Tony Hardley Photograph Privacy Policy

Background

Tony Hardley Photography understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, www.scotphoto.com (“Our Site”) and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of this Privacy Policy is deemed to occur upon your first use of Our Site. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.

Definitions and Interpretation

In this Policy the following terms shall have the following meanings:

Information About Us

Our Site is owned and operated by Tony Hardley, a sole trader, with trading address at Modachaidh, Ceum Dhun Righ, Benderloch, Argyll, PA37 1ST

Data Protection Officer: Tony Hardley.
Email address: info@scotphoto.com
Telephone number: +44 (0)1631 720434
Postal address: Modachaidh, Ceum Dhun Righ, Benderloch, Argyll, PA37 1ST

What Does This Policy Cover?

This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

What Is Personal Data?

Personal data is defined by the General Data Protection Regulation) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

What Are My Rights?

Under UK GDPR, EU GDPR, and other applicable data protection laws, you have several rights regarding your personal data, which we are committed to upholding:

  • Right to be informed – Clear and transparent details about how we collect, store, and process your personal data.
  • Right of access – You can request details of the personal data we hold about you.
  • Right to rectification – If any of your personal data is inaccurate or incomplete, you can request corrections.
  • Right to erasure (“Right to be forgotten”) – You may request deletion of your personal data when no longer necessary for its original purpose.
  • Right to restrict processing – You can request that we limit the way we process your data in certain circumstances.
  • Right to object – You have the right to object to processing based on legitimate interests, direct marketing, or automated decision-making.
  • Right to withdraw consent – If we rely on your consent to process your personal data, you can withdraw it at any time.
  • Right to data portability – If your personal data is processed based on consent or contract and by automated means, you can request a copy of that data to transfer to another service.
  • Rights related to automated decision-making and profiling – If we use AI or automated systems, you can request human intervention, express your point of view, and challenge decisions.

What Data Do You Collect and How?

Depending on your use of our site, we may collect and process personal and non-personal data using various methods, including direct interactions, automated technologies, and third-party integrations.

We do not knowingly collect:

  • Special category data (e.g., health, biometric, or genetic data) unless explicitly required for legal or contractual purposes.
  • Data relating to children unless parental consent is obtained.
  • Criminal conviction or offence-related data, unless required by law.

How Do You Use My Personal Data?

We process personal data based on legitimate interests, contractual obligations, legal requirements, or explicit consent.

With your explicit consent or where permitted by law, we may use your personal data for marketing purposes, including email updates about products and services.

  • You will never receive unlawful marketing or spam.
  • We comply with the Privacy and Electronic Communications Regulations (PECR) and other relevant laws.
  • You will have the option to opt out at any time.

How Long Do You Keep My Personal Data?

We retain personal data only as long as necessary for legal, regulatory, and operational reasons.

Factors determining retention periods include:

  • Legal and compliance requirements.
  • Business and contractual needs.
  • The nature and sensitivity of the data.

How and Where Do You Store or Transfer My Personal Data?

We store and process personal data within the UK, EU, and other jurisdictions where appropriate safeguards are in place.

  • UK & EU Data Transfers – If data is transferred outside the UK or EU, we implement Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs).
  • Global Transfers – For international data transfers, we conduct Data Transfer Impact Assessments (DTIAs) to ensure adequate protection.
  • AI & Automated Processing – If AI-driven processing is involved, transparency and rights to challenge automated decisions apply.

Do You Share My Personal Data?

We may contract with third parties for essential services. If personal data is shared, we ensure compliance with UK GDPR, EU GDPR, and other applicable laws.

We do not sell personal data.

How Can I Control My Personal Data?

  • Marketing Preferences – You can opt out of marketing emails anytime via unsubscribe links or account settings.
  • Cookie Management – You can restrict cookie usage through our Cookie Policy.

How Can I Access My Personal Data?

You can request access to the personal data we hold about you via a Subject Access Request (SAR).

  • Requests must be made in writing via email or postal address (see Part 10).
  • Responses will be provided within one month or up to three months for complex requests.
  • SARs are free, unless deemed manifestly unfounded or excessive.
  1. How Do I Contact You?

For any data protection inquiries, including SARs, contact:

Email: info@scotphoto.com
Phone: +44 (0)1631 720434
Postal Address: Modachaidh, Ceum Dhun Righ, Benderloch, Argyll, PA37 1ST

Changes to This Privacy Policy

We may update this policy to reflect legal changes or business adjustments. Updates will be posted on our site, and continued use of our services implies acceptance of the revised terms.

Last updated: 3rd of June 2025