Privacy Policy


Hello and welcome! If you’ve clicked here it must mean you care a lot about your data privacy and the recent GDPR implementation.  So here is the Privacy Policy of Photography for Healthcare & Biotech (PH&B). Please note, you are also covered by the Cambridge Healthcare and Biotech (CH&B) privacy policy and CH&B are the Data Controller and Data Processor of your personal information

Personal data we collect, how we collect it and what we use it for

We collect your name because it’s rude if we forget it, your job title because we need to know what you do, your address so we can find you, your mobile number so we can call you when we get lost and any private messages we have sent to each other.  This is all information that you have consciously given to us.

If we have worked together, or it is possible that we might work together in the future, we also store hyperlinks to whatever portfolio, social media or other websites you’ve elected to use to market yourselves.  We also store some of the information that you’ve decided to post on these sites.  We also store whether we’re following each other on any or all of these sites. This is all information that you have put into the public domain that you control.

If we’ve worked together, or have chatted about working together, we might also have made some notes about how it went in case we (hopefully) work together again in the future, so we can make our next project for you even better experience.  We will definitely use your email to email you. We might use your phone number to call you, but we usually email first rather than make unsolicited calls to you or send you unexpected texts.   

Where we keep your personal data

We store your personal data on a password encrypted custom database app that we have written ourselves.  It lives on a server in our office, which is always locked when unattended and has a damn good (read expensive) burglar alarm system. Backups, which are double encrypted, are taken on a daily basis and stored off-site.  The database can be accessed only from devices that have a unique identifier hard coded into it (ie, even you know one of our user IDs, passwords and the IP address of the app, you still won’t be able to access it from your device).

Right of confirmation, access, rectification and erasure

If you have questions about how your personal data is handled, you can just drop us an email and we'll be happy to show you all the information we have on you, and unsurprisingly it’ll probably be exactly the things you’ve told us because sadly we are neither spies nor mind readers. If some of the information is wrong, you have the right to correct it.  If you’d like us to delete all your personal data, then we will, but see the bit about actual photographs further down.

Use of your body and face-based data (ie, actual photographs)

When it comes to your photographs, the EU hasn’t been specific about what that means for photographers bar that we need to demonstrate reasonable and legitimate use. We can tell you that we won’t sell your photos to anyone.  If a third party does approach us asking if they can use one of your photos, we will email you about it, but in short it will never be without your consent or knowledge.

We might post images that we have taken of you on social media sites (eg, Instagram, Facebook, Twitter and others) and here, but we will never post any images that you haven’t seen first and approved for "general release".  

We store your images on both the app we’ve mentioned above and on password encrypted hard drives in our office and that are locked and protected by burglar alarms.  Unlike the app, the hard drives cannot be accessed off site.

If you would like us to erase all of the images we have taken of you we will probably say no, but it’s worth asking.  As you know (or should know) the images are our copyright and our art.  If you have a good reason for wanting us to erase them from the internet then we will probably say yes.

Retention time

We keep personal data for the people we have worked with indefinitely, but update it regularly and at least yearly.  If we’ve “lost” you (maybe you're no longer working in the industry, or you’ve changed phone number, or moved) then we delete all your personal data (though keep the images we have made). 

If we have not worked together then we delete all your information after 5 years (let’s face it, if we were going to work together then we would have by now).