Last updated: July 2026
We are committed to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we comply with these regulations.
For the purposes of UK GDPR, the data controller is:
Business name: willow-soar
Address: Studio 14, Riverside Business Centre, 42 Merchant Street, Bristol BS1 3NX, United Kingdom
Email: [email protected]
We process personal data under one or more of the following lawful bases:
Processing is necessary to fulfill our contractual obligations when you engage our photography services, including scheduling, service delivery, and project communication.
We process data where necessary for legitimate business interests, including:
Where required, we obtain explicit consent for specific processing activities such as marketing communications or non-essential cookies.
Processing necessary to comply with legal requirements, including tax obligations, accounting regulations, and response to lawful requests from authorities.
You can request a copy of the personal data we hold about you. We will provide this information within one month of receiving a valid request.
If you believe personal data we hold is inaccurate or incomplete, you can request correction or completion.
You can request deletion of your personal data in certain circumstances, including:
You can request we limit how we use your data in specific situations:
Where processing is based on consent or contract performance and carried out by automated means, you can request your data in structured, commonly used, machine-readable format and have it transferred to another controller.
You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
We do not currently use automated decision making or profiling that produces legal or similarly significant effects.
To exercise any of these rights, contact us at [email protected] with:
We will respond within one month. In complex cases, this may be extended by two additional months with notification and explanation.
We implement appropriate technical and organizational measures to ensure data security:
In the event of a data breach likely to result in high risk to your rights and freedoms, we will notify you without undue delay. We will also notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR.
Our primary operations are within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place through:
We work with carefully selected third-party service providers who process data on our behalf. These processors are contractually bound to:
We retain personal data only as long as necessary for stated purposes:
Our services are not directed to individuals under 16. We do not knowingly collect or process data from children without appropriate parental consent.
If you believe we have not handled your data in accordance with UK GDPR, you can lodge a complaint with:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We review and update our GDPR compliance measures regularly. Material changes to how we process personal data will be communicated through website updates and, where appropriate, direct notification to affected individuals.
For questions about our data protection practices or to exercise your rights, contact:
Email: [email protected]
Subject line: GDPR Inquiry