Marta May Photography (THE MAYS)
Last updated: 14 October 2025
We’re Marta & Artur May, a small, family-run wedding photo + film studio based in Hereford. We care about privacy, we don’t sell your data, and we only collect what we need to reply, plan, photograph/film, deliver your gallery/films, and run our business properly.
Who we are (and how to reach us)
Data Controller: Marta May Photography THE MAYS
Email: hello@martamayphotography.co.uk Website: https://martamayphotography.co.uk
Address: 12 Windermere Road, Hereford HR4 9PR, United Kingdom
We follow the UK GDPR and Data Protection Act 2018.
What we collect (in plain English)
- Enquiry & booking info – names, emails, phone, wedding date/venue(s), how you found us, notes you share.
- Planning info – timelines, group photo lists, supplier lists, questionnaires, contracts, invoices.
- Photos & video – images/footage of you and your guests. These sometimes reveal special category data (e.g., religion at a ceremony).
- Website & email stuff – basic analytics (IP truncated where possible), cookie preferences, and email engagement if you join our list.
- Social – DMs, comments, tags; testimonials you send us.
- B2B contacts – names, emails, roles for venues/suppliers we work with.
Where does it come from? Mostly you (forms, email, phone, socials), sometimes your planner/venue (if you ask them to liaise), and public places you tag us.
Why we use it (lawful bases)
- Replying to enquiries & sending quotes – Contract / Legitimate Interests
- Shooting, editing & delivering your photos/film, albums, print store —- Contract
- Portfolio, blog, social & awards – usually Consent (we’ll ask); sometimes Legitimate Interests (you can object)
- Business admin (accounts, tax, insurance, backups) – Legal Obligation / Legitimate Interests
- Marketing emails (if you sign up) – Consent (unsubscribe anytime)
- Special category data in images – typically because it’s manifestly made public at an event, and/or with explicit consent when needed.
We only keep what we need, for as long as we need it (see retention below).
Who helps us (trusted processors)
To run things smoothly we use reputable services – examples include:
- Client management & e-sign: [e.g., LightBlue]
- Online galleries & print labs: [e.g., Pic-Time + connected lab]
- Cloud storage & backup: [e.g., Google Workspace]
- Second shooters / editors / album designers (under contract & confidentiality)
- Accounting & email: [e.g., QuickBooks], Gmail/MailerLite
- Website & analytics: [Euhost], Google Analytics (configured for privacy)
We share the minimum needed; they can’t use your data for anything else. We do not sell your data.
International transfers: some providers store data outside the UK (EEA/US). Where they do, we use approved safeguards (e.g., UK IDTA / SCCs or adequacy decisions).
Cookies & analytics (short version)
Our site uses cookies for essential features, preferences, and privacy-friendly analytics. If we run ads (e.g., Meta/Google pixels), we’ll ask first via a cookie banner. You can change your choices anytime via Cookie Settings.
For details, see our Cookie Policy (types, purposes, lifespans)
How long we keep things
- Enquiries that don’t book: up to 24 months (for sensible follow-ups), then deleted/anonymised sooner on request.
- Client records (contracts/invoices): 6–7 years (legal/tax).
- Photos & films: we may archive them long-term so you can reorder and so we can maintain our portfolio. You can ask us to restrict or remove non-essential copies; we may retain necessary backups or items required by law.
Your choices & rights
You can access, fix, delete, restrict, object (especially where we rely on Legitimate Interests), and port your data in some cases.
If we rely on consent, you can withdraw it anytime.
To use your rights, email hello@martamayphotography.co.uk We may ask for proof of identity. If you’re unhappy, you can complain to the ICO: https://ico.org.uk/ – but please give us a chance to help first.
Weddings, guests & children
- We usually act as Data Controller for images we create.
- Tell us (or ask the couple to tell us) about any no-photo requests; we’ll do our best to respect them.
- We’ll only use images of children in portfolio/marketing with parent/guardian consent (or with the couple confirming they have authority). Consent can be withdrawn.
Security (what we do)
We use reasonable technical and organisational measures: account security, encryption where available, least-access, and regular backups. No system is perfect, but we review and improve our setup.
If a significant personal-data incident happens, we’ll assess it and notify the ICO within 72 hours where required, and affected people without undue delay.
Business changes
If we ever sell or restructure the business, relevant data may transfer to the new owner under this same Privacy Policy (or one with equivalent protection).
Third-party links
We link out to other websites (venues, suppliers, features). We can’t control their content or privacy practices—check their policies.
Law & where any disputes are handled
This policy is governed by the laws of England & Wales. Any disputes are subject to the courts of England & Wales.
Updates
We may update this page if our tools or the law changes. We’ll refresh the “Last updated” date above.