This policy explains how Asimina Habipi Photography ("we", "us") processes personal data when you use this website, enquire about services, or work with us as a client. It is written with the UK/EU General Data Protection Regulation (GDPR) and, in Norway, the Personopplysningsloven in mind. It is for information and does not replace professional legal advice for your specific situation.
1. Data controller
The data controller is Asimina Habipi Photography, operating in Oslo, Norway. For any privacy-related questions you can contact us at asiminahabipi@gmail.com.
2. What data we may collect
- Contact and enquiry data: for example your name, email address, phone number, event date, location, and the content of your message when you email us or use contact details on this site.
- Contract and project data: information needed to deliver photography services, such as venue details, shot lists, or other information you choose to share.
- Website usage data: basic technical data may be processed by our hosting and infrastructure providers (for example server logs, IP address in a security context, browser type) as described in your host’s documentation.
- Cookie and preference data: as set out in our Cookie policy, for example your choice regarding optional cookies, stored in your browser where applicable.
3. Why we use your data (legal bases)
We process personal data on one or more of the following bases under the GDPR:
- Contract: to take steps you request before a contract or to perform our photography agreement.
- Legitimate interests: to respond to enquiries, run our business, improve the site, and keep IT and accounts secure, where these interests are not overridden by your rights.
- Consent: where you have given clear consent (for example for optional, non-essential cookies or for certain marketing, if we offer it and you opt in).
- Legal obligation: where the law requires us to retain or disclose information.
4. How long we keep data
We keep contact and project data for as long as needed to provide our services, manage our relationship with you, and meet legal, tax, and accounting requirements (typically a limited number of years, unless a longer period is required by law). Server logs and similar technical data are usually retained for short periods according to our hosting configuration.
5. Who we share data with
We do not sell your personal data. We may share it with:
- IT and hosting providers that make this website and our email or storage work;
- professional advisers when needed (for example accountants);
- public authorities when required by law.
Where a processor is used, we require them to protect your data appropriately.
6. International transfers
If any provider processes data outside the European Economic Area (EEA), we will rely on appropriate safeguards recognised under the GDPR (such as Standard Contractual Clauses) where required.
7. Your rights
Depending on the situation, you may have the right to:
- request access to your personal data;
- ask for correction of inaccurate data;
- ask for erasure, restriction, or object to certain processing;
- withdraw consent at any time where processing is based on consent;
- lodge a complaint with a supervisory authority.
In Norway, the supervisory authority is Datatilsynet. You can also contact the authority in your country of residence in the EEA/UK.
To exercise your rights, email us at asiminahabipi@gmail.com. We may need to confirm your identity before replying.
8. Security
We use reasonable technical and organisational measures to protect personal data against loss and misuse.
9. Changes to this policy
We may update this page from time to time. The "Last updated" date at the top will change when we do.
