Privacy Policy - Emily Sacra Photography

At Emily Sacra Photography, we prioritize your privacy and are fully committed to protecting the personal data we collect and process. We recognize the importance of safeguarding your personal information and are dedicated to handling your data with transparency, accountability, and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Commitment to Privacy and Data Protection
This Privacy Policy outlines how Emily Sacra Photography, accessible at emilysacraphotography.com, collects, uses, stores, shares, and protects your personal information when you interact with our website or related services. We are committed to maintaining the confidentiality, integrity, and security of personal data entrusted to us.

2. Scope of Policy and Role as Data Controller
This policy applies to all users of the emilysacraphotography.com website and services. Emily Sacra Photography acts as the Data Controller for all personal data collected through the website. As a Data Controller, we are responsible for determining the purposes and means of data processing.

3. Categories of Personal Data We Process
We may collect and process the following categories of personal data:

– Usage Data: Includes information regarding how you interact with our website, such as browser type, IP address, pages visited, session duration, and referring URLs.
– Account Data: Comprises identifiers such as your name, address, email address, and phone number when you create or update an account, book services, or sign up for newsletters.
– Profile Data: Includes your preferences, service selections, photography interests, and behavioral patterns relating to the use of the website or gallery purchasing.
– Communication Data: Encompasses messages you send to our support team, inquiries through contact forms, and correspondence history.
– Technical Data: Covers data about your device and software configuration, such as operating system, device type, browser settings, and other diagnostics.
– Transaction Data: Entails payment details (processed via secure third-party processors), order history, invoices, and delivery preferences.
– Preference Data: Includes information on your opt-in or opt-out choices for marketing communications, feedback on services, and selected areas of interest.

4. Legal Bases for Processing Personal Data
Under the GDPR, we rely on the following legal bases to process your personal data:

– Consent: When you voluntarily provide information or opt in to marketing communications.
– Contractual Necessity: To fulfill services you request, such as booking a session or processing payments.
– Legal Obligation: Compliance with applicable legal or tax responsibilities.
– Legitimate Interest: Operation and improvement of the website, fraud prevention, and personalized service offerings, provided these interests are not overridden by your rights and freedoms.

5. Your Rights
You are entitled to exercise the following rights with respect to your personal information:

– Right of Access: Request a copy of your personal data held by us.
– Right to Rectification: Request corrections to inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, under specific conditions.
– Right to Restrict Processing: Request limited processing under certain circumstances.
– Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format, or request transmission to another controller.
– Right to Object: Object to data processing based on legitimate interests or for direct marketing purposes.

Requests can be submitted to: [email protected]. We may request proof of identity before processing rights-based requests.

6. Security Measures
We employ appropriate technical and organizational measures to safeguard your personal data, including:

– SSL/TLS encryption for secure data transmission
– Restricted data access using authentication and role-based controls
– Routine data backups and protected storage
– Internal staff training in data protection and security best practices

While no system can provide absolute security, we continually assess our processes to ensure strong data protection.

7. International Data Transfers
Should personal data be transferred outside your country of residence, appropriate safeguards are implemented. These include the use of EU Standard Contractual Clauses (SCCs) or similar mechanisms recognized under applicable data protection laws to ensure your data receives adequate protection.

8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, tax, or regulatory obligations. Retention periods include:

– Account and profile data: maintained for the duration of your active use and an additional period for record-keeping
– Communication records: stored for up to five (5) years to maintain customer support history
– Transaction and invoicing data: retained for seven (7) years for tax and auditing purposes
– Cookie data: retained in accordance with our Cookie Policy below

9. Cookie Policy
Emily Sacra Photography utilizes cookies for several purposes:

– Essential Cookies: Required for core functionality like navigation, session management, and secure access.
– Functional Cookies: Remember user preferences and personalization settings.
– Analytics Cookies: Help us understand user engagement and improve performance (e.g., through services like Google Analytics).
– Performance Cookies: Collect anonymous metrics used for website performance monitoring and optimization.

Cookies do not typically identify you directly but are designed to provide a more efficient and personalized website experience.

10. Cookie Management and GDPR/CCPA Compliance
Upon visiting emilysacraphotography.com, you will be presented with a cookie consent notice. You may withdraw or alter your cookie preferences at any time by adjusting your browser settings or using cookie control mechanisms available on our site.

For California residents, you have the right to:

– Know what personal information we collect and use
– Request deletion of your personal information
– Opt out of sale or sharing of personal data (we do not sell personal data)

To exercise these rights, contact us at [email protected].

11. Children’s Privacy
Our services and website are not intended for children under the age of 13. We do not knowingly collect or solicit personal data from individuals under 13. If we discover that a child has provided us with personal data without parental consent, we will promptly delete such data from our records.

12. Modifications to This Policy
We may update this Privacy Policy periodically to reflect changes in legal requirements, business practices, or technologies. Any significant changes will be posted clearly on emilysacraphotography.com, and where required by law, we will seek your consent before making such changes applicable to you.

13. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or your personal data, you may contact us at:

Email: [email protected]
Website: emilysacraphotography.com

We are committed to ensuring full compliance with applicable data protection laws and strive to be transparent in how we protect your privacy. Please don’t hesitate to reach out with any privacy-related queries or concerns.