practices or content of these external sites.

We encourage you to review their privacy policies before providing any personal information.

7. Email Marketing (Flodesk)

We use Flodesk as our email marketing platform. When you subscribe to our newsletter, Flodesk collects and stores your name and email address on our behalf. Flodesk enables us to send newsletters, blog updates, seasonal offers, service announcements, and free downloadable resources such as our welcome guide.
 
Flodesk processes your data securely and in compliance with relevant data protection standards, including UK GDPR-approved data-transfer mechanisms.
You may unsubscribe at any time using the link provided in any Flodesk email or by contacting us directly.

8. Data Protection & Storage

How Your Data Is Stored

Personal information submitted through contact forms, newsletter signups,   and client gallery accounts is stored securely on our website server.
Our server is maintained by Warren IT Services and is accessible only to authorised personnel when necessary for maintenance or support.
Emails, messages, and contact details are stored within Google Workspace (Gmail), which uses secure, encrypted servers. Some data may be processed outside the UK under recognised UK GDPR data-transfer safeguards.

8.1 Security Measures

Regular security updates and backups
Two-factor authentication on key accounts
Encrypted storage of images
Images are stored on encrypted devices and secure, password-protected external SSDs accessible only to Mae Rose Photography. Images are not stored in publicly accessible locations.

8.2 Data Breach

If a data breach occurs that is likely to pose a risk to individuals’ rights or freedoms, we will notify affected individuals and the ICO in accordance with UK GDPR requirements and within 72 hours where required.

9. Data Retention

Data Type 

Retention Period

Client records (name, contact details, booking information)

7 years (legal/tax requirement and business records)

Emails & correspondence

7 years (business record-keeping)

Contact form enquiries

2 years (administration and follow-up)

High-resolution images

Retained indefinitely for copyright, licensing verification, legal purposes, and legitimate business interests. (Not stored as a client service.)

Client gallery accounts

Deleted automatically within 30 days after gallery expiry

Contracts & consent forms

Retained indefinitely (for copyright, licensing, consent verification, and legal defence purposes)

Payment and invoice records

6–7 years (legal/tax requirement)

Newsletter subscribers

Until you unsubscribe, plus up to 30 days for system processing

Website analytics

Anonymous, non-identifiable data may be kept indefinitely

10. Your Rights

You have the right to:

Access your personal data
Correct inaccurate information
Request deletion (where legally allowable)
Withdraw consent at any time
Restrict or object to certain processing
Request data portability
Lodge a complaint with the ICO (UK)

To exercise any rights, contact: contact@maerosephotography.co.uk

11. Promotional Use of Images

We will only use your photographs for:

Portfolio or Website (including Blog Posts)
Social media, including Instagram, Facebook, and Pinterest
Marketing materials
Competitions or Publications across the UK (if you have given written consent / contract/model release).

You may withdraw consent at any time. Please see Section 13 for full withdrawal procedures.

11.1 Children’s Privacy

Photography Sessions Involving Minors:

For individuals under 18, written parent or guardian consent is required for:

Participation in photography sessions
Use of photographs for promotional or marketing purposes

We do not knowingly collect personal information from children under 13 through our website forms.

If we learn we have collected information from a child under 13, we will delete it promptly. If you believe your child has provided us with personal information, please contact us at conatct@maerosephotography.co.uk

12. Cookies

Our website uses cookies to:

Improve site performance
Analyse traffic
Remember user preferences

Some cookies, such as analytics or tracking cookies, require your consent and can be accepted or rejected via your browser or our cookie notice. 

13. Withdrawing Consent

You may withdraw consent for:

Newsletter emails
Promotional image use (e.g., social media, website, galleries, blog posts)
Marketing or promotional communications

We will only use your images for promotional purposes (website, social media, marketing, competitions, publications) if you have provided written consent.

You may withdraw consent for the use of images for promotional purposes at any time by contacting contact@maerosephotography.co.uk

Withdrawal applies to future use only and does not require the removal of images already delivered, published, or in use at the time of the request. Where removal is reasonably possible, we will make efforts to remove applicable content within 30 days.

Newsletter subscriptions can also be managed by clicking “unsubscribe” in any email sent via Flodesk.

14. Updates to This Policy

We may update this policy to reflect changes in our business or legal obligations, including but not limited to the introduction or removal of third-party tools such as booking systems. 

The “Last Updated” date will be revised with each update.

Email: contact@maerosephotography.co.uk
We aim to respond to all inquiries within 30 days