Privacy Policy
Last updated: 11 May 2025
1. Who we are
This website, corporateheadshots.photography (the “Site”), is owned and operated by ZZZ Media Ltd (“we”, “our”, “us”). ZZZ Media Ltd is a private limited company registered in England & Wales under company number 09208706.
For the purposes of UK data-protection law (UK GDPR and the Data Protection Act 2018), ZZZ Media Ltd is the data controller of the personal information collected via this Site.
2. How to contact us
If you have any questions about this Privacy Policy or the way we handle your personal information, please contact:
Data Protection Lead
ZZZ Media Ltd
Email: zzzmediauk@gmail.com
Telephone: +44 (0)7811 512 422
(Registered office address available on request or via Companies House.)
3. The personal information we collect
| Type of data | Examples | How we collect it |
|---|---|---|
| Identity & Contact Data | Name, job title, company name, email address, phone number | • Enquiry, quote, or booking forms• Emails or phone calls• Networking or referrals |
| Project Data | Shoot requirements, dates, locations, number of people to photograph | • Quote/booking forms• Direct correspondence |
| Payment Data | Invoice address, bank-transfer references | • Invoicing software • Accounting records |
| Image Data | Photographs captured during commissioned sessions | • On-location photo shoots |
| Technical & Usage Data | IP address, browser type, referring pages, time-on-site, cookie IDs | • Cookies & similar technologies • Google Analytics |
We do not intentionally collect special-category data (e.g., health or biometric data) through this Site.
4. Why we use your information (legal bases)
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Responding to enquiries, providing quotations, and performing booked photography services | Contract (Article 6(1)(b)) |
| Invoicing, accounting, and tax compliance | Legal obligation (Article 6(1)(c)) |
| Maintaining client records, sending service-related updates, managing schedules | Legitimate interests (Article 6(1)(f)) – to run and grow our business |
| Showcasing completed work in our portfolio or marketing (only with your consent unless images are already in the public domain) | Consent (Article 6(1)(a)) |
| Website analytics and security monitoring | Legitimate interests – to keep our Site secure and improve user experience |
Where our processing relies on consent, you may withdraw that consent at any time.
5. Cookies & tracking
We use cookies and similar technologies to:
- remember form entries while you navigate the Site;
- compile anonymised statistics via Google Analytics to understand how visitors use the Site;
- enhance security (e.g., Cloudflare).
You can control cookies through your browser settings and may opt out of Google Analytics cookies by installing the Google Analytics Opt-out browser add-on.
6. Sharing your data
We share personal data only when necessary:
- Service providers – e.g., trusted IT hosting, CRM, cloud-storage, or accounting platforms (all under contract and required to keep data secure & confidential).
- Professional advisers – accountants, insurers, lawyers (where reasonably required).
- Public authorities – HMRC or law-enforcement agencies if legally obliged.
We do not sell or rent your personal information to third parties.
7. International transfers
We aim to keep data within the UK or European Economic Area (EEA). Where a supplier stores or processes data outside these regions (e.g., US-based cloud services), we ensure there are appropriate safeguards in place, such as UK/EEA Standard Contractual Clauses.
8. How long we keep your information
We keep personal data only as long as necessary:
- Client and project records – normally 6 years after the end of the financial year of our last interaction (for tax & contract purposes).
- Photographic images – retained indefinitely in our secure archive unless you request deletion or we no longer need them.
- Enquiry data (where no booking follows) – deleted after 12 months.
- Analytics logs – typically 26 months (Google Analytics default) or less.
9. Keeping your information secure
We use administrative, technical, and physical safeguards—such as encryption in transit (HTTPS), password-protected storage, and access controls—to protect personal data against loss, misuse, or unauthorised access. While no system is 100 % secure, we regularly review and update our security measures.
10. Your data-protection rights
Under certain circumstances, you have the right to:
- Access – obtain a copy of your personal data.
- Rectification – correct inaccurate or incomplete data.
- Erasure – request deletion where there is no lawful reason for us to keep it.
- Restriction – limit processing in certain situations.
- Data portability – receive your data in a structured, commonly-used format.
- Object – object to processing based on legitimate interests or direct marketing.
- Withdraw consent – where processing is based on consent, withdraw at any time.
To exercise these rights, please contact us using the details in section 2. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (www.ico.org.uk) if you believe we have not complied with data-protection law.
11. Third-party links
Our Site may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read their privacy policies.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law or our practices. Any changes will be posted on this page with a revised “last updated” date. If significant changes are made, we will endeavour to notify you.
By using corporateheadshots.photography you acknowledge you have read this Privacy Policy and understand how we process your personal data.