top of page


Here is my GDPR (General Data Protection Regulation) compliant privacy policy. The new regulation means that businesses have to provide clear information on how and why they collect personal data to anyone that lands on their website.


You can use my website without the need to provide any personal data, however if you wish to enquire or book me then processing your personal data will become necessary.

Data collection and processing

Freya Raby Photography is the controller of data that passes through this website or via email. This data is kept private between myself and a couple of other carefully selected data processors.

Personal data I collect
I may collect and process the following information you provide when you complete the enquiry form on my website:

  • Name

  • Email Address

  • Mobile Number


If you decide to go ahead with the booking, I may collect and process this additional information you provide when you complete my booking form:

  • Home Address

  • Business Address (for commercial)

  • Venue Address

  • Names of key guests (for weddings and events)

  • Names of people attending the photoshoot (for commercial and family sessions)

I never capture credit or debit card numbers, payments for bookings are made by you via bank transfer (BACS).


How I collect and keep this information

When you complete and submit my enquiry form, the information arrives in my email inbox which is secured with a password. These forms are also stored within my website which is secured with a password. If you decide not to proceed with the booking and request that I delete your data, I will of course do so.

If you go ahead with a booking I'll ask you to complete a booking form, for weddings this will be a paper copy printed out and stored in a ring binder which is locked in a drawer in my office, the information is also transferred into a spreadsheet which is stored on an external hard drive and kept locked in my office.

For other events, family sessions and commercial photography this is an online Google Forms form that will be emailed to you which is stored within Google Suite and also printed out and filed in a different ring binder to my wedding booking forms but locked in the same drawer in my office.


External data processors

In addition to my own data, I also use a couple of other data processors. They are listed below.

Google Suite

Google Suite is a tool for providing services which are available over the internet. I use Google Forms to collect and store information relating to events, family sessions and commercial photography. Google are fully GDPR compliant. I retain 7 years of data in order to be compliant with legal obligations, except in the case of email which is retained indefinitely.


WeTransfer is a cloud-based computer file transfer service. I use WeTransfer to quickly and easily share images with you from an event, family sessions and/or commercial photography (I don't use WeTransfer for weddings). WeTransfer are fully GDPR compliant.

Face based data

I do use client's photos on my website, social media etc and always ask for your permission beforehand (it's a part of my booking form), and if you don't want me to share your images, I won't.

I will not sell your photos to anyone.

I will always contact you for further permission if I get approached about featuring your photos in outside blogs/magazines (Your Yorkshire Wedding/The Wedding Affair etc).


I work on assumption that wedding/events guests are happy to be photographed, if not they must say so otherwise.

I won't share photos of children on my website and social media unless I have permission from their parents to do so.

All of my photos are stored on an external hard drive which is kept locked in my office.

The Policy was last updated in May 2018 and I will keep this Policy under regular review.

If you are concerned about any information I hold about you please contact me, I'm more than happy to share!

bottom of page