Privacy Policy for Odin Glynn Photography
Effective Date: 13/04/2025
We are committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you interact with our services. Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
1. Data Controller
The data controller responsible for your personal data is:
2. Information We Collect
We collect the following personal data when you book or interact with our services:
Personal Details: Name, address, email, phone number, date of birth.
Payment Information: Payment identifiers, payment method details (through services like Stripe).
Usage Data: IP addresses, device information, browsing activity (through Google Analytics).
Service-Related Data: Booking and contact details through Setmore, photos taken during shoots.
3. Purpose of Data Collection
We collect your personal data for the following purposes:
To provide photography services (including booking, payment, and delivery).
To process payments using Stripe.
To communicate with you about your bookings, services, and orders.
To improve our services through analytics (via Google Analytics).
To send marketing communications (if you’ve opted in).
4. Legal Basis for Processing
We process your personal data under the following lawful bases:
Contractual necessity (to fulfill our photography services).
Consent (when you opt into marketing communications).
Legal obligation (if required for tax and business purposes).
4.1 Editorial and Journalistic Photography (GDPR Article 85)
In accordance with Article 85 of the General Data Protection Regulation (GDPR), certain personal data processing may be exempt from specific GDPR provisions when carried out for journalistic purposes, to safeguard the freedom of expression and information. This applies when Odin Glynn Photography operates in an editorial context - for example, capturing and distributing images of public interest (e.g., sports events, public gatherings) to reputable wire services such as Sipa USA, Associated Press (AP), PA Wire, Alamy, or Getty Images.
In such cases, where the photography is clearly editorial and intended for press distribution, the processing of personal data (including identifiable images of individuals) may be exempt from standard obligations such as obtaining consent, under relevant national implementations of Article 85 - including the Irish Data Protection Act 2018.
5. Data Sharing
We may share your personal data with the following third-party services:
Stripe for payment processing.
Zoho CRM for managing client relationships and communications.
Setmore for appointment scheduling and booking.
Google Analytics for website usage and analytics.
Pic-Time for online galleries (for photo delivery).
Adobe for photo editing and storage.
These services ensure your data is handled in compliance with GDPR standards.
6. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy. Personal data related to bookings, payments, and client communications is kept indefinitely, unless you request deletion, or we no longer require it for business or legal purposes.
7. Data Security
We take the security of your personal data seriously. We use the following measures to protect it:
Three-factor authentication for our systems.
32+ character passwords and YubiKey security for access control.
Encrypted storage and secure cloud servers with audit logging.
BitLocker encryption and YubiKey authentication for storing client photos on our computers.
Despite these efforts, no system is fully immune to security risks, and we will notify you of any data breaches in accordance with GDPR.
8. Client Rights (GDPR Compliance)
Under GDPR, you have the following rights:
Right to Access - You can request a copy of your personal data.
Right to Rectification - You can request corrections to inaccurate or incomplete data.
Right to Erasure (Right to be Forgotten) - You can request deletion of your personal data, except when we need it for legal reasons.
Right to Restrict Processing – You can request limitations on how we use your data.
Right to Data Portability - You can request a copy of your personal data in a machine-readable format.
Right to Object - You can object to certain processing, such as marketing.
Right to Lodge a Complaint – You can file a complaint with the Data Protection Commission (DPC) if you believe your data rights are violated.
To exercise any of these rights, please contact us at dpo@odinglynn.com.
9. Marketing and Communications
We send marketing emails, newsletters, and promotional offers only if you have explicitly opted in to receive them. You can opt out at any time by clicking the unsubscribe link in any email or by contacting us directly at contact@odinglynn.com.
10. International Transfers
Some of the third-party services we use, such as Stripe, Google Analytics, Zoho, and Adobe, are ISO 27001 certified for information security management. These services ensure that any international transfers of personal data comply with GDPR and provide appropriate safeguards, including the use of Standard Contractual Clauses (SCCs) or EU-U.S. Privacy Shield.
For services such as Pic-Time and Setmore, while they do not explicitly state ISO 27001 certification, they claim to implement strong security and privacy measures to ensure that personal data is handled in compliance with GDPR and other relevant security standards.
By using our services, you consent to the processing and transfer of your personal data to countries outside the EU in accordance with these protections.
11. Children’s Privacy
We offer services to individuals under the age of 16, and we use certain third-party services, such as Stripe, Zoho CRM, and Setmore, to manage their contact information and service-related needs. These services are used for the following purposes:
Stripe for processing payments.
Zoho CRM to keep track of contact information for client deliveries and communication.
Setmore for scheduling and booking appointments.
We ensure that we only collect the minimum necessary personal data for these purposes and that any data collected is handled in accordance with GDPR regulations. If you are a parent or guardian and have concerns about the data we hold or the services we offer to minors, please contact us at dpo@odinglynn.com.
12. Data Protection Officer (DPO) Contact
For any questions or requests regarding your personal data or if you wish to exercise your GDPR rights, please contact our Data Protection Officer (DPO):
Email: dpo@odinglynn.com
13. Updates to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any significant changes by email or by updating the "Effective Date" at the top of this policy.
