Privacy Policy

Paul Michael Photography > Privacy Policy

Privacy Policy for Paul Michael Photos – paulmichaelphotos.uk

Last Updated: 15th May 2025

1. Introduction
Welcome to Paul Michael Photos (“we”, “us”, “our”). We are committed to protecting and respecting your privacy. This policy explains what personal data we collect from you, or that you provide to us, how it will be processed by us, and your rights in relation to your personal data.

This website, paulmichaelphotos.uk, is operated privately in the United Kingdom. For the purpose of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is Paul Michael Photos.

You can contact us at: info@paulmichaelphotos.uk.

2. What Information We Collect About You

We may collect and process the following data about you:

  • Information you give us:

    • When you leave comments:

      • Your name (or a pseudonym you provide)

      • Your email address

      • Your website URL (optional)

      • The content of your comment

      • Your IP address and browser user agent string (collected by WordPress by default to help spam detection)

    • When you purchase photos or products:

      • Your name

      • Your billing address

      • Your shipping address (if different)

      • Your email address

      • Your phone number (optional, but may be required for delivery)

      • Order details (products purchased, order value)

      • Payment information: We do not directly store your full credit/debit card details. These are processed securely by our third-party payment processors (e.g., PayPal]). We may receive transaction identifiers or partial card details (like the last four digits) from them for verification and order processing.

    • When you contact us (e.g., via a contact form or email):

      • Your name

      • Your email address

      • Any other information you provide in your correspondence.

    • When you register for an account (if applicable):

      • Username, email address, password.

  • Information we collect automatically:

    • Technical Information: Including your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

    • Information about your visit: Including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. This is often collected via cookies and similar technologies (see section 7).

  • Information from third parties:

    • Gravatar: If you leave a comment and use an email address linked to a Gravatar account, an anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your Gravatar profile picture is visible to the public in the context of your comment.

    • Spam Detection Services (e.g., Akismet): Visitor comments may be checked through an automated spam detection service. This service may collect information including the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).

3. How We Use Your Information

We use the information we collect in the following ways:

  • To provide and manage our services:

    • To allow you to leave and participate in comments on our website.

    • To process and fulfil your orders for photos and products.

    • To manage your account (if you create one).

    • To communicate with you about your orders, comments, or inquiries.

  • To improve our website and services:

    • To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

    • To improve our site to ensure that content is presented in the most effective manner for you and for your computer.

    • To understand how users interact with our website.

  • For security and legal reasons:

    • To detect and prevent spam and fraudulent activity.

    • To comply with our legal and regulatory obligations (e.g., tax and accounting purposes).

    • As part of our efforts to keep our site safe and secure.

  • For marketing (with your consent):

    • If you opt-in, to send you newsletters, promotional offers, or information about new products or services that may be of interest to you. You can unsubscribe at any time.

4. Legal Basis for Processing Your Personal Data (UK GDPR)

We will only process your personal data where we have a lawful basis to do so. The lawful bases we rely on are:

  • Consent: Where you have given us explicit consent to process your personal data for a specific purpose (e.g., for marketing emails, or for non-essential cookies). You can withdraw your consent at any time.

  • Contract: Where processing is necessary for the performance of a contract with you (e.g., to process and deliver your order for photos/products).

  • Legal Obligation: Where processing is necessary for us to comply with the law (e.g., retaining financial records for tax purposes).

  • Legitimate Interests: Where processing is necessary for our legitimate interests (or those of a third party), provided your interests and fundamental rights do not override those interests. This includes:

    • Operating and managing our website.

    • Allowing users to comment and interact.

    • Detecting and preventing spam and fraud.

    • Analysing website usage to improve our services.

    • Responding to your communications.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your personal data with trusted third parties in the following circumstances:

  • Service Providers:

    • Payment Processors: (e.g. PayPal) to process your payments securely.

    • Delivery/Courier Services: ([e.g., Royal Mail, DPD]) to deliver your purchased products.

    • Website Hosting Providers: ([e.g., Hostinger]) who host our website.

    • Email Marketing Services: ([e.g., Mailchimp, Sendinblue]) if you subscribe to our newsletter (with your consent).

    • Analytics Providers: (e.g., Google and Microsoft Analytics) to help us understand website usage.

    • Spam Detection Services: (e.g., Akismet) for comment spam prevention.

    • IT Support and Security Providers: Who help maintain and secure our systems.

  • Legal Requirements: If required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

  • Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.

  • To Protect Our Rights: To enforce our terms and conditions, or to protect the rights, property, or safety of the Paul Michael Photos website, our customers, or others.

Embedded content from other websites:
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Comments: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

  • Customer Orders: We retain order information for 6 years after the end of the financial year in which the transaction occurred, as required for tax and accounting purposes.

  • User Accounts (if applicable): For users that register on our website, we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

  • Analytics Data: Typically anonymised or pseudonymised and retained for [e.g., 26 months].

When your personal data is no longer needed, we will securely delete or anonymise it.

7. Cookies and Similar Technologies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

Cookies are small text files that are placed on your computer or mobile device when you visit a website.

We use the following types of cookies:

  • Strictly Necessary Cookies: These are essential for you to browse the website and use its features, such as accessing secure areas of the site or making purchases.

  • Functionality Cookies: These allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. For instance, if you leave a comment you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

  • Analytical/Performance Cookies: These collect information about how you use our website, e.g., which pages you visit most often. This data helps us optimize our website and make it easier to navigate.

  • Targeting/Advertising Cookies: These cookies may be set through our site by our advertising partners (if any). They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.

You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

We will ask for your consent to place non-essential cookies on your device via a cookie consent banner. For more detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy [Link to your Cookie Policy, if separate].

8. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include SSL encryption, access controls and automated software security checking.

However, please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

9. International Data Transfers

Your information, including personal data, may be transferred to Hostinger and maintained on Hostinger computers located outside of the United Kingdom or the European Economic Area (EEA) where the data protection laws may differ.

If we do transfer your personal data outside the UK/EEA, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • The country has been deemed to provide an adequate level of protection for personal data by the UK government.

  • We use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (e.g., International Data Transfer Agreements or Addendums).

This may occur if our service providers (e.g., hosting, analytics, payment processors) are based outside the UK/EEA.

10. Your Data Protection Rights

Under UK data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.

  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances (e.g., for direct marketing).

  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

  • Rights related to automated decision making including profiling – We do not currently conduct automated decision making or profiling.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at [Your Email Address] or [Your Postal Address for Data Requests] if you wish to make a request.

11. Children’s Privacy

Our website and services are not intended for children under the age of 13 (or a higher age as required by local law), and we do not knowingly collect personal data from children. If you believe we have collected personal data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the “Last Updated” date. You are advised to review this privacy policy periodically for any changes.

13. How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us at [Your Email Address] or [Your Postal Address for Complaints].

You also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office (ICO).
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk