Privacy Policy

John Dunne Photography is committed to protecting your privacy and handling your personal data in a lawful, fair, and transparent manner.This Privacy Policy explains how and why personal data is collected and used when you visit this website, purchase products or services, or otherwise interact with us.

If you have any questions about this policy or how your data is handled, you may contact us at [email protected].

1. Data Controller

The data controller responsible for this website is:

John Dunne Photography
Sole trader
Ireland
Email: [email protected]

2. Legal Basis and Data Protection Principles

We process personal data in accordance with the General Data Protection Regulation (GDPR) and Irish data protection law. In particular, we adhere to the following principles:

  • Personal data is processed lawfully, fairly, and transparently
  • Data is collected for specified, explicit, and legitimate purposes
  • Only the minimum amount of data necessary is processed
  • Data is kept accurate and up to date
  • Data is retained only for as long as necessary
  • Appropriate security measures are applied to protect data

Processing is carried out on one or more of the following legal bases:

  • Performance of a contract
  • Compliance with a legal obligation
  • Legitimate interests
  • Consent, where required

3. Your Rights

Under GDPR, you have the right to:

  • Be informed about how your personal data is processed
  • Access personal data held about you
  • Request rectification of inaccurate or incomplete data
  • Request erasure of your personal data in certain circumstances
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interests or direct marketing
  • Withdraw consent at any time where processing is based on consent
  • Receive your data in a portable format, where applicable
  • Lodge a complaint with the Irish Data Protection Commission

Irish Data Protection Commission
Website: www.dataprotection.ie

To exercise any of your rights, please contact [email protected].

4. Personal Data We Collect

4.1 Data you provide directly

Depending on how you interact with the site, this may include:

  • Name
  • Email address
  • Postal address
  • Billing and shipping details
  • Enquiry details submitted via contact forms
  • Account details if you choose to create a WooCommerce account

This data is typically collected when you make a purchase, submit an enquiry, or sign up to receive communications.

4.2 Data collected automatically

When you visit the website, certain technical data may be collected automatically, including:

  • IP address
  • Browser type and version
  • Device type
  • Pages viewed and referrer information
  • Date and time of access

This data is used for security, performance, and aggregated analytics purposes.

5. How We Use Personal Data

Personal data is used for the following purposes:

  • To process and fulfil orders for prints, licences, or services
  • To respond to enquiries and provide requested information
  • To manage customer accounts where applicable
  • To issue invoices and maintain financial records
  • To comply with legal and regulatory obligations
  • To maintain the security and integrity of the website

Where marketing communications are involved, personal data is used only where you have provided explicit consent.

6. Payments and Transactions

Payments for products and services are processed securely by third-party payment providers.

  • Stripe is used to process card payments
  • Payment details are entered directly on the payment provider’s secure systems
  • John Dunne Photography does not store full card details

Transaction records and associated billing information are retained for six years to comply with Irish tax and accounting requirements.

7. Email Communications and Marketing

  • We use email to communicate with customers and subscribers for transactional and, where consent has been given, marketing purposes.
  • Transactional emails (such as order confirmations) are sent as part of fulfilling a contract.
  • Marketing or newsletter emails are sent only with your explicit consent. Double opt-in is used for newsletter subscriptions, and you can unsubscribe at any time using the link provided in emails.
  • We do not automatically subscribe customers to marketing lists as a result of a purchase.
  • Mailchimp is used solely to manage newsletter and marketing email subscriptions.

8. Analytics and Website Performance

8.1 Cloudflare Web Analytics

This website uses Cloudflare Web Analytics to measure general website usage and performance.

  • Cloudflare Web Analytics does not use cookies
  • It does not track users across websites
  • It provides aggregated, privacy-focused statistics

This analytics data is used to understand traffic trends and improve site performance.

8.2 Future analytics and advertising tools

In the future, we may choose to use additional analytics or advertising tools, such as:

  • Google Analytics
  • Google Ads conversion tracking
  • Meta (Facebook and Instagram) advertising tools

Any such tools will be:

  • Implemented only when required
  • Activated only with appropriate user consent
  • Blocked by default until consent is given

9. Embedded Content and Third-Party Services

Pages on this website may include embedded content or integrations from third-party services, including:

  • Instagram
  • YouTube
  • Google Maps

Embedded content may behave in the same way as if you visited the third-party website directly. Such services may collect data according to their own privacy policies.
Embedded content is subject to consent controls where required.

10. Cookies and Consent Management

This website uses a consent management platform to control the use of cookies and similar technologies.

  • Essential cookies are used to ensure the site functions correctly
  • Non-essential cookies, including analytics or marketing cookies, are used only with consent
  • You may manage or withdraw consent at any time

Detailed information about cookies is provided in the site’s Cookie Policy.

11. Security

We take appropriate technical and organisational measures to protect personal data, including:

• HTTPS encryption
• Secure hosting infrastructure
• Hosting-level security and traffic protection, including Cloudflare-based services
• Access controls and monitoring

While no system can be guaranteed to be completely secure, we take reasonable steps to protect personal data and will notify relevant authorities and affected individuals in the event of a data breach where required by law.

12. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected, including:

  • Transaction and billing records retained for six years
  • Enquiry data retained only as long as needed to respond and follow up
  • Marketing data retained until consent is withdrawn

13. Children’s Data

This website is intended for a general audience and is not directed at children under 16. We do not knowingly collect personal data from children.

14. International Data Transfers

Some service providers used by this website are based outside the European Economic Area.

Where personal data is transferred internationally, appropriate safeguards are used, such as standard contractual clauses or adequacy decisions, to ensure data protection standards are maintained.

15. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in legal requirements, services, or business practices. The most recent version will always be published on this website.

Last updated: January 2026