Terms of Service Privacy Policy Cookie Policy

Privacy Policy

Last Updated: 10 NOV 2025

Welcome to Nikki & Marco Photography. We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This policy explains how we collect, use, and store your personal information when you visit our website, use our services, or purchase from our online gallery.

 

1. Who We Are (Data Controller Details)

We are the data controller responsible for your personal data.

Our Details:

Nikki & Marco Photography

marco@nym.photography

 

2. What Information We Collect About You

We collect and process various types of personal data:

Identity Data

Name, title, username.

Contact Data

Billing address, delivery address, email address, telephone numbers.

Financial Data

Payment card details (processed securely by our payment processor, we do not store these ourselves), purchase history.

Transaction Data

Details about payments to and from you and other details of products/services you have purchased from us.

Technical Data

Internet Protocol (IP) address, your login data, browser type and version, time zone setting, location data, and device information when you visit our website.

Usage Data

Information about how you use our website and services (e.g., browsing history, pages visited, downloads).

Marketing Data

Your preferences in receiving marketing from us.

Photographic Data

Identifiable photographs of individuals, which constitute personal data under UK GDPR.

 

3. How We Collect Your Data

We collect data through:

  • Direct Interactions: When you fill in forms, create an account, purchase products in our gallery, subscribe to our newsletter, or communicate with us by email or phone.

  • Automated Technologies: As you interact with our website, we may automatically collect Technical and Usage Data using cookies, server logs, and other similar technologies. (See our Cookie Policy for more details).

  • Third Parties: We may receive data from payment providers (e.g., PayPal, Stripe), analytics providers (e.g., Google Analytics), and social media platforms.

 

4. How We Use Your Data and Our Lawful Basis

We will only use your personal data when the law allows us to. The most common lawful bases we rely on are:

Purpose of Use

Type of Data Used

Lawful Basis

To process and deliver your orders (sales, payments, delivery).

Identity, Contact, Financial, Transaction.

Performance of a contract with you.

To manage your account and provide customer support.

Identity, Contact, Transaction.

Performance of a contract; Our legitimate interests (efficient service).

To send you marketing communications (if you opted in).

Contact, Marketing.

Your explicit consent.

To improve our website, products, and services.

Technical, Usage.

Our legitimate interests (improving business/customer experience).

To comply with legal obligations (e.g., tax records).

Identity, Contact, Financial, Transaction.

Compliance with a legal obligation.

To showcase our portfolio (images on our website/social media).

Photographic Data.

Your explicit consent via a signed model release form.

5. Who We Share Your Information With

We may need to share your personal data with the following parties:

  • Service Providers: IT and system administration services, payment processors (who securely handle your card details), and print labs/delivery services to fulfil your orders.

  • Professional Advisers: Lawyers, accountants, and insurers.

  • HM Revenue & Customs (HMRC), regulators, and other authorities: Where required by UK law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

 

6. How Long We Store Your Data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements.

  • Financial Data: We are legally required to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

  • Photographic Data: We typically store original image files indefinitely as part of our business archive, relying on legitimate interest and the usage permissions granted via model release forms. You can request deletion of identifiable images at any time.

 

7. Your Legal Rights (UK GDPR Rights)

Under UK GDPR, you have the following rights regarding your data:

  • The right to be informed about how we use your data (this policy).

  • The right of access to the personal data we hold about you.

  • The right to rectification if your data is inaccurate or incomplete.

  • The right to erasure (deletion) of your personal data in certain circumstances.

  • The right to restrict processing of your data.

  • The right to data portability (transferring your data to another organisation).

  • The right to object to processing (e.g., for marketing or specific legitimate interests).

  • Rights related to automated decision making and profiling.

If you wish to exercise any of these rights, please contact us using the details in Section 1. We may require proof of identity before responding to your request.

 

8. Complaints

We hope we can resolve any query or concern you raise about our use of your information. However, you have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), if you have concerns about how we are processing your personal data.

 

© NIKKI & MARCO PHOTOGRAPHY