POPIA Statement

Our role

We are the Responsible Party (equivalent to "data controller") for the personal information collected via this website, email enquiries, and during the booking and delivery of shoots.

Contact for POPIA requests

All POPIA-related requests (access, correction, deletion, objection) go to [email protected].

The 8 POPIA conditions — how we comply

1. Accountability. Privacy and data practices are documented and reviewed annually.
2. Processing limitation. We collect only what we need to quote, schedule, deliver and follow up on a shoot.
3. Purpose specification. We collect data for explicit purposes stated at the point of collection (reply to enquiry, coordinate shoot, invoice, follow-up). We do not repurpose data without consent.
4. Further processing limitation. Data is not used for incompatible secondary purposes.
5. Information quality. We keep records accurate and up to date. You can request correction at any time.
6. Openness. This page, the Privacy Policy and the contact form notice together form our openness disclosure.
7. Security safeguards. Data is stored on reputable hosted platforms (email, cloud storage, file delivery) with TLS in transit and access controls. Client galleries are link-protected.
8. Data subject participation. You can access, correct or request deletion of your personal data via email.

What we do NOT collect

We do not collect identity numbers, passport numbers, bank or card details, health or biometric data, or data about children.

Cross-border transfers

Some of our processors (e.g. Google Workspace, cloud storage) store data outside South Africa. These processors are bound by recognised data-protection regimes and contractual safeguards. If you prefer SA-only hosting, email us — we can accommodate reasonable requests.

Direct marketing

We do not engage in unsolicited electronic marketing. Existing clients may receive occasional follow-ups about their own shoots. Every marketing email (if ever sent) includes an opt-out link.

Your rights

• Confirmation of whether we hold your personal data.
• Access to that data, in a reasonable format.
• Correction or deletion, subject to legal retention requirements (e.g. SARS keeps invoicing data for 5 years).
• Objection to processing and withdrawal of consent.
• Lodge a complaint with the Information Regulator at inforegulator.org.za.

Breach notification

In the event of a security compromise affecting personal information, we will notify affected individuals and the Information Regulator as required by POPIA, as soon as reasonably possible.

Contact

Email [email protected] for any POPIA question or request. See also our Privacy Policy and Terms of Service.