Privacy Policy for Darla Wells Photography

1. Introduction

At Darla Wells Photography, accessible at darlawellsphotography.com, we are committed to safeguarding and respecting your personal data. We uphold the highest standards of privacy and data protection in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data privacy laws. This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal information when you interact with our website and services.

2. Scope of this Policy and Data Controller Role

This Privacy Policy applies to all users of darlawellsphotography.com and governs the collection and processing of personal data through our website and related services. Darla Wells Photography acts as the data controller for all personal data processed under this policy. As a data controller, we determine the purposes and means by which your personal data is processed.

3. Categories of Data Processed

We collect and process various categories of personal data to deliver our services effectively. The categories of data include:

a. Usage Data
Information automatically collected when you visit our website, including IP addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamps, and clickstream data.

b. Account Data
Personal details provided when creating an account or making a booking, such as your full name, postal address, email address, and phone number.

c. Profile Data
Information associated with your preferences, order history, and interactions on darlawellsphotography.com including behavioral insights and product interests.

d. Communication Data
Records of your communication with us, including customer support requests, inquiries, and responses via email or contact forms.

e. Technical Data
Device data such as hardware model, system and software version, unique device identifiers, and mobile network information.

f. Transaction Data
Details about products or services you purchase from us, as well as billing details, payment method, and delivery information, excluding full credit card information (which is processed by a third-party PCI-compliant provider).

g. Preference Data
Your marketing preferences, communication settings, and consent status for promotional materials.

4. Legal Bases for Processing

We process your personal data only when a lawful basis applies under data protection laws, including:

– Contractual Necessity: To fulfill a contract with you, such as delivering photography sessions or processing payments.
– Consent: When you provide explicit consent for us to process your data, particularly for marketing purposes.
– Legitimate Interests: For purposes such as improving our services, preventing fraud, securing our systems, and understanding customer usage trends.
– Legal Obligation: Where processing is necessary to comply with a legal requirement.

5. Your Rights

Subject to applicable laws, you retain the following rights regarding your personal data:

– Right of Access: To request access to your personal data we hold.
– Right to Rectification: To correct inaccuracies in your personal data.
– Right to Erasure: To request deletion of your data, subject to legal retention requirements.
– Right to Restriction: To limit how your data is processed in certain circumstances.
– Right to Data Portability: To receive your data in a structured, commonly used, machine-readable format and/or request its transmission to another controller.
– Right to Object: To object to data processing where we rely on legitimate interest or process your personal data for direct marketing purposes.
– Right to Withdraw Consent: To withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We implement robust security measures to protect your personal data, including:

– Data encryption in transit (SSL/TLS) and at rest.
– Restricted access to personal data based on role-based permissions.
– Periodic security audits and vulnerability testing.
– Secure backups and disaster recovery protocols.
– Staff training on data protection principles and secure data handling.

7. International Transfers

Your personal data may be transferred and processed outside your jurisdiction, including to countries that may not offer the same level of data protection. When international transfers occur—such as to our service providers—we ensure protection through Standard Contractual Clauses or other recognized safeguards in compliance with GDPR and comparable legal frameworks.

8. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, including:

– Account Data: Retained while the account remains active and for up to 5 years after closure.
– Transaction Data: Retained for 7 years to fulfill tax and financial reporting obligations.
– Communication and Support Data: Retained for 2 years to address questions or legal claims.
– Marketing Preferences: Retained until you withdraw consent or unsubscribe.

9. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your experience. These include:

– Essential Cookies: Required for core site functionalities.
– Functional Cookies: Remember your site preferences and settings.
– Analytics Cookies: Help us understand site traffic and user behavior via tools such as Google Analytics.
– Performance Cookies: Improve site speed and response based on user interaction.

10. Cookie Management and Compliance

You can manage your cookie preferences through our cookie banner, as required by GDPR and CCPA. Additionally, most browsers allow you to refuse or delete cookies via settings. However, disabling certain cookies could impact website functionality. California residents may opt-out of the “sale” or “sharing” of personal data under CCPA by contacting us at [email protected] or using our available forms or preference centers when provided.

11. Children’s Privacy

We do not knowingly collect personal data from children under the age of 13. If we become aware that a child under 13 has submitted personal data to darlawellsphotography.com, we will promptly delete such data. Parents or guardians who believe that their child has provided personal data may contact us at [email protected] to request removal.

12. Policy Updates & User Notification

We reserve the right to update this Privacy Policy to reflect changes in our practices, legal obligations, or technology. Any material changes will be communicated on this page and, where appropriate, via email or prominent notices on the site. We encourage users to review this policy periodically.

13. Contact

For any questions about this Privacy Policy, to exercise your data rights, or to lodge a privacy-related complaint, please contact:

Darla Wells Photography
Email: [email protected]
Website: darlawellsphotography.com

We are committed to upholding your data protection rights and ensuring compliance with all applicable privacy laws. Please reach out with any concerns regarding your personal data or how it is handled.