This Notice explains how Dominika Montonen-Koivisto complies with the DPA, GDPR and PECR.
1. Identity and contact information
This Privacy Notice (“Notice”) is provided by Dominika Montonen-Koivisto (“me”, or “I”), of Kivennavankuja 9 a, 02310 Espoo, Finland. It covers your rights in relation to the Data Protection Act 1998 (“DPA”), the General Data Protection Regulation (“GDPR”) and the Privacy and Electronic Communications Regulations (“PECR”).
Dominika Montonen-Koivisto is both the controller and processor of all personal data collected.
Date this Notice was created: 14th of June 2018
Date this Notice was last modified: 14th of June 2018
2. Compliance declaration
Dominika Montonen-Koivisto and this website, https://www.dominikamontonenkoivisto.com, comply with the DPA, GDPR and PECR. The GDPR comes into effect on the 14th June 2018. This Notice is updated whenever changes are made to relevant data protection legislation.
3. Your rights under the GDPR
Under the GDPR, you have a number of different rights relating to your personal data and how it is processed. They are as follows:
- Right to be informed about the collection and use of your personal data.
- Right to access your personal data, and any supplementary information which constitutes personal data.
- Right to have your personal data rectified; this means you can ask me to correct your personal data if it changes, turns out to be inaccurate, or is incomplete.
- Right to have your personal data deleted; this means that you have the right to request the deletion or removal of your personal data. There are some circumstances where you do not have this right.
- Right to restrict me from processing your personal data.
- Right to data portability.
- Right to object to the processing of your personal data.
- Rights related to automated decision making including profiling.
Most of these Rights will apply to your personal data and how it is processed by Dominika Montonen-Koivisto, but some (such as the right to data portability and rights related to automated decision making including profiling) are not relevant to this business at the time of writing.
4. The data I collect, how I use it and why
Cookies and website visitor tracking
Cookies are small text files that are placed on the hard drive of your computer or device to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymity tracking data to third party applications, in this case Google Analytics. As a rule, cookies will enhance your browsing experience. However, if you prefer not to receive cookies they can be disabled and removed from within the settings menu of your internet browser. I suggest either consulting the help section of your browser or taking a look at the following website About Cookies which offers guidance for disabling and removing cookies from within most modern internet browsers.
Client contact information
I use personal data, provided directly and voluntarily to me by clients, for two purposes. The first is to carry out my contractual obligations. This means that it’s information I need to do my job. This personal data includes, names, addresses, email addresses, phone numbers and further information which I need to complete your photography requirements.
The second purpose is for me to analyse and understand behaviour of my clients to assist me in relation to sales and marketing exercises. For example, to better understand where you heard about me and whether or not you choose to book me. This is a legitimate interest and a reasonable expectation that most people would have about a business. I collect personal data into and perform this analysis using simple spreadsheets.
Email addresses for gallery login
At the time of writing, I do not currently engage in email marketing, but in the future, I may make use of mailing lists to help market my business. Any new mailing lists created from this point, will be populated with personal data collected from you on the basis of explicit consent for this single purpose.
More detailed information
If you want to contact me with questions about your personal data, wish to exercise any of your rights or ask me further detailed questions, please use the contact form at the bottom of this page.
5. Sharing information with third parties
Other than those third parties mentioned in this Notice and listed below, Dominika Montonen-Koivisto shall not pass your personal data to any other third parties.
Your personal data may, subject to our obligations to comply with data protection legislation, be shared with the following third parties:
Pixieset Media Inc, as further described above;
Google Analytics demographics tracking software;
Second photographers/videographers/assistants who join me on shoots and need information to be able to do their job;
Having taken precautions to maintain the security of such personal data, I may in certain circumstances share personal data with the ICO, and other legal, regulatory and law enforcement bodies;
In anonymity form, we may share personal data with:
Any third party, in relation to the sale of some or all of my business, or its assets, or as part of any business restructuring or reorganization. I will take steps with the aim of ensuring that your rights continue to be protected if your personal data is transferred in accordance with this clause; and
Data aggregators and platform providers as part of an analysis of user metrics or sales performance (including but not limited to Google and Facebook).
I may also share your personal data with third party media businesses for the purposes of marketing my offerings, improving my services, and running a profitable business. These third party businesses may include, magazines/publications, websites, social media sites, or other outlets, with the aim of raising public awareness of my business.
6. Security, storage and data retention
Dominika Montonen-Koivisto stores your personal data in the EEA and retains full details of your personal data for as long as it takes to complete your photography requirements.
I will retain your data for a period of 7 years. After this time I will archive your photographs indefinitely along with your relevant details and consent forms. This is due to requests for replacement images being made several years after being taken. If you would like me to delete your personal data before this time, you have to right to request me to do so.
Client data held on file
I take care over the processes around looking after personal data stored on my physical systems. Dominika Montonen-Koivisto holds the following personal data of clients:
- emailaddresses / addresses
- phone numbers
within soft copy and sometimes hard copy contracts as well as soft copy client ‘day plan’ documents. Soft copy contracts and day plans are safely stored on my password protected home office computers and also kept on file on GDPR compliant mail servers.
Client photos are safely stored within my password protected home office computers and backed up to external hard drives.
Any downloadable documents, files or media made available on this website, and in addition via the Dropbox/Pixieset portal for client gallery downloads, are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available, users are advised to verify their authenticity using third party anti-virus software or similar applications.
In the unlikely event of a criminal breach of my security I will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, I will also inform you.
7. Clients And Guests Captured In Photos
In terms of explicit GDPR compliance, clients and guests are photographed within the parameters of GDPR legislation on the basis of ‘legitimate interests’. The taking of photographs of guests when viewed as a form of processing personal data is necessary for the legitimate interests of Dominika Montonen-Koivisto as a photography business unless there is a good reason to protect a given individual’s personal data which overrides those legitimate interests.
8. Social Media Policy And Usage
I adopt a safe and responsible Social Media Policy. While I may have official profiles on social media platforms users are advised to verify the authenticity of such profiles before engaging with, or sharing information with such profiles. I will never ask for personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with me on social media.
9. Your consent
By using this site and/or engaging me on my Terms and Conditions, you agree to be bound by this Notice.
10. Your right to withdraw consent
You have the right to withdraw your consent to be bound by this Notice at any time. If you wish to do so, please use the contact form at the bottom of this page. You also have the right, as set out above, to withdraw your consent to me processing your personal data.
11. Your right to lodge a complaint
As well as the right to withdraw consent and exercise any of the above rights mentioned under ‘Your rights under the GDPR’, you also have the right to raise a complaint with a regulatory body. In the Finland, this is The Office of the Data Protection Ombudsman. If you have concerns about the way your data is being processed by an organisation, you can find out more here.