PRIVACY & DATA PROTECTION POLICY

Scott Ramsey Photography & Videography

Effective Date: 1st January 2026

1. INTRODUCTION

Scott Ramsey Photography & Videography ("We", "Us") acts as the Data Controller for your personal information. We are committed to protecting the privacy of our clients and the subjects we film/photograph.

2. THE DATA WE COLLECT

  • Contact Data: Names, email addresses, and phone numbers for booking and invoicing.

  • Visual Data: Photographs and video footage captured during assignments.

  • Financial Data: Payment records required for tax purposes.

  • Digital Data: IP addresses, browser type, and cookie data collected via our website (for analytics and security purposes).

3. HOW WE USE YOUR DATA (LEGAL BASIS)

We process your data under the following GDPR grounds:

  • Contractual Necessity: To capture, edit, and deliver the visual content you booked.

  • Legal Obligation: To maintain financial records for HMRC (7 years).

  • Legitimate Interests:

    • Archiving: We maintain a permanent offline and secure cloud archive of visual work to assert our Intellectual Property rights (Copyright) and facilitate future re-edits.

    • Marketing: As a creative agency, we (and our freelance creatives) rely on displaying previous work to secure future business.

4. MARKETING USAGE & YOUR RIGHT TO OBJECT

Unless you have explicitly requested a "Privacy Buyout" or Non-Disclosure Agreement (NDA) in your booking contract:

  • We reserve the right to display selected images/video from your assignment on our website, social media, and third-party portfolios.

  • Our freelance creatives also retain the right to use their specific work for their personal portfolios.

  • Opt-Out: If you wish to restrict this usage, please inform us in writing prior to the shoot.

    • Note: Restricting usage may alter the licensing fees associated with your quote.

5. SHARING YOUR DATA

We operate an agency model. We share project data with:

  • Freelance Creatives: They act as trusted Data Processors for the duration of the project.

  • Off-Site Storage Partners: To ensure data safety and disaster recovery (fire/theft protection), we may store secure physical backups of "Master Assets" (Hard Drives) at non-public locations managed by trusted internal custodians. These assets are protected via strict physical security protocols (e.g., locked storage) to prevent unauthorised access.

  • Cloud Infrastructure & Transfer Services: We use industry-standard third-party providers to store, back up, and deliver files. These currently include (but are not limited to) Postal & Courier Networks (e.g., Royal Mail) and digital services such as Google Drive, SmugMug, pCloud, Frame.io, and WeTransfer.

  • International Transfers: Some of our third-party service providers (e.g., Google, Frame.io) may store data on servers outside the UK/EEA (specifically the USA). We ensure these providers adhere to strict data protection standards (such as the UK Extension to the EU-U.S. Data Privacy Framework or Standard Contractual Clauses) to keep your information secure.

6. DATA RETENTION

  • Online Client Galleries: Active for 2 months. Please download your files promptly.

  • Master Archive: Retained indefinitely for copyright and disaster recovery purposes.

  • Correspondence: Financial and contractual emails are archived for 7 years to align with our tax/legal obligations. General correspondence may be deleted sooner once 

  • the project is complete.

7. YOUR RIGHTS

You have the right to request access to your data or request deletion of personal contact information.

  • Note: The right to erasure is not absolute and may not apply to Visual Data where we hold Copyright or a valid Model Release.

  • Right to Complain: If you believe we are mishandling your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK.

8. WEBSITE, COOKIES & DIGITAL TOOLS 

Cookies, Analytics & Advertising:
Our website uses "cookies" to ensure the site functions correctly, analyse web traffic, and measure the effectiveness of our advertising campaigns. We use trusted third-party tools (such as Google Analytics, Google Ads, and Bing Webmaster) to track anonymous visitor behaviour. This data is aggregated and cannot identify you personally.

Communication Tools & AI Chat:
When you contact us via our website forms, AI Chat Assistant, scheduling tools, or social media, your data is processed by trusted third-party providers. Please note that our website Chatbot utilises Artificial Intelligence to assist with your enquiries. We use these tools solely to facilitate your enquiry and manage your booking.

Mailing Lists:
If you opt-in to our newsletter, your email address is held securely by our marketing automation provider (e.g., Squarespace). You may unsubscribe at any time via the link in the footer of any marketing email.

Embedded Content:
Articles on our site may include embedded content (e.g., YouTube/Vimeo videos). These websites may collect data about you, use cookies, or embed third-party tracking.

9. CONTACT

For privacy concerns, please contact: Scott Ramsey at hello@scottramsey.co.uk