- Who are we?
- What personal data do we collect and why do we collect it?
- Who do we share your data with?
- How long do we retain your data?
- What rights do you have over your data?
- Where do we send your data?
- How do we protect your data?
- What data breach procedures do we have in place?
- What third parties do we receive data from?
- Additional information
- Contact information
Who are we?
We are Neil Everest and Andrew Everest trading as CameronLife Photo Library (“we”, “us”, “our”, “CLPL”, “Cameron Life”)
Our website address is: https://cameronlife.uk.
Full contact details can be found on our “Contact Us” page.
What personal data do we collect and why do we collect it?
We collect, control and process personal data on the lawful basis of legitimate interest.
By this we mean that we deal with personal data only to the extent required for operating our business and website(s) in an efficient manner having regard to the privacy and security needs and considerations of our users and customers.
This may include personal data such as name, email address, personal account preferences; transactional data such as purchase information; and technical data such as cookies.
We fully respect our users’ rights as laid down in applicable legislation, and only collect such data as is necessary for the safe, efficient and legal operation of our business.
We do not currently collect, control or process any sensitive personal data.
We do NOT under any circumstances pass on the data we collect directly to any Third Parties. The information you give to us will be used solely for the purposes of carrying on the CameronLife business. However, certain external services we use in order to run our business and to enhance our users’ experience may collect relevant data on their own behalf, and their use of such data is set out in their own individual Privacy Policies.
The main body of our site is built on the WordPress platform and the following paragraphs relate specifically to this platform.
By default WordPress does not collect any personal data about visitors, and only collects the data shown on the User Profile screen from registered users.
However this site does use operationally necessary plugins which may themselves collect personal data. Relevant information is included below.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
After approval of your comment, your profile picture is visible to the public in the context of your comment.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
We use contact forms to enable you to opt in to receive additional emailed material from us.
We typically use such email to disseminate news, views, information, newsletters and marketing promotions.
You will ALWAYS be informed as to the type(s) of material you can expect to receive PRIOR to opting in. Different contact forms are used as appropriate to allow you to choose which categories you do and do not wish to receive, and you will be able to unsubscribe instantly at any time of your choosing.
Additionally we use a double opt-in protocol which ensures that you will not receive emails unless and until you confirm your subscription.
We manage our email lists through AWeber, and the details entered (typically name and email address) are securely stored on their servers and processed through their software to ensure industry standard levels of privacy and security. We also maintain secure backups of that data on our own systems, but do not process that data ourselves except for the backup and restoration processes if required.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
You can find further general information about cookies and their use on our “More About Cookies” page.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use Google Analytics to track activity on our website for the purposes of monitoring business statistics and to assist in our efforts to improve the experience for you, our users.
We frequently review existing pages and check the design of new pages to ensure that no Personally Indentifying Information (PII) can be passed to Google Analytics during this process.
If you decide not to accept cookies from our site through the popup displayed when you first visit, then data will also not be passed to Google Analytics. However as mentioned elsewhere this action can limit the functionality of your interaction with our site and lead to a possibly less satisfying experience.
Here are some of the other ways you can control the information that is shared by your device when you visit or interact with sites and apps that use Google services:
- Ad Settings helps you control ads you see on Google services (such as Google Search or YouTube), or on non-Google websites and apps that use Google ad services. You can also learn how ads are personalized, opt out of ad personalization, and block specific advertisers.
- If you are signed in to your Google Account, and depending on your Account settings, My Activity allows you to review and control data that’s created when you use Google services, including the information we collect from the sites and apps you have visited. You can browse by date and by topic, and delete part or all of your activity.
- Many websites and apps use Google Analytics to understand how visitors engage with their sites or apps. If you don’t want Analytics to be used in your browser, you can install the Google Analytics browser add-on. Learn more about Google Analytics and privacy.
- Incognito mode in Chrome allows you to browse the web without recording webpages and files in your browser or Account history (unless you choose to sign in). Cookies are deleted after you’ve closed all of your incognito windows and tabs, and your bookmarks and settings are stored until you delete them. Learn more about cookies.
- Many browsers, including Chrome, allow you to block third-party cookies. You can also clear any existing cookies from within your browser. Learn more about managing cookies in Chrome.
We use various plugins to enhance the efficient operation of our site. These add extra functionality to the core WordPress functions, and some may collect personal data as part of their operation, in addition to the data collected by WordPress itself. (As noted elsewhere, that is limited to the relevant details of registered users only).
Plugins in use which DO collect and process personal data are listed below.
This plugin is used to manage visitor comments, checking for suspected spam and preventing its automatic publication.
We believe this is necessary both to relieve our workload in manually checking each and every comment made as well as more importantly to maintain the best possible experience for our genuine users.
Note that if your comment is approved your details will only then be collected by our site.
We use the PhotoShelter platform to store, display and process our images.
If you do make a purchase of one of our products through Photoshelter then data necessary for us to fulfil your order and maintain required business records is shared with us but remains stored with Photoshelter.
Who do we share your data with?
It is CameronLife policy never to share your data with any third party in return for reward or favour.
However as previously mentioned there are organisations who will receive data from our site as an integral part of the performance of the services they provide to us.
These services are:
1&1 Web Hosting
1&1 host our website and will only process our customers’ data if instructed to do so by us. So whilst your data collected by us may be stored on 1&1 secure servers (which may be located in various parts of the world), 1&1 and its staff do not have access to that data.
As the provider of our AutoResponder emailing services all data entered by you into any opt-in contact form on our site will be sent directly to AWeber for processing.
This data will necessarily include your email address and optionally your name(s). In all cases you will need to give explicit consent before processing occurs.
In some cases you may be asked for additional information regarding your preferences in order that we can avoid sending you unwanted categories of email once subscribed.
In accordance with CameronLife policy; AWeber policy; and our adoption of the legal basis of consent in respect of marketing communications, you will at all times have the option to immediately unsubscribe from any or all of our lists which you may have joined.
Please follow THIS LINK to review information on data sharing with Google Analytics
How long do we retain your data?
If you leave a comment on our blog, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Data collected in the course of financial transactions between you and us are retained for as long as accounting and regulatory taxation record requirements dictate – currently 6 years.
What rights do you have over your data?
Your rights over your data are as set out in the General Data Protection Regulations.
The right to be informed
Whenever you give us personal information through a contact form on this website we will tell you the specific purpose(s) for which that information will be used and you will be required to give specific consent (usually by means of ticking a box) before that information is actually collected.
The right of access
If you wish to access any of your personal data held by us please use the appropriate form located on our GDPR Compliance Page.
The right to rectification
If you wish to rectify any of your personal data held by us please use the appropriate form located on our GDPR Compliance Page.
The right to erasure
If you wish to have any of your personal data held by us erased or forgotten please use the appropriate form located on our GDPR Compliance Page.
The right to restrict processing
If you wish to restrict the ways in which we process your data please contact us at firstname.lastname@example.org
The right to data portability
Under GDPR you have the right in certain circumstances to have us transfer electronic personal data held by us to another data controller or processor.
However, since our current operations involve collecting only your name and email address (unless there is a financial transaction between us) it is likely that the exercising of an alternative right may be more appropriate.
In the event of you desiring transfer of details of financial transactions between us it is likely that we will have to decline on the lawful basis of legitimate interest – such transactions and commercial details are confidential between you and us.Please address any queries to email@example.com.
The right to object
You have the right to object to your personal data being processed, including an absolute right to object to it being used for direct marketing purposes
Rights in relation to automated decision making and profiling.
We do not use your data collected by us for any automated decision making or profiling purposes.
We do not use data collected on this site for profiling either. However, we may use profiling services offered by third parties such as Facebook and Google in order to efficiently market our goods and services to those most likely to benefit from or to want them. Part of this process may include uploading relevant personal data such as email addresses collected by us. This we construe as marketing activity and you have the absolute right to object to such use.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Please note that you have the legal right to request any of the above rights by any suitable channel including in writing; by telephone; and even through our social media sites. However, as we are a small business with limited human resources to monitor all channels; and bearing in mind our stated policy and desire to do all within our power to make the relationship between us pleasant, useful and secure; we do ask that if at all possible you make all initial contacts in relation to the exercising of your rights through one of the channels offered above. This will ensure our earliest attention to your needs.
Once again, for matters referring to this website and blog please use the appropriate form on our GDPR Compliance Page.
For all other matters or if you are not sure that the above option applies please email us at firstname.lastname@example.org
Where do we send your data?
Visitor comments may be checked through an automated spam detection service. We currently use the Akismet plugin.
As stated above we may also send your email address to Facebook for marketing purposes (to build audiences for relevant advertising etc.)
Some of the services we use may have their servers located outside of the EU.
How do we protect your data?
We protect your data by using SSL encryption for all communications between our sites and yourselves; by protecting all our databases with strong password and/or two factor security; and by only sharing your data with internationally recognised reputable organisations as listed within this policy.
What data breach procedures do we have in place?
In the event of a data breach coming to light we have the ability to immediately close down our site and limit the size of a breach as much as possible.
Using the information previously collected from users we will then notify all potentially affected data owners of the breach; the nature of such breach if known; and advise whether any sensitive or potentially damaging data has been affected.
We do not currently collect or store sensitive data on our own sites (eg credit card details) so would anticipate that for most users the vulnerable information would be limited to their email address, and for those who have purchased physical items from us their delivery and billing addresses.
What third parties do we receive data from?
As a business we may receive access to anonymised data from marketing platforms such as Facebook when we build audiences for marketing and advertising purposes. However, processing of this data normally remains with the third party and only if you enter your data on our site as a result of taking an action on a post or advertisement will your data be collected by us.
However there may be occasions when such third parties make your email address and name details available directly to us, in which case we will ALWAYS email you and obtain your specific consent before sending you any marketing information.
For the sake of clarity, where you opt in on our site to receive general and/or marketing communications we will treat the legal basis as consent and you will have the permanently available facility to opt out (and thus have your data “forgotten”) at any time.
If however your action in response to the post or ad has been to enter into a transaction with us, the legal basis will be legitimate interest and your right to be forgotten may be affected.
In any case you will always have the right of access to the data so collected.
For maximum security and to maintain minimum site loading times, thus enhancing your experience of our sites, we use a managed DNS service.
Since this service utilises a global network of servers, data which we collect from you may pass securely through one or more servers located outside the EU.
However, these servers host cached copies of our webpages only – they do not collect or process data which you exchange with us.
All such data is stored and processed only on our own host’s EU based servers (1&1), or on those of the reputable third parties used for various other functions, as listed.
Our contact information
See our Contact Us page for details