Data Protection Policy
Effective Date: 17/03/2026
Last Updated:
1. Introduction
Brandwood is committed to protecting personal data and ensuring it is handled securely and responsibly.
This Data Protection Policy outlines how personal data is collected, used, stored, and protected in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. About Us
Brandwood is the professional website of John Brandwood, a commercial photographer providing photography services across the UK.
📞 07831 495 518
3. Scope
This policy applies to:
All personal data processed by Brandwood
All systems used to collect, store, or manage personal data
Any third parties acting on behalf of Brandwood
4. Data Protection Principles
We follow the core principles of UK GDPR:
Lawfulness, fairness, and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
5. Types of Personal Data We Process
We may process the following types of personal data:
Client and Enquiry Data
Name
Email address
Phone number
Project details and requirements
Communication records
Website Data
IP address
Browser and device information
Website usage data (via cookies)
We do not intentionally collect sensitive personal data.
6. Lawful Basis for Processing
We process personal data under:
Legitimate interests – responding to enquiries and operating our business
Contract – where services are agreed or delivered
Legal obligation – where required for accounting or legal compliance
Consent – where applicable
7. How We Use Personal Data
We use personal data to:
Respond to enquiries and provide quotations
Deliver photography services
Manage client relationships
Maintain business records
Improve our website and services
Ensure website security
8. Data Sharing
We do not sell personal data.
We may share personal data with:
IT and website hosting providers
Professional advisers (e.g. accountants)
Legal or regulatory authorities where required
All third parties are required to process data securely.
9. International Data Transfers
We do not routinely transfer personal data outside the UK.
Where third-party services involve international data processing, appropriate safeguards are in place.
10. Data Security
We take appropriate measures to protect personal data, including:
Secure systems and password protection
Restricted access to data
Secure handling of communications
Awareness of data protection responsibilities
However, no system is completely secure.
11. Data Retention
We retain personal data only as long as necessary:
Enquiries: up to 12–24 months
Client/project records: up to 6 years
Data is securely deleted when no longer required.
12. Data Subject Rights
Under UK GDPR, individuals have the right to:
Access their personal data
Request correction of inaccurate data
Request deletion
Restrict processing
Object to processing
Request data portability
To exercise your rights, please contact us using the details below.
13. Data Breaches
In the event of a data breach, we will:
Assess the risk to individuals
Notify the Information Commissioner’s Office (ICO) where required
Inform affected individuals if necessary
We maintain procedures for identifying and responding to breaches.
14. Responsibilities
Brandwood is responsible for ensuring compliance with this policy and applicable data protection laws.
Any third parties working with us must also comply with data protection requirements.
15. Monitoring and Review
This policy is reviewed regularly and updated as necessary to reflect:
Legal requirements
Business operations
Best practices
16. Contact
For any questions regarding this policy or your personal data, please contact:
📞 07831 495 518
17. Complaints
If you are not satisfied with how your data is handled, you have the right to complain to the Information Commissioner’s Office (ICO):