Contact
your rights and principles

Privacy Policy

The protection and security of your personal data are paramount. This Privacy Policy outlines how Lucy Grossmann Photography, as the data controller, collects, uses, and safeguards your personal data when you are a customer, newsletter subscriber, or website visitor. Please familiarize yourself with the principles and rights you have in relation to the General Data Protection Regulation (GDPR).

Privacy Overview

Who collects your data?

I am Lucy Grossmann, based in Prague, Czechia, ID: XXXXXXXX, who operates the website lucygrossmann.com. I process your personal data as a controller, i.e., determine how the personal data will be processed and for what purpose, duration, and select any other processors who will assist me with the processing.

Contact details:

If you would like to contact me during the processing, you can contact me at: [email protected]

Declaration of Compliance

I declare that as the controller of your personal data, I comply with all legal obligations required by applicable legislation, in particular the Personal Data Protection Act of the Czech Republic and the GDPR, and therefore that:

  • I will process your personal data only on the basis of a valid legal reason, primarily legitimate interest, performance of a contract, legal obligation, or consent granted.
  • I comply with the information obligation pursuant to Article 13 of the GDPR before the processing of personal data begins.
  • I will enable and support you in exercising and fulfilling your rights under the Personal Data Protection Act and the GDPR.

Purposes of processing

I process personal data that you entrust to me for the following reasons (to fulfill these purposes):

  • Provision of services, performance of the contract:
    Your personal data in the scope: email address (used for communication regarding your photoshoot, gallery access, etc.). This data is absolutely necessary to fulfill our contract with you.
  • Bookkeeping:
    If you are a customer, I absolutely need your personal data (such as name, address, payment details) to comply with the legal obligation to issue and record tax documents.
  • Marketing – sending newsletters:
    I use your personal data (email and name), gender, and information about your engagement with my emails (what you click on, when you open them) for direct marketing purposes – sending commercial communications about my services. If you are my customer, I do this based on my legitimate interest in keeping you informed about relevant news, until you unsubscribe. If you are not my customer, I will only send you newsletters based on your explicit consent, until you unsubscribe. You can revoke this consent at any time using the unsubscribe link in each email.
  • Advanced marketing based on consent:
    Only with your explicit consent can I also send you inspiring offers from carefully selected third parties (e.g., related photography services or products) or use your email address for remarketing and targeted advertising on social media platforms (e.g., Facebook, Instagram), until you withdraw your consent. You can revoke this consent at any time by contacting me using the details provided in this policy.
  • Photos and references:
    Based on your consent (obtained separately or as part of our photoshoot agreement), I may use your photos and any feedback or testimonials you provide on my website, social media, and portfolio to showcase my work, until you revoke your consent.

I retain your personal data for the duration required by applicable limitation periods, unless legal regulations mandate a longer retention period, or as otherwise specified in this policy for particular data categories.

Cookies

Cookies are small data files that are stored on your device when you visit a website. Cookies are widely used by online service providers because they make the interaction between users and websites easier and faster, allow for better targeting and relevance of ads, collect analytical data, and generally provide a better experience for website visitors.

Cookies set by websites (in this case, lucygrossmann.com) are called “first-party cookies”. Cookies set by parties other than the website or platform owner are called third-party cookies. Third-party cookies allow for the provision of special features, such as advertising, interactive content, or analytics. The third parties that set these cookies can then recognize your device when you visit the website, mobile application, or platform in question, as well as when you visit some other websites or mobile applications.

The information collected through cookies does not directly identify your name, contact information, or other personally identifiable information unless you choose to provide this information to me, for example, by filling out a form or booking a session.

Why do I use cookies?

I use both first-party and third-party cookies for several reasons. Some cookies are essential for the technical operation of my website, enabling basic functionalities. Other cookies help me understand how you use my website so I can improve it (analytics). With your consent, I also use cookies to track the pages you visit on my website, which helps me understand your interests and make my advertisements on social networks more relevant to you. Third parties may also serve cookies through my website for analytics and other purposes, with your consent where required by law.

What cookies do I record?

When you browse my website, I record your IP address, how long you stay on the page, which page you come from, and if you arrived via one of my affiliate partners. I use cookies for measuring website traffic, affiliate tracking, and customizing the display of the website. I believe this processing is in my legitimate interest as the website administrator, as it allows me to understand how my website is performing and improve the services I offer.

With your consent (obtained through my cookie banner), I also use cookies to track the pages you visit on my website. This information helps me understand your interests and allows me to improve the targeting and relevance of my ads on social networks for a maximum of 1 year from your last visit to the website. If you do not wish to see my ads on social networks, you can manage your ad preferences directly on the social network in question, or adjust your cookie settings in your browser. You can also manage your ad preferences on platforms that offer such controls.

What third-party cookies do I use?

I use the following third-party services that may set cookies on your device:

  • Google Analytics:
    This service is provided by Google Inc., based in the USA. I use Google Analytics cookies to analyze website traffic and user behavior to help me understand how visitors use my site and improve its functionality. The data collected by these cookies (e.g., pages visited, time spent on site, traffic sources) is processed by Google Inc. in accordance with their Privacy Policy, available at Google Privacy Policy.
  • Facebook Pixel:
    This service is provided by Facebook Inc., based in the USA. I use Facebook Pixel cookies with your consent to track your activity on my website so that I can show you relevant advertisements on Facebook and Instagram and measure the effectiveness of my ad campaigns. The data collected by these cookies (e.g., pages viewed, actions taken) is processed by Facebook Inc. in accordance with their Privacy Policy, available at Facebook Privacy Policy.
  • SmartEmailing:
    This service is provided by SmartSelling a.s., based in Czechia. I use SmartEmailing cookies to track your interaction with my website after clicking on links in my newsletters and to personalize your experience on my website based on your email engagement. The data collected by these cookies (e.g., pages visited, actions taken after clicking an email link) is processed by SmartSelling a.s. in accordance with their Privacy Policy, available at SmartEmailing Privacy Policy.

My website can also be browsed in a mode that does not allow the collection of personal data. You can disable the use of cookies on your computer.

How to refuse the storage of cookies?

You have the right to decide whether to accept or reject cookies. You can set your cookie preferences to accept/reject cookies within your web browser. If you choose to refuse cookies, you can still use my website, although your access to some features and areas may be significantly limited. Since the exact procedure for refusing cookies varies depending on the browser you are using, please refer to your browser’s help documentation.

In addition, most advertising networks offer a way to avoid targeted advertising. If you would like to learn more about opting out of targeted ads, please visit About Ads Choices or Your Online Choices.

Security and protection

I take the security and protection of your personal data very seriously and strive to protect it to the maximum extent possible using modern technologies that correspond to the current level of technical development. I treat your data with the same care and security as I would my own sensitive information.

To prevent the misuse, damage, or destruction of your personal data, I have implemented and maintain comprehensive technical and organizational measures. These measures include encryption for sensitive data transmission, strict access controls limiting data access to authorized personnel, and regular reviews and updates of my security practices to address emerging threats. I am committed to data minimization, ensuring that I only collect and retain personal data that is necessary for the specified purposes.

Transfer to third parties

To ensure specific processing operations that I cannot ensure myself with the same level of expertise and security, I use the services and applications of trusted processors who specialize in these areas and operate in compliance with GDPR. These providers act as data processors on my behalf. They include:

  • SmartEmailing (SmartSelling a.s., Czechia): For managing and sending email communication.
  • FAPI (FAPI Business s.r.o., Czechia): For invoicing purposes.
  • Facebook/Instagram (Meta Platforms Ireland Limited, Ireland – data may be transferred to the USA): For the operation of the Facebook Pixel for advertising and analytics. I ensure appropriate safeguards are in place for any data transfers outside the EU.
  • Google (Google Ireland Limited, Ireland – data may be transferred to the USA): For website analytics (Google Analytics) and advertising (Google Ads). I ensure appropriate safeguards are in place for any data transfers outside the EU.
  • [Name of Accounting Software/Firm] (Czechia): For accounting and tax compliance.

It is possible that in the future I will decide to use other applications or processors to facilitate and improve the quality of processing. However, I promise you that in such a case, when choosing a processor, I will ensure it meets at least the same high standards for security and data protection as I adhere to, including having appropriate Data Processing Agreements in place as required by GDPR.

Transfer outside the European Union

I primarily process your personal data within the European Union or in countries that the European Commission has recognized as ensuring an adequate level of data protection.

However, some of the third-party services I use (such as Google and Facebook/Instagram, based in the USA) may transfer personal data outside the EU. In such cases, I ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to guarantee that your personal data is protected in accordance with GDPR requirements.

What are your rights?

You have a number of rights in relation to your personal data under the GDPR. If you would like to exercise any of these rights, please contact me at: [email protected].

  • Right to Information:
    This right is fulfilled by this Privacy Policy, which provides you with comprehensive information about how I process your personal data.
  • Right of Access:
    You have the right to request confirmation as to whether or not your personal data is being processed, and to access the personal data and related information. Upon your request, I will provide you with evidence of what personal data I am processing and why, typically within 14 days.
  • Right to Rectification:
    If you believe that any personal data I hold about you is inaccurate or incomplete, you have the right to request that I correct or complete it.
  • Right to Restriction of Processing:
    You can exercise this right if you contest the accuracy of your data, if the processing is unlawful but you oppose erasure, if I no longer need the data but you require it for legal claims, or if you have objected to the processing (pending the verification of legitimate grounds).
  • Right to Object:
    You have the right to object to the processing of your personal data based on my legitimate interests (including direct marketing). You can object to direct marketing at any time by unsubscribing as described below. For other legitimate interests, your objection will be considered based on the specific circumstances and my legitimate grounds for processing.
  • Right to Data Portability:
    If you wish to receive the personal data you have provided to me in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, please contact me. I will provide this information to you within 30 days.
  • Right to Erasure (“Right to be Forgotten”):
    You have the right to request the erasure of your personal data, and I will comply without undue delay, unless there is a legal obligation or other legitimate ground for retaining the data. It may take up to 30 days to ensure complete erasure from all systems, including backups. I will inform you by email once the deletion is complete, except where legal obligations require retention.
  • Right to Lodge a Complaint with a Supervisory Authority:
    If you believe that my processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Office for Personal Data Protection. I encourage you to contact me first to address any concerns.
  • Unsubscribing from Newsletters and Commercial Communications:
    If you are a customer, I may send you emails about my services based on my legitimate interest. If you are not a customer, I will only send them with your consent. You can unsubscribe from these emails at any time by clicking the “unsubscribe” link in the email.

Confidentiality

I would like to assure you that me and collaborators who will process your personal data are obliged to maintain strict confidentiality regarding this data and the security measures I have in place, as the disclosure of such information could compromise the security of your personal data. This obligation of confidentiality continues even after the termination of the contractual relationship with me.

Your personal data will not be disclosed to any other third party without your explicit consent, except when I’m legally obligated to do so (e.g., in response to a legal request from a court or other authorized authority).

Thank you for taking the time to read my Privacy Policy. For complete details regarding the use of my website and services, please see my Terms and Conditions.

Privacy Overview
Lucy Grossmann Photography logo circle

This website uses cookies to enhance your browsing experience and to provide certain functionalities. Below, you can customize your cookie preferences for different categories. Please note that some cookies are essential for the website to function correctly and cannot be disabled.

Essential Cookies

These cookies are strictly necessary for the basic operation of my website. They enable core functionalities such as page navigation, access to secure areas, and language preferences. Without these cookies, the website cannot function properly.

Analytics Cookies

These cookies help me understand how visitors interact with my website by collecting and reporting information anonymously. They allow me to analyze website traffic, user behavior, and performance, which helps me to improve my site and services.

Marketing Cookies

These cookies are used to track visitors across websites. They may be used by third-party advertising companies to build a profile of your interests and show you relevant advertisements on other sites. These cookies also help me measure the effectiveness of my marketing campaigns.

Powered by  GDPR Cookie Compliance