Privacy Policy

A legal disclaimer

Effective Date: 27/12/2025

M97photograph (“we,” “us,” or “our”) is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or purchase from us.

1. Who We Are (Data Controller)

For the purposes of UK data protection law, the data controller is:

M97photograph
Email: m97photograph@hotmail.com

2. Personal Data We Collect

We may collect the following personal data:

a) Information You Provide

Name
Email address
Billing and delivery address
Phone number
Payment details (processed securely by third-party providers; we do not store card numbers)
Account login details (if applicable)
Any information submitted via forms or emails

b) Automatically Collected Data

IP address
Browser and device information
Pages visited and timestamps
Cookies and usage data

3. Lawful Bases for Processing

Under UK GDPR, we process your data on the following lawful bases:

PurposeLawful Basis

Processing orders and paymentsContract

Customer service and communicationsContract / Legitimate interests

Marketing communications (if applicable)Consent

Fraud prevention and securityLegitimate interests

Legal and accounting obligationsLegal obligation

Website analytics and improvementLegitimate interests / Consent (for non-essential cookies)

4. How We Use Your Data

We use your data to:

Process and deliver orders
Provide customer support
Communicate order updates
Improve our services and website
Comply with legal requirements
Prevent fraud and misuse

We do not sell personal data.

5. Sharing Your Data

We may share your data with:

Payment processors (e.g. Stripe, PayPal)
Delivery and courier services
Website hosting and analytics providers
Legal or regulatory authorities if required

All third parties are contractually required to comply with UK GDPR.

6. International Transfers

If any data is transferred outside the UK, we ensure appropriate safeguards are in place such as:

Adequacy regulations
Standard contractual clauses

7. Cookies

We use cookies for:

Essential website functionality
Analytics and performance
Remembering preferences

You can manage cookie preferences through your browser or our cookie banner.

8. Data Retention

We retain data only as long as necessary:

Data Type Retention Period

Order records 6 years (HMRC requirement)

Account data Until account deletion

Marketing consent Until withdrawn

Support emails Up to 2 years

9. Your Rights Under UK GDPR

You have the right to:

Access your data
Rectify inaccurate data
Erase your data (right to be forgotten)
Restrict processing
Data portability
Object to processing
Withdraw consent at any time

To exercise your rights, email us at: [your email address]

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
www.ico.org.uk

10. Data Security

We implement technical and organisational measures to protect personal data, including encryption, secure servers, and access controls.

11. Children’s Data

We do not knowingly collect data from children under 13.

12. Changes to This Policy

We may update this policy from time to time. Updates will be posted here with a new effective date.

13. Contact Information

For privacy-related enquiries: