Last Updated: July 3, 2025
Mavis Visuals (“we”, “us” or “our”) is a wedding photography and videography service operating in the United Kingdom and serving clients in the EU and worldwide. We are committed to protecting your personal information and respecting your privacy. This Privacy Policy explains what personal data we collect, how we use and protect it, and your rights in relation to your data. We handle personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and the UK Data Protection Act 2018, as well as other applicable international data protection standards. By using our website (mavisvisuals.co.uk) or services, you agree to the terms of this Privacy Policy.
We may collect and process the following types of personal data:
Contact Information: Your name, email address, phone number, and similar contact details that you provide (for example, when filling out our Get in Touch form or contacting us).
Event Details: Information related to your event or inquiry, such as the event date, venue/location, and any other details you choose to share in messages or forms.
Photographs and Videos: Images and videos of individuals (you, your guests, etc.) that we capture in the course of providing our photography/videography services. These visual media can be considered personal data if individuals are identifiable.
Payment Information: If you make a payment for our services, we may collect information necessary to process the payment (e.g. billing name and address). Please note: For online payments, we use trusted third-party payment processors to handle your credit/debit card information securely – we do not receive or store your full card details ourselves.
Website Usage Data: When you visit our site, we may automatically collect technical data such as your IP address, browser type, pages viewed, and cookies. This usage information is gathered through tools like cookies and analytics services to help us understand how visitors use our site. (See Cookies and Analytics below for more detail.)
We collect personal data only as necessary for the purposes described in this policy. You are not required to provide personal data to browse most of our website; however, certain services (like contacting us or booking) will require you to provide relevant information. We do not collect any special categories of personal data (such as health, religion, etc.) unless you voluntarily provide them (for example, if you mention specific needs for an event).
We obtain personal data from you in a few different ways:
Directly from You: Most information is collected when you directly interact with us. For instance, when you fill out our contact or inquiry forms on the website, request a quote, book our services, or correspond with us via email or phone, you provide personal data (such as your name, contact details, event information, and any other details in your message). We also may collect data if you comment on our blog posts or provide feedback, in which case we collect whatever information you include (e.g. your name, email, and the comment).
Through Our Website and Technology: Our website uses cookies and similar tracking technologies to automatically collect certain data about your visit. This can include technical information (IP address, browser type, device identifiers) and browsing behavior (such as pages you viewed and the time spent) via our analytics tools. Internet cookies are considered personal data under many privacy laws, so we inform you that by using our site, cookies will be placed on your device. You can control or disable cookies through your browser settings if you wish (see Cookies and Analytics below for more). Additionally, our web servers may log basic connection information when you visit (such as your IP and time of access) for security and maintenance purposes.
Through Third-Party Tools and Services: We integrate certain third-party services on our site that collect data on our behalf:
Analytics: We use third-party analytics tools (for example, Google Analytics) to understand how visitors use our site. These tools use cookies to collect usage data (like IP address and browsing patterns) and provide us with aggregated insights. Such third-party analytics providers may gather information about your visit over time and across our site.
Spam Protection: Our contact and comment forms are protected by anti-spam and security tools. For example, we use Google reCAPTCHA to prevent automated spam submissions; this service may collect certain information (like IP address and mouse movements) to determine that a real person is using the form. Similarly, if you leave a comment on our blog, an automated spam detection service (e.g. Akismet) may screen the comment by analyzing the information provided (including your IP and user-agent).
Social Media or External Sources: If you interact with us via social media (for instance, messaging us through our Facebook or Instagram pages) or tag us in content, we may receive information from those platforms according to your privacy settings on those services. We encourage you to review the privacy policies of any social media or third-party services you use to communicate with us. (Note: Social media interactions are voluntary, and those platforms might independently collect your data under their own policies.)
We do not acquire personal data from third-party data brokers or public databases. All personal information we process is either provided directly by you or collected through the tools noted above while you engage with our services.
We only use your personal information for specific, legitimate purposes. The main purposes for which Mavis Visuals processes personal data include:
Service Delivery: To provide the photography and videography services you have requested. This includes using your information to communicate with you about your wedding or event, schedule consultations, take and edit photographs/videos, and deliver the final images and films to you. For example, we will use your provided contact and event details to arrange our services and ensure we capture your event according to your expectations.
Communication: To communicate with you regarding your inquiries, bookings, and support requests. We will use your contact information to respond to messages you send us (via our website forms, email, or phone) and to keep you updated on the progress of our work (such as sending previews, updates on editing, or asking follow-up questions about your event).
Payment Processing: To process payments and fulfill financial transactions for our services. If you hire us and make a payment, we (through our payment processor partners) will use the necessary personal data to charge your credit card or process other payment methods and to confirm payment. As noted, we utilize third-party payment providers for secure transactions and do not store sensitive payment card numbers on our systems.
Improving Our Website and Services (Analytics): To analyze website traffic and user behavior in order to improve our site’s design, content, and user experience. We use analytics cookies and tools to see how users navigate our website (for example, which pages are most popular or if visitors encounter errors). This helps us make informed updates to better serve you. All analytics data is aggregated and does not directly identify you by name; it simply tells us overall how our site is used. This processing is typically based on our legitimate interest in understanding and enhancing our services.
Ensuring Security and Preventing Fraud: To protect our website, business, and users from fraud, malicious activity, or other illegal or harmful activities. For instance, data collected through reCAPTCHA and server logs helps us detect bots or misuse of our contact forms. We may also use information to debug and fix technical issues on the site.
Legal Obligations: To comply with legal or regulatory requirements that apply to us. For example, we may retain certain transaction records for tax and accounting purposes, or disclose information if required by law (such as responding to a court order or an investigation by law enforcement). We only disclose personal data to third parties when legally required or when necessary to protect our rights.
Marketing and Future Communications: [Planned Future Use] With your consent, we may in the future use your contact information (such as your name and email) to send you marketing communications. This could include email newsletters, promotional offers, updates about our services (e.g. new packages or seasonal discounts), or helpful content like photography tips and blog highlights. We will not send you marketing emails unless you have agreed to receive them (for example, by ticking a sign-up box or explicitly requesting to join our mailing list). Even after giving consent, you will have the opportunity to opt out at any time (see Marketing Communications below for more details). We might also request your permission to use one or two of your wedding photos or videos in our portfolio or on our website/social media for promotional purposes – we will only do this with your explicit consent as part of our agreement with you.
We will not use your personal data for any purpose that is incompatible with the reasons outlined above without first obtaining your consent or providing notice. Importantly, we do not sell your personal data to anyone and we do not use your data to profile you for advertising by third parties. All uses of personal information are limited to what is necessary and relevant for our legitimate business functions, the performance of our contract with you, or compliance with the law, as described.
Under the GDPR (and UK GDPR), we must have a valid legal basis to process your personal data. Depending on the specific context, one or more of the following legal bases apply to our processing activities:
Contractual Necessity: In most cases, we process your data because it is necessary to fulfill our contract with you or to take steps at your request before entering a contract. For example, when you hire us for a photography/videography service, we need to use your contact details and event information to perform that service (this is considered processing necessary for the performance of a contract). If you inquire about our services, processing your data to respond is a pre-contractual step taken at your request.
Legitimate Interests: We may process certain data as needed for our legitimate business interests, provided those interests are not overridden by your data protection rights. Our legitimate interests include improving our services and website, ensuring the security of our platform, and communicating with clients. For instance, using analytics to understand how users interact with our site, or retaining event photos in our archives for a reasonable period as a backup, can be based on legitimate interest. When we rely on this basis, we consider and balance any potential impact on you and your rights.
Consent: We will rely on your consent for specific types of processing that are not covered by other legal grounds. In particular, we will ask for your consent before using cookies that are not strictly necessary (e.g. analytics cookies where required by law) and before sending you marketing emails or newsletters. If we ever wanted to use your photos or personal testimonials in our marketing materials, we would also obtain your consent. Where processing is based on consent, you have the right to withdraw consent at any time (with effect for the future), which will stop that particular processing (see Your Rights below).
Legal Obligation: In some situations, we need to process or retain your data to comply with a legal obligation. For example, accounting laws may require us to keep records of payments, or data protection laws might require we verify your identity before fulfilling a data access request. We only process the minimum data necessary for compliance with our legal duties.
We will always identify the appropriate legal basis for our processing. If we ever need to process your personal data for a new purpose that is not covered by the above bases, we will inform you of that purpose and (if required) seek your consent. According to regulatory guidance, we also want you to know that you have the right to withdraw consent at any time for processing that is based on consent, and doing so will not affect the lawfulness of processing that occurred prior to withdrawal.
Cookies are small text files that websites place on your device to store preferences and record information. We use cookies and similar technologies on mavisvisuals.co.uk for several reasons: to make our website function properly, to remember your preferences, and to analyze how our site is used so we can improve it. Some cookies are essential for the site to work (for example, to enable form submissions or page navigation), while others are non-essential (such as analytics and potential future advertising cookies).
Here are key points about our use of cookies and analytics:
Analytics Cookies: We currently use Google Analytics (a web analytics service) on our site. Google Analytics sets cookies in your browser to collect information about website traffic and visitor behavior. This includes data like your IP address, what pages you visit, how long you stay, and what site referred you to us. We configure Google Analytics to anonymize IP addresses where possible. The information generated by these cookies is transmitted to Google’s servers (which may be outside your country – see International Data Transfers below) and compiled into reports for us. These reports help us understand aggregate user activity (for example, total number of visitors, popular pages, etc.). We use this insight to enhance website functionality and content. Please note that while we can see general trends, these analytics do not reveal your personal identity to us.
Consent for Cookies: Because analytics cookies are not strictly necessary for basic functionality, we will request your consent before enabling them, in compliance with UK/EU cookie laws. When you first visit our site, you may see a cookie banner or prompt asking you to agree to our use of cookies. If you opt in, the cookies will be set; if you decline, we will not set those cookies (though some essential cookies may still be used as they are needed for the site to operate). Internet cookies are considered personal data under most privacy laws, and some laws give you the right to opt in or out of certain types of cookies, which is why we strive to honor your preferences.
Your Cookie Choices: You have the ability to control or delete cookies at any time. Most web browsers allow you to refuse new cookies, delete existing cookies, or notify you when a cookie is set. You can usually find these options in your browser’s “Settings” or “Preferences” menu (refer to your browser’s help documentation for specific instructions). Note: Disabling certain cookies (especially essential ones) might affect the functionality of our website. For example, if you disable all cookies, our contact form or blog comment features may not remember that you are a legitimate (non-spam) user. However, you are free to adjust your cookie settings as you prefer.
Third-Party Cookies and Content: In addition to Google Analytics, our site might include content from third-party sources (such as embedded videos from YouTube or social media feeds). These third-party sites may set their own cookies or tracking technologies when that content loads, as if you visited their website directly. We do not have direct control over these cookies. For instance, if we embed a YouTube video on one of our pages, YouTube may place cookies that can track your video views or recommend other videos. If you are concerned, you can avoid interacting with embedded third-party content or consult the privacy policies of those providers for information on their cookie practices. We aim to use third-party integrations sparingly and only to enhance your experience.
For more detailed information about the cookies used on our site (and to update your preferences), you can refer to our Cookie Policy page (if available) or contact us with any questions. By continuing to use our site with cookies enabled, you are agreeing to our use of cookies as described here. We will also provide transparent information and options regarding cookies in our site interface.
Mavis Visuals will not sell or rent your personal information to third parties. However, we do rely on certain trusted third-party companies to help us run our business and deliver our services, and in doing so we may share some of your personal data with them. We only share data with third parties for specific purposes and only the minimum amount of information necessary for those purposes. All third-party processors we engage are required to handle your data securely and in compliance with applicable privacy laws.
The main categories of third parties with whom we may share information are:
Analytics Providers: As described, we use analytics services like Google Analytics to track and report on website traffic. These providers will process usage data (e.g. IP address, device info, and browsing data) on our behalf for analysis. Google acts as a “processor” for us in this context. We have agreements in place with such providers to ensure your data is protected. Analytics data is generally aggregated and does not include direct identifiers like your name or email.
Payment Processors: If you pay for services online via credit card or electronic payment, that transaction is handled by an external payment gateway (for example, Stripe, PayPal, or a similar payment service). These payment processors will receive your payment details (such as card number, expiration, billing address) directly through secure, encrypted channels. We do not see or store your sensitive financial information aside from details like the amount and confirmation that payment was completed. The processor may send us a transaction ID or confirmation and, if necessary, a limited portion of your details (e.g. your name or email) to record the sale. These third-party payment companies are independently responsible for the personal data they collect to process your payment, and they have their own legal obligations to safeguard your data (for example, complying with PCI-DSS security standards). We recommend checking the privacy policy of whichever payment provider you use during checkout for more information on their practices.
Website Hosting and IT Providers: Our website is hosted on third-party servers (i.e., a web hosting company). This means that any data you submit through our website (contact form entries, etc.) could be stored on our hosting provider’s servers. We ensure we use a reputable hosting provider with appropriate security measures. Additionally, we may use IT service providers or cloud storage services to store or back up data (for instance, we might store your photo/video files on a secure cloud server to facilitate editing and delivery). Any such providers are contractually bound to protect your data and only process it under our instructions.
Email and Communication Tools: We might use third-party email service providers to send communications. For example, if you fill our contact form, it may forward your message through an email service to reach us. In the future, if we run marketing email campaigns or newsletters, we may use a service like MailChimp, ConvertKit, or similar to manage our mailing list and dispatch emails. These services would hold your name and email on our behalf for the purpose of sending you the communications you signed up for. They are not allowed to use your information for their own purposes.
Professional Partners and Subcontractors: In some cases, we may work with partners or subcontractors to fulfill our services. For example, we might hire a second photographer/videographer for larger events, engage a photo editor for post-processing, or use a printing lab to produce physical albums/prints. If such partners require access to personal data (e.g., having a second shooter means we might share your event schedule and potentially some images with them), we will ensure they are held to confidentiality and data protection standards. We only partner with professionals we trust. If we need to share your data with another business (for example, if you opt to finance a service through a third party or coordinate with a wedding planner), we will do so only with your knowledge and, if required, consent.
Legal or Regulatory Disclosure: If ever required by law or necessary to protect our rights, we may share information with regulators, government agencies, courts, or law enforcement. For instance, if a law enforcement authority lawfully requests information (such as an investigation of fraud), or if we need to enforce our contract or defend against legal claims, we might need to disclose certain data. We will evaluate such requests carefully and only provide what is required in those circumstances.
We do not disclose your personal data to any third party except in the situations described above or with your explicit consent. Specifically, we do not provide your information to third parties for their own marketing or advertising purposes. In all cases of data sharing, we remain responsible for the protection of your data and ensure that any service provider or partner has agreed to safeguard it. This may include signing Data Processing Agreements as needed and vetting the provider’s security practices. According to GDPR requirements, whenever we share data, we have a duty to inform you of what data is shared and why – we fulfill this duty by listing the above categories.
If you have questions about a particular third party that may have access to your data (for example, if you want to know which company hosts our website or which payment processor we use), please contact us and we’ll be happy to provide more specific information.
Because we serve clients around the world and use some international service providers, your personal data may be transferred to or stored in other countries outside of your own. Primarily, we operate from the UK. If you are located in the UK or the European Economic Area (EEA), be aware that:
Some of our third-party service providers (such as cloud storage, email, or analytics services) might be based outside of the UK/EEA or may process data on servers in other jurisdictions (for example, the United States). This means your personal information could be transferred to, or accessed from, a country that has different data protection laws than those in your home country.
Whenever we transfer personal data out of the UK or EEA, we will ensure that appropriate safeguards are in place to protect your information in accordance with the GDPR and applicable laws. These safeguards may include:
Adequacy Decisions: In some cases, data may be sent to countries that have been officially recognized by the UK government or European Commission as providing an adequate level of data protection (meaning their laws are deemed essentially equivalent to GDPR standards). Transfers to such countries are permitted under GDPR.
Standard Contractual Clauses (SCCs): Where we send data to a service provider in a country without an adequacy decision (for example, the United States), we will usually rely on approved contractual clauses in our agreement with that provider. These Standard Contractual Clauses are legal commitments that require the recipient to protect your data to GDPR standards regardless of local law.
Other Measures: We may also implement additional technical and organizational measures as needed – such as encryption of data in transit, limiting the data shared to only what is necessary, and obtaining commitments from the recipient to maintain confidentiality.
We will only transfer data internationally in compliance with data protection laws. Our goal is to ensure that your personal information enjoys the same high level of protection wherever it is processed. If you would like more details about the safeguards we use for cross-border data transfers, feel free to contact us (see Contact Us below). We can provide further information or a copy of the relevant contractual protections, where applicable.
Please note that by engaging our services or interacting with our website, you acknowledge that your personal data may be transferred to our facilities and those of the third parties as described. Rest assured, however, that we take your privacy seriously and will handle these transfers with care and lawful measures.
We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In practice, the retention period can vary depending on the type of data and context of collection:
Client Contact and Contract Information: If you become a client (for example, you book us for a wedding), we will retain your basic contact details and contract information for the duration of our business relationship and for a period after its conclusion. This allows us to manage any follow-up needs (such as delivering products, handling any inquiries or issues after the event) and maintain records for legal purposes. Typically, we might keep client records for a number of years (e.g. up to 6 years) after the completion of the service, since this is often required for tax and financial record-keeping in the UK and also useful in case you return for additional services or referrals.
Photographs and Videos: The photos and videos we capture at your event are the core of our service. We will store and retain the original files and edited deliverables for as long as necessary to provide them to you and to complete any agreed-upon deliverables. After we have delivered your final photos/films, we may archive the footage securely for a certain time in case you need backups or additional copies. It is not uncommon for us to retain raw and edited photos/videos for an extended period (several years or more) as part of our portfolio and archive, especially if you have consented to let us use some in our portfolio or if we believe you may contact us for additional services (such as anniversary shoots, album creation, etc.). However, if you ever want us to delete the photographs/videos that we hold (for example, after we have delivered them to you), you have the right to request erasure – we will honor such requests provided we do not have an overriding need to keep the data (see Your Rights below for more).
Inquiry Data (Prospective Clients): If you contact us with an inquiry but do not ultimately book our services, we will typically retain the information from your inquiry (your name, contact info, event details) for a limited time in case you decide to proceed later or have follow-up questions. Generally, we might keep inquiry data for up to 1 year. This helps us recognize you if you reach out again. If you prefer we delete your information sooner, just let us know.
Marketing Mailing List: If you have opted into a newsletter or marketing emails, we will keep your contact details on our mailing list until you unsubscribe or ask us to remove your information. If we notice that your email address consistently bounces or you do not engage for a long period, we may remove your data as part of list cleaning.
Website Analytics Data: Analytics data collected via Google Analytics and similar tools is typically stored in aggregate form. Google Analytics itself retains user-level data (like cookies and advertising identifiers) for a set retention period (often 14 months by default, unless we configure otherwise). We use analytics reports that do not personally identify users, and those reports may be kept indefinitely for trend analysis. Any raw analytics data that can be tied to a user (e.g. via an IP or cookie ID) is automatically anonymized or deleted by our providers after the set retention period.
Legal and Transaction Records: We will retain any information required to comply with our legal obligations or to resolve disputes. For example, records of payments, invoices, and contracts may be kept for at least the minimum duration required by law (such as 6 years under UK tax law). Likewise, if a dispute or claim arises, we would keep relevant data until it is resolved and for the duration required by law to keep evidence.
After the applicable retention period expires, or if the data is no longer needed, we will either securely delete or anonymize your personal information. If deletion or anonymization is not immediately feasible (for example, because the data is stored in secure backups), we will isolate it from further use until deletion is possible. Our goal is not to keep your data indefinitely unless there is a justified reason.
In summary, we do not keep personal data for longer than necessary. The exact time frames can vary, but we base our retention on criteria such as: the nature of the data, the purpose for holding it, our contractual obligations, your expectations, and legal requirements. If you have any specific questions about how long we keep a certain type of data, please contact us.
We take appropriate security measures to safeguard the personal data we hold about you. While no website or electronic transmission can be absolutely secure, we strive to follow best practices to protect your information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:
Encryption: Our website is encrypted using HTTPS/TLS, which means that information you submit via our web forms (such as your contact details on the inquiry form) is transmitted to us over an encrypted connection. Similarly, if we use third-party payment forms, those are secured with industry-standard encryption. We also encrypt sensitive data at rest where applicable (for instance, any backup drives containing your photos/videos are stored securely, and if we use cloud storage, we utilize reputable providers that encrypt data).
Access Controls: Personal data is only accessible to those who need it to perform their duties. For example, our small team (the photographers/videographers) and any authorized staff or contractors can access client information solely for the purposes outlined. Each person is trained to handle data confidentially. We implement password protection and, where possible, multi-factor authentication for accounts that have access to personal data (such as our website admin panel, cloud storage, or email accounts).
Secure Storage: We store digital data on secure servers or reputable cloud services with strong security protocols. Physical copies of data (like printed contracts or USB drives with photos) are kept in secure locations. We also employ firewalls, anti-malware software, and monitoring tools to guard our systems. If we maintain paper records (e.g., a printed contract or notes), those are kept in a locked file cabinet or similarly restricted area.
Vendor Due Diligence: When we use third-party services (hosting companies, payment processors, etc.), we choose providers that are known to have robust security measures. We review their security certifications and compliance (for example, checking that payment processors are PCI-DSS compliant and cloud providers have proper encryption and certifications like ISO 27001). We also ensure that our Data Processing Agreements with them require them to protect your data.
Backup and Recovery: We regularly back up important data (including photos/videos and contacts) to prevent data loss. Backups are also protected and stored securely. In case of a technical incident or data loss event, we have procedures to recover data from backups and restore functionality.
Limited Data Minimization: We avoid collecting more personal data than we need. By minimizing the data we store, we reduce the risk in case of any security issue. For example, if an inquiry doesn’t turn into a booking, we may remove that data after a time as described, so we’re not holding onto personal info unnecessarily.
Plan for Breaches: Despite best efforts, if a security breach were to occur that poses a risk to your rights and freedoms, we have a response plan. We would promptly notify affected individuals and relevant authorities as required by law (for instance, under UK GDPR, we’d inform the Information Commissioner’s Office within 72 hours if a notifiable personal data breach occurs). We would also take steps to contain and remedy the breach.
While we work hard to protect your information, it’s important to note that you also play a role in keeping your data secure. Please use strong, unique passwords for any accounts related to our services (if any) and be cautious about sharing your personal details publicly. If you suspect any unauthorized access or have reason to believe your interaction with us is no longer secure (for example, if you feel your account or information has been compromised), please contact us immediately.
In summary, we apply appropriate technical and organizational security measures to keep your data safe. However, if you have any specific concerns about the security of your data, do not hesitate to reach out for more information on our practices.
As a data subject, you have a number of important rights regarding your personal data. Mavis Visuals is committed to respecting your rights and facilitating your exercise of them. Under the UK GDPR, EU GDPR, and related data protection laws, you have the following rights:
Right to Be Informed: You have the right to be informed about the collection and use of your personal data. We fulfill this through this Privacy Policy and by providing you notices when we collect your data. Essentially, you have the right to know what data we have, why we have it, and how we use it – which is exactly what this policy is meant to convey.
Right of Access: You have the right to access the personal data we hold about you. This means you can ask us to confirm whether we are processing your data, and if so, request a copy of that data, as well as supplementary information (similar to what’s provided in this policy) about how it’s used. This is often called a “Data Subject Access Request.” We will provide you with your information, usually free of charge, within one month of verifying your identity (unless the request is excessive, in which case we may charge a reasonable fee or refuse, but we will explain why).
Right to Rectification: If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected or completed. Upon your request, we will rectify any incorrect or outdated information as soon as possible. For example, if your email address or phone number changes, or if we recorded something incorrectly, let us know and we’ll fix it.
Right to Erasure: Commonly known as the “right to be forgotten,” this right allows you to request the deletion of your personal data in certain circumstances. You can ask us to erase your data, for instance, if it’s no longer necessary for the purposes we collected it, or if you initially consented to a use of your data and have now withdrawn consent, or if you object to our processing (see right to object below) and we have no overriding legitimate grounds to continue. We will honor valid erasure requests and delete your data, provided we do not have a compelling reason to retain it (such as a legal obligation or the need to establish or defend legal claims). We will also inform you if any exception applies that prevents deletion.
Right to Restrict Processing: You have the right to request that we restrict or pause the processing of your personal data in certain circumstances. This means we would store your data but not actively use it until the restriction is lifted. You might exercise this right if you contest the accuracy of the data (while we verify it), or if you have objected to processing and we are considering that objection, or if our use is unlawful and you want to prevent further use but not deletion. If processing is restricted, we will inform you before resuming.
Right to Data Portability: For data you have provided to us, you have the right (in some contexts) to obtain a machine-readable copy of that data or to have it transferred to another controller. This right applies when processing is based on your consent or a contract and is carried out by automated means. For example, if you provided us with a lot of information and wish to take it to a different service provider, we will, where feasible, help export your data in a commonly used format. Note that this right likely has limited scope in our context, but we will assist as required.
Right to Object: You have the right to object to our processing of your personal data in certain situations. Notably, you can object any time we process your data based on legitimate interests. If you lodge an objection, we will stop processing your data for that purpose unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is needed for legal claims. Importantly, you have an absolute right to object to direct marketing. If we ever send you marketing emails, you can opt out at any moment and we will cease using your data for that marketing purpose immediately – no questions asked (you’ll always find an “unsubscribe” link or can contact us to opt out).
Rights in Relation to Automated Decision-Making: You have rights related to automated decision making and profiling. However, we do not engage in any automated decision-making or profiling that produces legal or similarly significant effects on you. We do not use algorithms to make decisions about you without human involvement. If that ever changes, we will inform you and ensure your rights (such as the right to request human review of a decision) are protected.
Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to receive our newsletter, you can unsubscribe later; if you consented to us using a photo on our website and change your mind, we will remove it. Withdrawing consent will not affect the lawfulness of any processing done before you withdrew, but it means we will stop the specific activity going forward.
Right to Complain to a Supervisory Authority: We hope to resolve any query or concern you raise about our use of your information, but if you are not satisfied with our response, you have the right to lodge a complaint with a data protection supervisory authority. In the UK, that is the Information Commissioner’s Office (ICO). You can find details on how to report concerns to the ICO on their website. If you are in the EU, you can contact the supervisory authority in your country of residence. This right exists alongside your right to take legal action. We would, however, appreciate the chance to address your concerns first, so we encourage you to contact us to discuss any issue.
Exercising Your Rights: You can exercise any of these rights by contacting us (see Contact Us below). There is usually no fee for making a request. We may need to verify your identity to ensure we don’t disclose data to the wrong person, so we might ask for certain information as proof. We will respond to your request as soon as possible, and within one month at the latest, as mandated by GDPR. If your request is particularly complex or if you have made multiple requests, we may extend this period by up to two further months, but we will inform you of this within the initial one-month period.
We will honor your rights to the fullest extent possible. In rare cases, there may be legal reasons we cannot fully comply (for example, we cannot delete data we are required by law to keep, or we might refuse an access request that infringes another person’s privacy), but we will explain any such decisions to you. Our aim is to be transparent and helpful in addressing your privacy concerns.
Your privacy and control over your data are extremely important to us. If you have any questions about your rights or how to exercise them, please let us know.
As mentioned, we may send you marketing communications about our photography and videography services, but only if you choose to receive them. Here’s what you need to know about our approach to marketing:
Opt-In Basis: We operate on an opt-in basis for marketing. This means you will only receive promotional emails or newsletters from us if you have actively given consent. For example, we might invite you to join our email list when you fill out an inquiry form or via our website sign-up form. If you agree (by ticking a checkbox or confirming your subscription through a double-opt-in email), then we will include you in our mailing list. If you do not opt in, we will not send you marketing emails. (The only emails you’ll receive from us would be transactional or service-related messages, such as responses to inquiries or communications while we are working with you – those are not marketing, but part of our service.)
Types of Communications: Our marketing communications, if you subscribe, may include updates on our offerings (new packages, seasonal discounts, etc.), announcements about blog posts or photography tips, and occasional newsletters sharing our recent work or upcoming events. We promise that we will not spam you – we aim to send quality content that we believe is relevant and interesting to our subscribers. The frequency might be something like a monthly newsletter or a notification ahead of wedding season, etc.
Third-Party Marketing: We do not share your personal data with other companies for them to market to you. So you’ll only hear from Mavis Visuals (or from an email address on our behalf). We keep your contact details within our own controlled mailing list. If we use an email delivery platform (like MailChimp or similar), they act only as a processor sending out our emails; they will not use your info to contact you directly or share it.
Unsubscribe Anytime: You have the right to stop receiving marketing communications from us at any point. Every marketing email we send will include an “unsubscribe” link at the bottom. By clicking that, you can instantly remove yourself from our mailing list. You can also unsubscribe or withdraw consent by simply contacting us (send us an email or message saying you’d like to opt out of marketing, and we will remove you). Once you opt out, we will promptly cease marketing communications to you. There is no penalty or effect on any services you have with us – you’ll still get service-related messages as needed, but not the promotional ones.
Soft Opt-In for Clients (Applicable Law): Under some regulations, if you have purchased services from us, we may be allowed to send you marketing about similar services unless you opted out at the time of purchase. This is sometimes called a “soft opt-in” (for example, if we have an ongoing client relationship, we might inform you about a new service we think you’d like). However, we will still provide a clear opt-out in such communications, and we will honor any preference you express. Generally, we prefer the explicit consent approach, but we mention this for transparency.
Future Marketing Plans: At the time of writing this policy, we may still be developing our marketing program. We want to be transparent that in the future we plan to possibly send out things like a Mavis Visuals Newsletter or special offers (like a discount on anniversary photo shoots for past wedding clients, or referral incentives). When we initiate such programs, we will do so lawfully – meaning we’ll gather any needed consents and provide updates to this Privacy Policy if new processing of data is involved. We will always respect your marketing preferences.
If you are on our marketing list: thank you for your interest! You can expect that we will guard your contact information responsibly and not abuse the privilege of staying in touch. If you’re not on our list and would like to be, you can subscribe through our website or let us know – and if you are on our list and don’t want emails, just unsubscribe as noted.
Our goal with marketing communications is to enhance our relationship with our clients and followers by providing value (not annoyance). Nonetheless, you remain in control. Receiving marketing from us is entirely your choice, and you can change your mind any time.
We may update or modify this Privacy Policy from time to time, especially as our services evolve or as laws and regulations change. If we make significant changes, we will notify you either by posting a prominent notice on our website or by contacting you directly (for example, if you are a client or subscriber, we might email you about the update). The “Last Updated” date at the top of this policy reflects when the latest changes were made.
Changes to the policy will take effect immediately upon being posted on this page, unless stated otherwise. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you continue to use our website or services after a policy update, it will signify your acceptance of the revised terms (to the extent permitted by law).
If any change materially affects how your personal data is processed, we will take reasonable steps to let you know. For example, if in the future we started collecting new types of data or using your data for a new purpose that you weren’t aware of, we would update this document and inform you, and if necessary, obtain your consent.
Mavis Visuals is the data controller responsible for your personal data. If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please do not hesitate to contact us:
Email: hello@mavisvisuals.co.uk
Postal Address: [Address] – We are based in the United Kingdom. (If you require our full mailing address for any reason, please request it via email.)
Phone: [If a business phone number is provided, it can be listed here]
We take privacy inquiries very seriously and will respond as promptly as we can. Whether you want to exercise one of your rights, ask a question about what we do with your data, or provide feedback about this policy, we’re here to help.
By contacting us regarding privacy, your inquiry itself will be treated confidentially and will only be handled by personnel authorized to deal with personal data. If you are contacting us to exercise a specific right, please provide enough information for us to verify your identity (for example, contact us from the email address that we have on file for you, and/or provide a reference to the context in which you interacted with us).
Thank you for trusting Mavis Visuals with your memories and your personal information. We are dedicated to keeping that trust by safeguarding your privacy every step of the way.
