1. Introduction
Maxeen Kim Photography (“I”, “me”, “my”) is committed to protecting and respecting your privacy.
This Privacy Policy explains how I collect, use, store, and protect your personal data when you visit my website, contact me, or book my photography services, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
If you have any questions about this policy or how your data is handled, please contact me at:
maxeen@maxeenkim.com
2. Who I Am
Business name: Maxeen Kim Photography
Location: United Kingdom
Website: www.maxeenkimphotography.com
Data Controller: Maxeen Kim Duncan
3. What Personal Data I Collect
I may collect and process the following personal data:
a) Information you provide directly
Name
Email address
Phone number
Wedding date and location
Any information you include in enquiry forms or emails
b) Client data
If you book my services, I may also collect:
Billing address
Payment-related information (processed securely via third-party providers — I do not store card details)
Contracts and correspondence
c) Website usage data
IP address
Browser type and version
Pages visited and time spent on the site
This data is collected via cookies and analytics tools (see Section 7).
4. How I Use Your Data
I use your personal data to:
Respond to enquiries
Provide photography services
Manage bookings, contracts, and invoices
Communicate important information about your booking
Improve my website and services
Comply with legal and tax obligations
I will never sell your personal data.
5. Legal Basis for Processing
Under UK GDPR, I process your data on the following legal bases:
Contract – to fulfil my obligations when you book my services
Legitimate interests – to run my business and respond to enquiries
Legal obligation – for tax and accounting purposes
Consent – where you explicitly give it (e.g. contact forms, cookies)
6. How Your Data Is Stored
Your data is stored securely using:
Password-protected systems
Encrypted cloud storage
Secure third-party platforms (e.g. email, CRM, gallery delivery)
I take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure.
7. Cookies & Analytics
My website uses cookies to improve user experience and analyse website traffic.
These may include:
Essential cookies (necessary for website functionality)
Analytics cookies (e.g. Google Analytics)
You can manage or disable cookies through your browser settings. For more details, please see my Cookie Policy [or insert link if separate].
8. Third-Party Services
I may share your data with trusted third parties only where necessary, such as:
Website hosting providers
Email services
Online gallery platforms
Accounting or invoicing software
All third parties are GDPR-compliant and only process data on my instructions.
9. International Data Transfers
As I work with international clients, your data may be processed outside the UK or EEA. Where this occurs, appropriate safeguards are in place to ensure your data remains protected.
10. How Long I Keep Your Data
I retain personal data only for as long as necessary:
Enquiry data: up to [e.g. 12 months]
Client contracts and invoices: up to 6–7 years (legal requirement)
Photographs: as outlined in your contract
11. Your Rights
Under UK GDPR, you have the right to:
Access your personal data
Request correction of inaccurate data
Request deletion of your data
Object to processing
Request data portability
Withdraw consent at any time
To exercise any of these rights, please contact me at [your email address].
12. Complaints
If you believe your data has been mishandled, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
Website: https://www.ico.org.uk
13. Changes to This Policy
I may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.