My photography adheres to GDPR principles, including respecting opt-out requests and limiting the use of identifiable images without consent. The below provisions detail how I intend to go about that. If you came here to ask for a beautiful portrait of yours to be taken down from my galleries or social media, just hit the contact form below.
Responsibilities of the Client
The Client agrees to:
1. Inform all event attendees that photography will take place during the event through:
_ Pre-event communications
_ Visible signage at the event
_ Including photography information in event registration materials
2. Obtain necessary consent from attendees by:
_ Including photography consent in event registration forms
_ Providing a clear opt-out mechanism
_ Maintaining records of consents and opt-outs
3. Provide the Photographer with:
_ A list of individuals who have opted out of photography
_ Any specific data protection requirements of the venue
_ Written confirmation that attendees have been informed
Responsibilities of the Photographer
The Photographer commits to:
1. Process personal data (photographs) in accordance with GDPR by:
_ Following the Client's instructions regarding opt-outs
_ Implementing appropriate technical and organizational measures
2. Respect individual rights by:
_ Implementing a process for handling removal requests
_ Responding to data subject requests within 30 days
_ Coordinating with the Client on data subject requests
Image Usage and Publication
1. Portfolio and Marketing Use:
_ The Photographer may use event photographs for portfolio and marketing purposes based on legitimate interest
_ The Photographer will remove specific individuals' photographs upon request
2. Social Media Publication:
_ Clear attribution of the event context
_ Removal of specific images upon request within 72 hours
Data Security and Retention
1. The Photographer will:
_ Store images securely using appropriate technical measures
_ Maintain backup copies for a period of 12 months
_ Implement appropriate access controls
Breach Notification
Both parties agree to:
_ Notify each other within 24 hours of becoming aware of any personal data breach
_ Cooperate in investigating and remedying any breaches
_ Maintain records of any breaches and remedial actions taken
Thank you!