In the UK, the GDPR is implemented through the Data Protection Act 2018. This act controls how personal information is used by organisations, businesses, or the government. Everyone responsible for using personal data must follow strict rules called ‘data protection principles’.
The Information Commissioner's Office (ICO) is responsible for enforcing these regulations in the UK. Visit https://www.gov.uk/data-protection to find out more.
Last updated: 8th of June 2026
De Villiers Photography (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data with transparency, care, and security. This policy explains how we collect, use, store, and protect your personal data in accordance with:
UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
EU GDPR (where applicable to EU‑based clients)
International privacy principles for global visitors
We act as the Data Controller for all personal data you provide to us.
We may collect the following categories of personal data:
Name
Email address
Phone number
Address (where relevant)
Session details
Event information
Location details
Preferences and requirements
Communications (email, forms, messages)
Photographs and video captured during commissioned work
Reference images or mood boards you upload
Processed securely by third‑party providers (we do not store card details).
Collected automatically when you visit our website:
IP address
Browser type
Device information
Interaction data (via analytics cookies)
We only collect data necessary to provide our services or where we have a lawful basis.
We process personal data under the following lawful bases:
To:
Manage bookings
Deliver photography services
Communicate with you
Deliver digital or printed products
To comply with:
Tax and accounting requirements
Regulatory obligations
To:
Improve our services
Maintain security
Prevent fraud
Manage business operations
For:
Marketing communications
Use of images for portfolio or social media
Optional cookies
You may withdraw consent at any time.
We use your personal data to:
Provide and manage photography services
Communicate about your booking
Deliver images and products
Process payments and invoices
Respond to enquiries or complaints
Improve our website and services
Comply with legal obligations
Protect our rights and enforce our Terms & Conditions
We do not sell or rent your personal data.
Our website is accessible globally.
If you are outside the UK, your data may be transferred to and processed in the United Kingdom.
Where data is transferred outside the UK/EU (e.g., cloud storage), we ensure appropriate safeguards such as:
UK International Data Transfer Agreements (IDTAs)
EU Standard Contractual Clauses (SCCs)
Adequacy decisions
We only use reputable third‑party providers who meet GDPR‑level standards.
We may share personal data with trusted service providers, including:
Payment processors
Cloud storage and delivery platforms
Printing laboratories
Web hosting and email providers
IT and security providers
Subcontracted photographers or assistants (if required)
All third parties must:
Use data only for the agreed purpose
Maintain appropriate security
Comply with data protection laws
We do not allow third parties to use your data for their own marketing.
We use appropriate technical and organisational measures, including:
Encrypted storage
Secure servers
Access controls
Secure file‑delivery systems
Regular backups
Device security and malware protection
No system is completely secure, but we take all reasonable steps to protect your data.
We retain personal data only as long as necessary for:
Providing services
Legal and accounting obligations
Resolving disputes
Business record‑keeping
Images may be retained for longer periods for:
Portfolio use (with consent)
Archival purposes
Re‑orders or replacements
You may request deletion of images unless required for legal or contractual reasons.
May be retained indefinitely for statistical or research purposes.
Depending on your location, you may have the right to:
Access your personal data
Correct inaccurate data
Request deletion
Restrict processing
Object to processing
Receive your data in a portable format
Withdraw consent
Lodge a complaint with the ICO or your local authority
We may request proof of identity to protect your data.
Our website uses cookies to:
Ensure functionality
Improve performance
Analyse website traffic
For full details, please see our Cookie Policy.
This Data Protection & Privacy Policy should be read alongside:
These documents work together to explain how we handle your data and deliver our services.
We may update this policy to reflect:
Changes in law
Updates to our services
Improvements to our practices
The latest version will always be available on our website.
If you have questions or wish to exercise your rights, please contact:
De Villiers Photography
Email: info@devilliersphotography.com
Website: www.devilliersphotography.com