Corporate Photo Agency privacy policy

1. Who we are

Corporate Photo Agency (“CPA”, “we”, “us”, “our”) provides corporate photography services including executive portraits, headshots, workplace photography, internal communications imagery and business event coverage.

Corporate Photo Agency operates as part of a wider photography business established in 1997 and is a UNP company. Where this policy refers to Corporate Photo Agency, it means the CPA service and website. Where operational support, photographer coordination, archive management or wider picture desk administration is provided through the wider business, that processing may be carried out within that same group structure.

For the purposes of UK data protection law, Corporate Photo Agency is the data controller for the personal data described in this policy, except where another party clearly controls the purpose of processing, such as a commissioning client controlling consent or employee communications within its own organisation.

2. What personal data we collect

We collect only the personal data reasonably required to deliver our services, operate our website, manage relationships and meet legal or contractual obligations.

Clients and business contacts

• Names, job titles and contact details
• Company details and office locations
• Booking information, assignment briefs and shot lists
• Email correspondence and call notes
• Billing details, invoicing information and payment records
• Usage instructions, approvals and image delivery notes

People appearing in photographs

• Photographic images of identifiable individuals
• Names, job titles or contextual details where supplied for captioning or internal use
• Assignment metadata such as date, venue, location and photographer

Photographers and contractors

• Contact details and address information
• Portfolio samples and assignment history
• Banking or payment information
• Insurance, compliance and onboarding documents
• Operational and scheduling communications

Website users

• IP address and browser/device information
• Cookie and analytics data
• Enquiry form submissions and contact requests

3. How we collect personal data

We collect information directly from you, from commissioning organisations, from our photographers and from normal website use.

• When you contact us by email, phone or contact form
• When you request a quote or book a photographer
• When clients provide assignment details, attendee information or internal comms requirements
• When photography takes place at offices, events, regional hubs or business premises
• When photographers send updates, captions, metadata or delivery notes
• When you browse our website and interact with cookies or analytics tools

In some cases, limited information may also come from publicly available professional sources, such as company websites or published organisational profiles, where this is relevant to a commissioned brief.

4. How we use personal data

We use personal data to operate Corporate Photo Agency as a professional photography service and to deliver assignments properly, efficiently and lawfully.

• To respond to enquiries and provide quotations
• To plan, schedule and fulfil photography assignments
• To brief photographers and manage logistics
• To caption, edit, organise and deliver images
• To maintain consistent service standards across multiple sites or repeat programmes
• To invoice clients and maintain business records
• To communicate with clients, subjects, venues and photographers where needed
• To maintain image archives and assignment records
• To improve our website, services and client experience
• To comply with legal, accounting, tax, insurance and regulatory obligations

5. Lawful bases for processing

We rely on one or more lawful bases under UK data protection law depending on the type of information and the context in which it is used.

• Contract: where processing is necessary to provide a requested service, fulfil a booking or manage delivery
• Legitimate interests: where we have a genuine business reason to process data, such as administering assignments, maintaining archives, communicating with clients or improving services
• Legal obligation: where processing is required for tax, accounting, insurance or compliance purposes
• Consent: where consent is specifically required, for example in certain marketing or campaign-specific contexts

In many commissioned business photography contexts, the commissioning organisation may also have its own lawful basis for arranging photography involving staff, speakers, apprentices or participants.

6. Photography, image use and consent

Corporate photography may be commissioned for internal communications, recruitment, employer branding, annual reports, executive profiles, websites, LinkedIn, corporate PR or wider business communications.

Whether consent is required depends on the context, the nature of the assignment, the way the images will be used and the responsibilities of the commissioning organisation. In many cases, the client commissioning the assignment is responsible for ensuring that any required permissions, notices or employee communications are in place.

We will review the request carefully and, where appropriate, work with the commissioning client to assess it properly.

7. Sharing personal data

We may share personal data only where this is reasonably necessary to operate our service, fulfil assignments or meet legal obligations.

• Assigned photographers and approved contractors
• Commissioning clients and authorised contacts
• Picture desk and operational support within the wider business structure
• IT, hosting, storage, gallery and delivery providers
• Accounting, invoicing and payment providers
• Legal, insurance or compliance advisers where necessary

We do not sell personal data to third parties.

8. International transfers

Some service providers or delivery tools may involve processing outside the UK. Where personal data is transferred internationally, we take reasonable steps to ensure that appropriate safeguards are in place, such as recognised legal transfer mechanisms or providers offering adequate protection standards.

9. Data retention

We retain personal data only for as long as it is needed for the purposes described in this policy or for as long as we are required to keep it by law. This privacy policy explains how our corporate photography services handle personal data across assignments, website use and business communications.

• Client and assignment records: usually up to 7 years
• Financial and invoice records: usually 7 years
• Photographer and contractor records: for the relationship period plus an appropriate retention period
• Website and technical logs: short-term operational retention
• Images and archive material: retained where reasonably necessary for archive, reference, continuity, clarification or contractual history

The exact retention period may vary depending on the assignment, client relationship, legal requirements and whether the material remains relevant to our archive or operational records.

10. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, misuse, loss, disclosure or alteration. These measures may include controlled access, secure delivery methods, platform protections and internal operational controls.

No method of transmission or storage is completely risk free, but we work to handle information responsibly and in line with good professional practice.

11. Your rights

Under UK data protection law, you may have rights including:

• The right to request access to personal data we hold about you
• The right to request correction of inaccurate information
• The right to request deletion in certain circumstances
• The right to object to certain processing
• The right to request restriction of processing in some situations
• The right to withdraw consent where consent is the basis relied on
• The right to complain to the Information Commissioner’s Office

If you want to exercise any of these rights, please contact us and provide enough detail for us to identify the relevant information.

12. Cookies and website analytics

Our website may use cookies and similar technologies to support essential site functions, remember preferences, improve performance and understand how users interact with the site.

For more detail, please see our separate cookie policy once published. Where cookies involve personal data, they are handled in line with this privacy policy.

13. External links

Our website may contain links to third-party websites, publications or external services. We are not responsible for the privacy practices, security or content of those third-party sites. You should review their own privacy notices before submitting personal data to them.

14. Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our services, systems, legal obligations or business operations. The latest version will always appear on this page, together with the most recent update date.

15. Contact us

If you have any questions about this privacy policy or how Corporate Photo Agency handles personal data, please contact us at pictures@corporatephotoagency.co.uk.

You also have the right to raise concerns with the UK Information Commissioner’s Office if you believe personal data has not been handled correctly.