Privacy Policy

Last updated: 9 April 2026

Introduction

Brisk Whisper ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard information when you visit our website or engage our services.

This policy applies to information collected through our website, email communications, and during the provision of photography services. By using our services or website, you agree to the collection and use of information in accordance with this policy.

Information We Collect

We collect several types of information depending on how you interact with us:

Information You Provide Directly

When you contact us or engage our services, you may provide:

  • Name and contact details (email address, postal address)
  • Company name and business information
  • Project details and requirements
  • Payment and billing information
  • Any other information you choose to share in communications

Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

  • IP address and browser type
  • Pages visited and time spent on pages
  • Referring website addresses
  • Device information and operating system
  • Cookie data (see our Cookies Policy for details)

Photographic Material

During photography sessions, we create images that may include identifiable individuals or property. The use and storage of these images are governed by separate usage agreements and model releases where applicable.

How We Use Your Information

We use collected information for various legitimate purposes:

Service Delivery

  • Responding to inquiries and providing quotes
  • Scheduling and coordinating photography sessions
  • Delivering finished photographs and related services
  • Processing payments and maintaining financial records
  • Communicating about ongoing projects

Business Operations

  • Maintaining client records and project history
  • Improving our services based on feedback
  • Analysing website performance and user behaviour
  • Protecting against fraud and unauthorised access
  • Complying with legal obligations

Marketing Communications

With your consent, we may send occasional updates about our services, portfolio additions, or industry insights. You can unsubscribe from marketing communications at any time through the link provided in emails or by contacting us directly.

Legal Basis for Processing

Under UK data protection law, we process personal data based on:

  • Contract performance: Processing necessary to provide services you've requested
  • Legitimate interests: Operating our business, improving services, and protecting against fraud
  • Consent: Marketing communications and non-essential cookies
  • Legal obligations: Compliance with tax, accounting, and other legal requirements

Information Sharing and Disclosure

We do not sell or rent your personal information to third parties. We may share information in limited circumstances:

Service Providers

We work with trusted third parties who assist in business operations:

  • Payment processors for secure transaction handling
  • Cloud storage providers for data backup and file delivery
  • Email service providers for communications
  • Accounting and bookkeeping services

These providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose information when required by law, court order, or legal process, or when necessary to protect our rights, property, or safety, or that of others.

Business Transfers

If our business is acquired or merged with another entity, your information may be transferred as part of that transaction. You would be notified of any such change.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

Security measures include:

  • Encrypted data transmission using SSL/TLS protocols
  • Secure password-protected systems
  • Regular security assessments and updates
  • Limited employee access to personal information
  • Secure physical storage of any paper records

Despite our efforts, no method of transmission or electronic storage is completely secure. We cannot guarantee absolute security but remain committed to protecting your data using industry-standard practices.

Data Retention

We retain personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.

Typical retention periods include:

  • Client project data: Seven years for financial and contractual records
  • Marketing communications data: Until you unsubscribe or we no longer have legitimate interest
  • Website analytics: Typically 26 months
  • Photographic files: As agreed in service contracts, typically maintained for potential future use

Your Rights

Under UK data protection legislation, you have several rights regarding your personal information:

Right to Access

You can request copies of your personal data we hold. We'll provide this information within one month of your request.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal information.

Right to Erasure

In certain circumstances, you can request deletion of your personal data, though this may not always be possible due to legal obligations or legitimate interests.

Right to Restrict Processing

You can request that we limit how we use your personal information in specific situations.

Right to Data Portability

You can request your personal data in a structured, commonly used format for transfer to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

To exercise any of these rights, contact us using the details provided at the end of this policy. We may need to verify your identity before processing requests.

International Data Transfers

Your personal information is primarily stored and processed within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us immediately.

When photographing minors, we obtain appropriate parental or guardian consent through model releases and usage agreements.

Third-Party Websites

Our website may contain links to external websites operated by third parties. We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites. We encourage you to review the privacy policy of any site you visit.

Changes to This Policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. The updated version will be indicated by a revised "Last updated" date at the top of this page.

For material changes, we will provide prominent notice on our website or contact you directly if we have your email address. Your continued use of our services after changes become effective constitutes acceptance of the revised policy.

Contact Information

If you have questions about this privacy policy or wish to exercise your data protection rights, please contact us:

Brisk Whisper Photography
Unit 12, Warehouse Quarter
45 Hackney Road
London E2 7NX
United Kingdom
Email: [email protected]

Supervisory Authority

You have the right to lodge a complaint with the UK's data protection supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: brisk-whisper.com