If you're setting up a photography website, you'll need to include a Privacy Policy to meet legal requirements, make your website look trustworthy, and increase the professionalism of your site.
This applies regardless of whether your website is for sharing your portfolio, selling photographs or booking appointments, or whether you're hosting a website so that others can upload their photographs there to showcase them.
This article will go through why you'll need a Privacy Policy for your photography website, what clauses to include, and how to display your Privacy Policy.
Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:
-
At Step 1, select the Website option or App option or both.
-
Answer some questions about your website or app.
-
Answer some questions about your business.
-
Enter the email address where you'd like the Privacy Policy delivered and click "Generate."
You'll be able to instantly access and download your new Privacy Policy.
- 1. Why is a Privacy Policy Needed for Photography Websites?
- 2. When Do Photography Websites Collect Personal Information?
- 3. What Clauses Should You Include in a Privacy Policy for Photography Websites?
- 3.1. How Personal Data is Collected
- 3.2. Your Use of Cookies
- 3.3. What Types of Personal Data are Collected
- 3.4. How Personal Data is Used
- 3.5. What Legal Rights Users Have
- 3.6. How You Share and Transfer Data
- 3.7. Contact Information Clause
- 4. How Do You Display a Privacy Policy for Photography Websites?
- 4.1. In Your Website Footer
- 4.2. In Contact or Mailing List Forms
- 4.3. In Any Emails You Send to Customers
- 5. Summary
Why is a Privacy Policy Needed for Photography Websites?
You need a Privacy Policy for your photography website in any cases where you are collecting personal data from your website users, because of the requirements of privacy laws around the world.
Laws like the General Data Protection Regulation (GDPR) in the EU, Data Protection Act (DPA) in the UK, and California Online Privacy Protection Act (CalOPPA) in the U.S. all state that you must have a Privacy Policy when you collect personal information.
Any privacy law around the world could apply to your photography website. It depends on where your customers come from, where your business is based, and what types of data you collect.
Having a clear, easy-to-read and accessible Privacy Policy also makes your website look trustworthy and professional.
Most people expect websites to follow privacy regulations, and internet users are also becoming increasingly savvy and privacy aware.
When Do Photography Websites Collect Personal Information?
Collecting personal information on a photography website could happen when you:
- Ask for details from clients to sell or send them copies of your photos
- Use tracking services such as Google Analytics
- Take payment details or booking details from a client
- Get subscriptions through a mailing list or contact form so that users can follow your work or get updates
- Allow other people to upload photos to your website for sharing, like websites such as Flickr or Unsplash
Now let's take a look at what clauses you need to include in your Privacy Policy.
What Clauses Should You Include in a Privacy Policy for Photography Websites?
The specific clauses that you will need to include will depend on individual business factors, such as whether you share any data collected, which data privacy laws apply, and whether you transfer data overseas. Many clauses, however, are a good foundation for any Privacy Policy.
In general, you'll need to include clauses on the following:
- How personal data is collected
- What types of personal data are collected
- How personal data is used
- What legal rights users have
- How you share and transfer data
- Contact information
We'll go through each of these clauses below, with examples of each.
How Personal Data is Collected
You need to tell your users how you collect their personal data. This could be, for example:
- Direct information they provide to you
- Information you collect from their device or ways of accessing your site
- Information that you infer from patterns or analytics
- The use of cookies
Here's a simple, easy-to-read clause from Julia and Gil:
It explains that data is collected either directly, or automatically through the website.
Here's another clause from Kristen Bullard Photography that explains the different ways that data is collected, such as derivative data, financial data and social networking data.
It explains what each of these different data collection methods is, and what information is collected through that process:
You can see that the language is clear and specific, and provides all the information that a user might want to know about different ways in which data is collected about them.
Your Use of Cookies
Many laws require you to include information on how you use cookies, which can either be included in your Privacy Policy or be explained in a separate Cookies Policy.
Here's one example of a cookie clause that has been included in a Privacy Policy from Mark Gunter Photography:
The language is clear and simple, and lets the user know what cookies are. The clause also clearly explains that the user can reject cookies through their browser settings.
Here's another example from Katheryn Moran Photography that refers the user to the Cookie Policy:
What Types of Personal Data are Collected
You also need to include a clause that explains what types of personal data you collect.
Personal data that you might collect could include but isn't limited to the following:
- Name
- Email address
- Postal address
- Bank account details
- IP address
- Website behavior data
Here's an example of a clause from Jody Sutton Photography, which explains what data is collected when a customer submits data through the website contact form:
Here's another example from Duo Photography, explaining the types of personal data that's collected:
Also take a look at this clause from SmugMug, a website that allows people to upload their photographs. It explains what data is collected from the photographs themselves:
You can see that it explains how photo location information and Exif data is collected from photographs. If you are hosting others' photos on your website and use metadata such as this to classify photos, you should let them know. It may not seem like it, but these types of information can also be classified as personal data.
How Personal Data is Used
Explaining why you collect and process data, and what you use it for, is a legal requirement in many cases. Including a clause in your Privacy Policy helps to clearly set this out for your users so they can find the information easily.
You can see that the following clause from Duo Photography explains what personal data is used for, such as processing orders, communicating with users, fulfilling promotions, enhancing the photoshoot experience, or analysing trends:
Note that the clause uses clear, simple language, and bullet points to make it easy for users to read and understand.
Here's another example from SmugMug, which explains that uploaded images and videos, as well as tags, comments, or descriptions, are used in a limited way. However, other information is used for personalization, providing products, responding to customer service enquiries, or enforcing legal terms:
Make sure that your clause reflects what you actually do with data that you collect, and break it down by data type if necessary.
What Legal Rights Users Have
Most privacy laws grant users privacy rights, and then require that you inform your users of these rights. Having a clause on this in your Privacy Policy is an important step towards compliance. It can also help to build trust by showing your users that you respect their privacy and their rights to withdraw consent or have their data deleted.
Here's an example from Katheryn Moran Photography about how users can exercise their rights:
You can see that the clause includes rights such as the right to access, right to say no to the sale of information, as well as rights to deletion, transmission, and amendment of data. It also includes a right to withdraw consent, and to lodge a complaint.
Here's another example from Photobucket about how users can have their personal information deleted:
The clause provides clear contact information, as well as a time frame for deleting personal information, which it specifies as 30 days.
Including information like this helps users to know what their rights are, and how they can exercise them.
How You Share and Transfer Data
You also need to let your users know if you are sharing data with other parties, or transferring data to other jurisdictions for storage or processing. This could be in cases where you work with partners or service providers, or you need to share data with the police or for other legal reasons.
Here's an example from Duo Photography that outlines when user information is shared with third parties:
You can see that it includes conforming to legal requirements, enforcing terms and conditions, or working with service providers.
Here's another example clause from George Wheelhouse, showing similar situations in which personal data would be disclosed to a third party:
You also need to tell users if you will transfer their data to another jurisdiction. This might be, for example, because your website is hosted elsewhere and data will be stored on overseas servers.
Here's an example from Kristen Bullard Photography explaining how data may be transferred to other jurisdictions:
You can see that it clearly states that the website is hosted in the U.S., and that if users are located outside of the U.S., their data will be transferred there and stored.
Here's another example from Mark Gunter Photography:
You can see in the clause that it refers to the use of standard data protection clauses and binding corporate rules, which are some of the ways in which international data transfers are permitted under the GDPR. You don't need to include this in your clause, but it can help to show that you understand your obligations.
Contact Information Clause
Including a clause in your Privacy Policy that has all of your contact information is an easy way for you to make sure that your users can contact you if there are any issues.
Here's an example of a clause with contact details from the Privacy Policy from SmugMug:
Here's another example from Unsplash that specifically mentions its Data Protection Officer (DPO):
This clause in the example from Unsplash has also included a statement about when the Privacy Policy was last updated. Best practice is to include this in a separate clause, or state it at the top of your Privacy Policy.
Now let's take a look at how you should display your Privacy Policy to make sure you are compliant with your legal obligations.
How Do You Display a Privacy Policy for Photography Websites?
You'll need to display your Privacy Policy in a way where it's easy to locate at any time a user wants to. There are a number of different places where Privacy Policies are commonly linked, such as the following:
- In your website footer
- In your website Menu
- In any emails that you send your customers, such as through a mailing list
- In contact list sign-up forms
Let's take a look at some locations and methods for displaying a Privacy Policy.
In Your Website Footer
One of the most important places you need to display your Privacy Policy is in the footer of your website. It should be clear and easily visible for your website users, and not hidden or in tiny text.
Here's one example from Kristen Bullard Photography that shows the inclusion of the Privacy Policy in the footer:
Here's another example from Jody Sutton Photography that also shows the Privacy Policy. In this example you can see that the text is a little smaller. Make sure that any text that you use is not so small that your users cannot find it:
In Contact or Mailing List Forms
This example from George Wheelhouse shows how you can include a link to your Privacy Policy in connection with mailing lists or contact forms:
A better version of this would be to include a clear statement saying something like "I agree to the Privacy Policy" next to the checkbox. This would help obtain legally compliant consent to collect and use the personal data.
Here's an example of this:
In Any Emails You Send to Customers
You should also include a link to your Privacy Policy in any emails when you contact customers.
Here's an example from an email from Shutterfly:
You can see that a link to the Privacy Policy is provided at the bottom of the email, as well as an option to unsubscribe or adjust user preferences.
Summary
Having a Privacy Policy for your photography website is a necessary part of meeting your legal obligations, and can also increase the professional look of your website.
Whether you would like customers to trust you with their weddings, engagements, births, or other important life events, or you are hosting others' photography work on your site, having a good Privacy Policy can help your users and customers to feel like they are in good hands.
By following these guidelines for clauses to include, such as how personal data is collected, what you use it for, what rights users have, and how they can contact you, you'll be in a good position to meet your obligations and build a sense of trust.
After you create your Privacy Policy, display it appropriately so your users, clients and potential clients can find it.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.