GDPR Policy

Data protection for visitors in the EU and UK

Last updated: February 2025

This GDPR Policy supplements our Privacy Policy and applies to individuals in the European Economic Area (EEA), European Union (EU), and United Kingdom (UK). It explains your rights under the General Data Protection Regulation (GDPR) and UK GDPR.

1. Data Controller

Tim Nicholls Photography is the data controller for personal data processed through this website. We are based in Australia. For EU/UK visitors, we process data in accordance with applicable data protection laws.

2. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Legitimate interests: Operating the website, showing relevant advertisements, improving our services
  • Consent: Where you have given clear consent (e.g. for non-essential cookies)
  • Legal obligation: Where processing is required by law
  • Contract: Where processing is necessary to fulfil a contract with you

3. International Transfers

Your data may be transferred to and processed in countries outside the EEA/UK (including Australia and the United States) where our service providers operate. We ensure appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions, are in place where required.

4. Your Rights

Under the GDPR and UK GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data in certain circumstances
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent
  • Right to lodge a complaint: Complain to a supervisory authority (e.g. your local data protection authority)

To exercise these rights, contact us using the details on our Contact page. We will respond within one month.

5. Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

6. Cookies

We use essential cookies to operate the site and may use non-essential cookies (e.g. for advertising) with your consent where required. You can manage cookie preferences in your browser settings or via Google Ads Settings for ad-related cookies.

7. Contact

For GDPR-related inquiries or to exercise your rights, contact us via the method provided on our Contact page when available.

Privacy Policy · US Privacy Policy · Home