Privacy Policy & GDPR Compliance

Thank you for your interest in my website, data protection & privacy policy. You can use my website without the need to provide any personal data if you wish, however if you are looking to purchase any photography services, the processing of personal data will become necessary.

Privacy Policy & GDPR Compliance

This policy sets out how and why we collect any of your personal information, how it is processed and how it is kept secure. By using this website or engaging with me to provide any photographic services, you are agreeing to this privacy policy.

Any and all personal data captured will be in line with the GDPR and any UK data protection regulations.

Data collection and processing

Maria Assia Photography is the controller of data that passes through this website and/or via email. This data is kept private between me and the few other carefully selected data processors, which I have set out below.

Data which I retain

When visitors make contact via my website to enquire about my services, I capture their names, phone numbers and email address to respond to the enquiry.

Once your event has passed, I take and store photographs from your event on encrypted hard drives, in order to provide the photographic services that you have hired me for.

I keep your photographs for as long as the hard disks that they are stored on are functional in order to provide copies should you ever lose your photographs. This service is provided as a legitimate interest.

If you would like me to remove your photographs from my hard disks and backups after I have delivered your full gallery, I will do so, if you send me an email confirming your request.

I also collect a small amount of personal details about you, your wedding party and the other wedding suppliers at your wedding, which may be:Names

  • Phone numbers
  • Email addresses
  • Social media links

I may also post photos from your wedding in a variety of places, which is done for legitimate interest. Should you or any member of your wedding party not wish to be included in this, please let me know by email.

  • On my website
  • In wedding blog features
  • On social media
  • To your other wedding suppliers

I never capture or hold credit or debit card numbers.

External data processors

In addition to my own data, I also use a variety of data processors, which are listed below:


17hats is a business management tool. I use it to record enquiries, bookings, names, phone numbers, addresses and take information about your wedding day. I provide my contracts and invoices for photographic services you purchase from me. They are GDPR compliant and I retain 7 years of data in order to be compliant with legal obligations.


Dropbox is a service that provides online data hosting services. I store a small number of your photographs on Dropbox that I use to share with you on social media. They self-certify as compliant with GDPR and I retain your wedding photographs on there for a maximum of 3 months.

Google Suite

Google Suite is a tool for providing services which are available over the internet. I use Google Calendar and Google Drive in order to store information relating to your wedding. I use Google Drive to deliver the photography previews to any of your other suppliers. Google are fully GDPR compliant. I remove files from Google Drive on image delivery and retain calendar data for up to 7 years in order to be compliant with legal obligations.


Smartslides is a video hosting platform. I embed highlight videos from Smartlides onto pages on in order to share them with you and your guests. Embedded videos from Smartslides behave in the exact same way as if the visitor has visited the Smartslides website.

Smartslides may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded videos, including tracking your interaction with the embedded videos if you have an account and are logged into Smartslides yourself.


Later is a tool for scheduling social media posts and I use it to schedule posts to Instagram and so they hold previews of your wedding photographs. They self-certify as GDPR complaint and retain data for a maximum of 2 years for legitimate interest.


Pixieset is an online photo delivery tool and I use them to send you your photos in high resolution when I have completed editing them. They self-certify as GDPR complaint and they retain data for a maximum of 2 years for legitimate interest.


Stripe is a tool for providing credit and debit card payment. I use it, in connection with Pixieset, to provide you with a card payment option for your photographic prints. They self-certify as compliant with GDPR. They process your card details and other information required to make a card transaction, while I do not access or retain any credit or debit card information.

Google Analytics

Google Analytics is a service which provides information about how visitors use a website. I use the information that I gain to provide you with a more effective website. Google is fully GDPR compliant and I have nominated a 38 month period for retaining personal information for legitimate interest.


Akismet is an anti-spam service. The information collected includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).


Clicky is service which provides information about how visitors use and move through my website. I use it to provide a more user friendly website.By default, the Service does not log any Personal Data of End Users. They self-certify as GDPR compliant. Data captured may include names, email addresses and phone numbers. Clicky keep data for a maximum of 370 days for legitimate interest.

Use of Cookies

Like many other websites, Maria Assia Photography uses website cookies, which store information on your computer and allow me to improve my website in a variety of ways, through the use of aggregated data.

You can switch off cookies by setting your browser preferences at any time, but in some cases, this may result in a loss of functionality when you use my website.

Security Precautions

Your security is very important to me and I take all reasonable steps to ensure that my suppliers and I hold and process your data securely. For this reason I ensure that my site and the services named above use SSL and that data is encrypted where possible.

GDPR Compliance

I keep up to date with changes in legislation, and I will therefore keep this Privacy Policy under regular review.

Over on the Information Commissioner’s Office website, they explain that the new General Data Protection Regulations (GDPR) are currently a working document and therefore subject to change, so I commit to doing my best to keep up, but if they go and make a load of changes just before peak wedding season, all bets are off until November. Editing your wedding photos comes first.

This Privacy Policy & Access to your Information

This Privacy Policy is current as of November 2018.

If you are concerned about any information I hold about you, please get in touch, phone, write or email me directly. I will comply with any legal and ethical request.

Post: Maria Assia Photography, 3 The Old Walk, Otford, Kent, TN14 5PP
Phone: 01959 522551