Last Updated: 29 November 2025

1. Who We Are

This Privacy Policy explains how LensTwist Photography (“LensTwist”, “we”, “us”, “our”) collects, uses, protects and stores your personal information when you visit our website or use our services.

LensTwist Photography is operated by:

Name: Danut P.

Business Type: Sole Trader

Brand Name: LensTwist Photography

Location: Lincoln, Lincolnshire, United Kingdom

Website: www.lenstwist.com

Email: info@lenstwist.com

For data protection purposes, LensTwist Photography is the Data Controller, meaning we decide how and why your personal information is handled.

1.1 Purpose of This Privacy Policy

This Privacy Policy explains:

What personal data we collect
Why we collect it
How we use it
How it is stored
Your rights under UK GDPR
How to contact us about your information

It applies to:

Website visitors
Clients making bookings
Membership subscribers
Users contacting us by email or forms
Anyone whose data is processed by LensTwist

1.2 Commitment to Data Protection

LensTwist Photography is committed to protecting your privacy and personal information.

We comply fully with:

UK GDPR (General Data Protection Regulation)
Data Protection Act 2018
PECR (Privacy and Electronic Communications Regulations)

We do not sell, trade, rent, or misuse your data.

We use your information only for legitimate business purposes.

1.3 What This Policy Covers

This Privacy Policy covers data collected through:

www.lenstwist.com
Booking forms
Contact forms
Newsletter sign-up (if enabled)
Email communication
Payment systems
Online galleries
Membership accounts
Social media interactions
Analytics and cookies
Loyalty programme activity

1.4 Who This Policy Applies To

This policy applies to anyone who:

Books a photography session
Purchases a membership
Uses the Website
Creates an account
Interacts with the Blog
Contacts LensTwist through forms or email
Signs up for updates or newsletters
Views or downloads images from online galleries

1.5 Updates to This Privacy Policy

LensTwist may update this Privacy Policy to reflect:

Legal requirements
New website features
Changes in booking or membership systems
Improvements to data security

All updates will appear on this page with an updated “Last updated” date.

1.6 Contact for Data Protection

If you have questions about this Privacy Policy, your data, or wish to exercise your rights, you can contact us at:

Email: info@lenstwist.com

Website: www.lenstwist.com

We will respond within the legal timeframe required by UK GDPR (usually within 30 days).

2. What Data We Collect

LensTwist Photography collects and processes personal data to provide photography services, manage bookings, operate the Website, and maintain secure digital systems.

We only collect information that is necessary for business operations, legal compliance, and improving client experience.

Below is a full list of the types of data we may collect.

2.1 Information You Provide Directly

These are details you enter on the Website or provide during communication.

✔ Contact Information

Full name
Email address
Phone number
Country/location
Preferred communication method

✔ Booking & Session Information

Session type (Silver, Gold, Platinum, etc.)
Date and time requested
Location chosen
Number of participants
Special notes or requirements
Clothing or style preferences (optional)

✔ Account Information (for clients with accounts)

Username
Password (encrypted automatically by the system; we never see it)
Profile settings
Loyalty programme activity

✔ Communication Data

Messages sent via contact forms
Emails exchanged with LensTwist
Notes related to your booking
Support requests and complaint details

✔ Payment & Billing Information

We do not store full card details.

Payment data is processed securely by third-party providers (Stripe, Wix Payments, PayPal, Klarna, Clearpay, etc.).

We may store:

Payment confirmation
Last 4 digits of card (for identification only)
Billing address (if required)
Subscription status
Invoice and receipt records

✔ Subscription Information (Memberships)

Membership type (Gold Monthly / Platinum Monthly)
Billing cycle
Payment history
Cancellation requests
Session usage each month

✔ Client Consent & Preferences

Consent for portfolio usage (or opt-out)
Privacy requests
Communication preferences

2.2 Information Collected Automatically

When you visit www.lenstwist.com, certain technical data is collected automatically through cookies and analytics.

✔ Device & Browser Information

Device type (phone, tablet, computer)
Browser type (e.g., Chrome, Safari)
Operating system
Screen resolution

✔ Website Usage Data

Pages viewed
Time spent on pages
Clicks and interactions
Entry and exit pages
Session duration

✔ IP Address & Location

We collect:

IP address
Broad location estimate (city/region)

This is done for:

Security
Fraud prevention
Analytics

We do NOT use IP addresses to identify individuals.

2.3 Information Collected Through Cookies

Cookies help improve Website performance and user experience.

We may use:

Essential cookies (for core site functionality)
Performance cookies (analytics)
Functionality cookies (preferences)
Security cookies
Payment-related cookies (for checkout)

You will see a cookie banner asking for consent (where required).

2.4 Information Collected from Photography Sessions

During sessions, we naturally collect visual data:

✔ Photographs & Videos (if applicable)

RAW files
Edited images
Personal likeness/appearance
Facial expressions
Clothing, scenery and interaction
Any visible personal items

✔ Metadata (Automatic)

Every photo automatically includes:

Date and time
Camera settings
File number
Lens information
Location data (if GPS is enabled)

Metadata is used only for editing and organisation.

2.5 Information from Social Media Interactions

If you interact with LensTwist on social platforms (Instagram, Facebook, TikTok):

We may receive:

Public profile name
Public comments
Messages sent through the platform
Tags and mentions
Shared posts or stories
Reviews and feedback

We cannot access private data from social media unless you explicitly send it.

2.6 Information from Third-Party Providers

Certain tools used by the Website may process data, such as:

Payment processors (Stripe, PayPal, Klarna, Clearpay)
Online gallery platforms
Booking systems
Email newsletter services
Analytics tools
Wix platform services

These providers comply with their own privacy regulations and UK GDPR requirements.

2.7 Sensitive Information

LensTwist Photography does not intentionally collect sensitive data such as:

Race or ethnicity
Religion
Health records
Sexual orientation
Biometric data
Political opinions

Exceptions apply only if:

You voluntarily share information (e.g., “my child has autism and needs quiet spaces”)
It is necessary for safety (e.g., mobility limitations for locations)

Such information is handled confidentially and deleted when no longer needed.

2.8 Children’s Data

We photograph families, newborns and children, but:

We require a parent/guardian to provide consent
We collect only minimal data needed (name or age if relevant)
Children cannot create Website accounts
Data of minors is handled with highest confidentiality

We do NOT knowingly collect personal information directly from children under 16 online.

2.9 Optional Information You May Provide

Sometimes clients volunteer additional details, such as:

Style preferences
Inspiration images
Personal stories for blog features
Testimonials or reviews
Feedback emails
Prior experience with photography

Providing such data is optional but helps improve the service.

2.10 Data We Do NOT Collect

LensTwist does not collect or store:

Full credit card numbers
Bank account numbers
National Insurance numbers
Passport details
Driving licence numbers
Detailed location tracking
Face recognition data
Audio recordings (unless sent by the client)

We only collect what is required for legal and operational purposes.

3. How We Use Your Data

LensTwist Photography processes personal data only when necessary and always for legitimate business purposes.

We do not sell your information, we do not share it with unauthorised parties, and we handle all data securely according to UK GDPR and the Data Protection Act 2018.

Below is a full explanation of how and why we use your data.

3.1 To Process and Manage Bookings

We use your information to:

Confirm your booking
Contact you regarding session details
Send reminders and instructions
Manage deposits and payments
Update you about rescheduling
Provide location or preparation information
Ensure your session runs smoothly

Without this data, we cannot provide photography services.

3.2 To Deliver Membership Services

For monthly memberships (Gold Monthly, Platinum Monthly):

We use your data to:

Activate and manage your subscription
Process recurring payments (monthly billing cycle)
Track monthly session usage
Contact you about upcoming sessions
Apply benefits, offers or priority access
Handle cancellations or changes

Memberships cannot function without this information.

3.3 To Provide the Photography Service Itself

We use collected data (including photos) to:

Capture images
Organise and sort files
Edit and retouch photos
Deliver online galleries
Allow downloads of final images
Manage backups and storage
Process additional editing requests

This is essential for completing the service you paid for.

3.4 To Communicate With You

We may contact you by:

Email
Phone
SMS (if provided)
Website notifications
Automated booking reminders

Reasons for communication include:

Booking confirmation
Session preparation details
Weather updates
Payment confirmations
Subscription reminders
Support and customer service
Rescheduling requests
Complaints and feedback handling

3.5 To Operate the Website

We use technical and analytical data to:

Keep the Website functional and secure
Improve speed and performance
Analyse traffic and usage patterns
Detect potential bugs or errors
Ensure compatibility with devices
Maintain online galleries
Prevent fraud or abuse

Analytics help us improve user experience over time.

3.6 To Manage Payments

We use your data to:

Process card payments
Handle deposits
Confirm completed transactions
Provide receipts
Prevent fraudulent activity
Manage subscription billing
Work with payment providers (Stripe, PayPal, Klarna, etc.)

We never store full card numbers or CVV codes.

3.7 To Provide Customer Support

We use your information to:

Respond to questions
Assist with gallery access
Resolve technical issues
Process complaints (see Section 15 of T&C)
Provide booking help or guidance

Your data allows us to deliver personalised, professional support.

3.8 To Improve Our Services

We may use anonymous or aggregated data to:

Review customer behaviour
Analyse session demand
Improve service offerings
Develop new features
Optimise membership plans
Enhance the client experience
Improve content on the Website

This data is never used to identify individuals.

3.9 For Marketing (Optional)

We may use your email to send:

Updates about services
New offers or promotions
Seasonal discounts
Blog posts or announcements
Loyalty programme updates

BUT ONLY if:

✔ you subscribed to marketing emails

or

✔ you explicitly gave consent

You can unsubscribe at any time.

We do not send spam.

We do not sell your data to advertisers.

3.10 To Maintain Loyalty Programme

For users participating in the loyalty system, we use your data to:

Track earned points
Apply discounts
Show rewards available
Manage your loyalty profile
Prevent fraud or duplicate accounts

This helps deliver accurate and fair benefits.

3.11 For Legal, Security & Compliance Reasons

We may process data when required to:

Prevent fraud
Protect the Website from attacks
Maintain accurate records
Comply with UK tax laws
Support dispute resolution
Defend legal claims
Follow law enforcement requests (rare, only if required by law)

This ensures safe and legal operation.

3.12 Photo Usage

LensTwist may use selected images (with your consent or according to your usage rights):

For portfolio
To showcase examples of work
On social media
On the Website
For advertising or marketing material

Clients can request privacy restrictions at any time (Section 10.6 of Terms).

3.13 Preventing Misuse & Fraud

Data may be used to:

Detect suspicious account activity
Identify fraudulent bookings
Block abusive behaviour
Prevent fake chargebacks
Protect other clients
Ensure loyalty points are genuine

Security is essential for protecting everyone.

3.14 Automated Decisions & Profiling

LensTwist does not use automated decision-making to:

Approve bookings
Reject bookings
Approve payments
Make legal decisions

All significant decisions are made by a human.

Analytics may identify general patterns, but nothing affects your rights or booking opportunities automatically.

4. How We Store Your Data

LensTwist Photography stores personal data securely using encrypted systems, trusted third-party services, and GDPR-compliant platforms.

We take data protection seriously and apply technical and organisational measures to keep your information safe.

This section explains where, how, and for how long your data is stored.

4.1 Storage Locations

Your data may be stored in the following secure locations:

✔ LensTwist Website Platform (Wix)

Used for:

Account information
Booking details
Contact forms
Loyalty programme tracking

Wix stores data on secure servers that comply with:

UK GDPR, GDPR, ISO/IEC 27001 and SOC-2 standards.

✔ Payment Providers

(Stripe, PayPal, Klarna, Clearpay)

These store:

Payment confirmations
Billing details
Subscription data

LensTwist cannot access full card numbers or sensitive payment details.

✔ Email Servers

Used for:

Client messages
Booking confirmations
Support communication
Complaint documentation

✔ Online Gallery Platform

Stores:

Edited images
Gallery links
Download logs

✔ Local Encrypted Storage

Securely stores:

RAW files
Editing files
Final images
Backup copies

Files are kept on encrypted drives accessible only by LensTwist Photography.

4.2 Security Measures

We use a combination of digital and organisational security, including:

✔ Encryption (SSL/TLS)

All data sent through the Website is encrypted.

✔ Encrypted local storage

Photos and local files are stored on encrypted drives.

✔ Access restrictions

Only the photographer has access to client data.

✔ Password-protected systems

All accounts and admin panels are protected by secure login systems.

✔ Two-factor authentication (where supported)

Used on payment and hosting platforms.

✔ Regular security updates

Systems and software are updated frequently to reduce vulnerabilities.

✔ Secure backup systems

Backups prevent loss of data from hardware failures.

✔ Fraud detection tools

Used by payment providers to prevent misuse.

4.3 How Long We Keep Your Data

We only store personal data for as long as necessary for:

Delivering the service
Legal obligations
Tax records
Business operations
Preventing fraud
Resolving disputes

Below are the typical retention periods:

✔ Booking & Client Records:

Up to 6 years (required under UK tax law)

✔ Emails & Messages:

1–3 years, depending on relevance

✔ Membership Information:

Stored while active + up to 2 years after cancellation

✔ Online Gallery Photos:

Typically 1–3 months (depending on system settings)

May be archived for a limited time afterward.

✔ RAW Files:

Kept for a limited period (usually 3–12 months)

Then permanently deleted.

✔ Loyalty Points Data:

Stored while the account is active

✔ Analytics & Cookies:

Stored according to cookie type (30 days–2 years)

4.4 Deleting Your Data

You may request deletion of your personal data at any time, except where retention is required by law (e.g., tax records).

When you request deletion:

Gallery access will be removed
Personal data stored in accounts will be deleted
Email communication may be anonymised
RAW files (if still stored) will be deleted
Loyalty points and account activity will be erased

We will confirm deletion within 30 days.

Some data cannot be deleted immediately due to:

Legal retention requirements
Payment processor obligations
System records needed for fraud prevention

You will be informed if any data must be retained.

4.5 Storage of Photographs

RAW Files:

Kept temporarily for editing purposes, then securely deleted.

Edited Images:

Stored securely for delivery and backup.

Not guaranteed to be stored permanently.

Client Responsibility:

After download, it is the client’s responsibility to:

Store images safely
Create backups
Download before gallery expiration

LensTwist cannot guarantee long-term image storage after delivery.

4.6 Online Gallery Security

Online galleries are protected by:

Unique links
Optional passwords
Expiration dates
Secure download protocols

LensTwist is not responsible for unauthorised sharing of gallery links by clients.

4.7 Transmission of Data

All data transmitted through the Website uses encrypted SSL/HTTPS to protect:

Personal details
Payment confirmations
Booking information
Contact form submissions

We never send unencrypted files or sensitive data over unsecured channels.

4.8 Third-Party Storage Compliance

Partners such as Stripe, Wix, Klarna, PayPal, Clearpay and gallery hosts comply with:

UK GDPR
GDPR
ISO/IEC security standards
Strong data protection practices

LensTwist only works with reputable, compliant service providers.

4.9 Breach Response

If a data breach occurs, LensTwist will:

Investigate immediately
Secure systems
Notify affected clients
Report to the ICO if legally required

Our goal is to minimise impact and prevent recurrence.

5. Sharing Your Data

LensTwist Photography values your privacy and does not sell, rent or trade your personal data.

We only share your information when it is necessary for providing our services, required by law, or when you give explicit permission.

Below is a full explanation of who we share data with and why.

5.1 Third-Party Service Providers (Necessary for Operations)

We use trusted, GDPR-compliant third-party providers to deliver our services.

Your data may be shared with:

✔ Website Platform (Wix)

Used for:

Booking forms
Contact forms
Client accounts
Loyalty programme
Website hosting
Account and gallery access

Wix stores data securely and complies with ISO/IEC 27001, SOC-2 and GDPR standards.

✔ Payment Processors

We share minimal data required to process payments, including:

Stripe
PayPal
Klarna (Pay Later)
Clearpay
Apple Pay
Google Pay

These processors handle:

Card payments
Subscription billing
Fraud prevention
Refund processing

LensTwist does not have access to full card numbers or sensitive payment information.

✔ Online Gallery Providers

Used to deliver final images.

They may process:

Email address (to send gallery link)
Client name
Download logs
Image files

Galleries are secure and GDPR compliant.

✔ Cloud Backup Providers (if used)

Used to temporarily store edited images or backups.

All cloud systems used are encrypted and compliant with GDPR.

5.2 Service-Related Tools

We may share data with tools used for operations, such as:

✔ Email services

(for sending booking confirmations, updates and support)

✔ Customer management tools (CRM)

(for tracking sessions, emails, notes)

✔ Analytics tools

(Google Analytics, Wix Analytics — anonymous data only)

These providers do not have permission to use your data for their own purposes.

5.3 Legal Requirements

We may share your data if required by law, including:

Court orders
Legal investigations
Fraud detection requests
Tax inspection compliance

Only the minimum necessary information will be disclosed.

LensTwist will never share your data without a legal basis.

5.4 Debt Recovery & Fraud Prevention

If a client commits:

Payment fraud
Chargeback abuse
Intentional booking fraud
Damage to equipment without payment
Non-payment of required fees

LensTwist may share necessary information with:

Payment processors
Fraud prevention services
Legal representatives
Debt recovery agencies (only as a last resort)

This is only done when absolutely necessary.

5.5 Social Media Sharing (By Client Choice)

If you tag LensTwist or send photos to be posted publicly:

You give permission for your images, comments or tags to be visible on social media platforms
You control what you share
You can request removal at any time

LensTwist will never post client photos without consent, except as allowed in the Copyright section (with opt-out available).

5.6 Portfolio Usage (With Consent)

Your photos may appear in:

Website galleries
Blog posts
Social media
Promotional materials

…but only when:

✔ You have given permission

or

✔ You did not opt out during or after the session

Clients can withdraw this permission at any time via email.

5.7 Collaborations (Optional)

For styled shoots or collaborations involving:

Makeup artists
Hair stylists
Venues
Clothing designers
Assistants

We may share selected images only when necessary and only with your consent.

We do not share personal information with collaborators unless explicitly authorised.

5.8 Loyalty Programme Partners

If the loyalty system is powered by a third-party provider, limited data may be shared such as:

Email address
Name
Points balance
Account activity

This is only to process rewards correctly.

5.9 Optional Email Marketing Tools

We may use GDPR-compliant email services (e.g., MailChimp, Wix Email Marketing) to send updates only to subscribers.

If you unsubscribe:

Your data is removed
You will not receive future marketing emails

5.10 No Selling or Trading of Personal Data

LensTwist Photography never:

Sells your data
Trades your data
Shares your data with advertisers
Shares your data for profit
Allows third parties to use your data for marketing

We use your information only for legitimate business purposes.

5.11 When You Request Data Sharing

We will only share data with third parties when you request it, such as:

Sending images to print shops
Referring you to makeup artists
Collaborating with event organisers
Providing proof of insurance to venues
Confirming booking details for multi-person sessions

We will share only what is necessary and nothing more.

5.12 International Transfers

Some service providers (e.g., Wix, Stripe) may store data on secure servers outside the UK, including the EU or USA.

These providers comply with:

UK GDPR
EU GDPR
Standard Contractual Clauses (SCCs)
International data protection frameworks

Your data remains protected no matter where it is stored.

6. Your Rights Under UK GDPR

As a client of LensTwist Photography, you have full rights over your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

These rights ensure transparency, control and protection of your personal information.

Below are your rights explained clearly and professionally.

6.1 Right to Be Informed

You have the right to know:

What data we collect
Why we collect it
How we use it
How long we keep it
Who we share it with
How you can exercise your rights

This Privacy Policy fulfils that requirement.

6.2 Right of Access (Subject Access Request)

You can request a copy of your personal data that LensTwist holds.

You can ask for:

Information stored in your client account
Booking records
Contact details
Communication history
Gallery delivery records
Subscription details
Any personal information processed by us

We will respond within 30 calendar days, as required by UK GDPR.

To request access, email:

info@lenstwist.com

Identity verification may be required.

6.3 Right to Rectification

If your data is:

Incorrect
Incomplete
Outdated

…you can request correction at any time.

Examples include:

Wrong email address
Incorrect spelling of your name
Updated phone number
Membership account corrections

We will update your data promptly.

6.4 Right to Erasure (“Right to Be Forgotten”)

You may ask us to delete your personal data in certain situations, such as:

You no longer use our services
You close your account
You withdraw consent
The data is no longer needed

However, some data cannot be deleted immediately due to:

Legal requirements (e.g., tax records)
Payment verification obligations
Fraud prevention rules

Photographs already delivered to you cannot be deleted from your possession.

RAW files that still exist will be deleted upon request.

6.5 Right to Restrict Processing

You can ask us to temporarily stop using your data if:

You dispute its accuracy
You believe processing is unlawful
You want us to retain data but not use it
You need data preserved for a legal claim

We will restrict use until the issue is resolved.

6.6 Right to Object

You may object to:

Marketing emails
Certain types of profiling
Non-essential data processing

If you object, we will stop processing unless:

There are overriding legitimate grounds
Processing is required for legal purposes

Marketing objections are applied immediately.

6.7 Right to Data Portability

You can request a copy of your personal data in a machine-readable format (such as CSV or text) so that you can give it to another service provider.

This applies to:

Account details
Booking information
Membership data

This does not apply to photographs or RAW files.

6.8 Rights Related to Automated Decision-Making

LensTwist does not use systems that:

Make automatic booking decisions
Approve or deny services without human input
Generate legal consequences automatically

All significant decisions are made by a human.

6.9 Right to Withdraw Consent

If we process your data based on your consent (e.g., marketing), you may withdraw it at any time.

Withdrawal does not affect:

Past lawful processing
Legal requirements
Subscription or booking contracts already in place

You can unsubscribe or request removal by emailing:

info@lenstwist.com

6.10 Right to Complain to the ICO

If you believe LensTwist Photography has mishandled your data, you have the right to complain directly to the:

Information Commissioner’s Office (ICO)

The UK’s official data protection authority.

Website: www.ico.org.uk

We encourage you to contact LensTwist first so we can resolve issues quickly and professionally.

7. Cookies & Tracking

The LensTwist Website uses cookies and similar tracking technologies to improve performance, enhance user experience, enable essential features and analyse website traffic.

This section explains what cookies we use, why we use them, and how you can control them.

By using the Website, you agree to the use of cookies as described below.

7.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website.

They help websites remember your preferences, improve speed, and keep your session secure.

Cookies can be:

First-party cookies (set by LensTwist)
Third-party cookies (set by trusted partners like Wix or analytics tools)
Session cookies (temporary)
Persistent cookies (stay on your device until deleted or expired)

7.2 Types of Cookies We Use

LensTwist uses several categories of cookies:

(1) Essential Cookies (Strictly Necessary)

These are required for the Website to function.

They include cookies for:

Website security
Logging in to accounts
Booking system functionality
Payment processing
Private gallery access
Cookie consent banner
Site navigation

You cannot disable these cookies because the site will not function without them.

(2) Performance & Analytics Cookies

These help us understand how visitors use the Website.

They track:

Pages visited
Click patterns
Session duration
Traffic sources
Device and browser types
Errors or slow pages

Examples:

Google Analytics
Wix Analytics

These cookies help improve the Website but are optional.

(3) Functionality Cookies

These remember your preferences to enhance your experience.

They may store:

Language choices
Login preferences
Display settings
Form auto-fill options

These improve convenience but are not essential.

(4) Marketing & Advertising Cookies (If Enabled)

Used only if marketing features are active on your site.

These may support:

Retargeting
Social media tracking
Behaviour-based ads

LensTwist currently does not run personalised ads, but third-party tools (like Facebook Pixel or Google Ads, if activated later) may use these cookies.

These are always optional and require explicit consent.

7.3 Third-Party Cookies

Trusted partners helping with Website functionality may set cookies, including:

Wix (website hosting)
Stripe / PayPal / Klarna / Clearpay (for checkout)
Google Analytics (traffic analysis)
Cloud hosting providers
Online gallery platforms

These cookies support essential features and analytics.

All third-party partners follow GDPR requirements.

7.4 Cookie Consent Banner

When you first visit www.lenstwist.com, you will see a cookie consent banner.

Depending on your choice:

Accept All: all cookies are enabled
Accept Essential Only: optional cookies are disabled
Custom Preferences: you choose what to allow

Your cookie preferences can be changed at any time.

7.5 Why We Use Cookies

Cookies help us:

Keep the Website secure
Provide fast and stable performance
Ensure the booking and checkout system works
Deliver private galleries safely
Improve user experience
Analyse Website traffic
Fix errors and improve design
Understand how clients use the Website

We do not use cookies to identify you personally.

7.6 How to Control or Delete Cookies

You can control cookies through:

✔ Browser settings (Chrome, Safari, Firefox, etc.)

You can:

Delete cookies
Block cookies
Allow essential-only cookies

✔ Cookie banner preferences

Changeable at any time.

✔ Private/incognito browsing

Prevents cookies from being stored long-term.

Note:

If you disable essential cookies, some features of the Website will not work, including:

Booking forms
Account login
Checkout
Online galleries
Payment systems

7.7 Tracking Technologies We May Use

In addition to standard cookies, the Website may use:

Web beacons (to track email delivery)
Pixel tags (analytics, if activated)
Session tracking (for security)
Script trackers (for performance optimisation)

These tools help improve functionality and security.

7.8 Do Not Track (DNT)

Some browsers offer a “Do Not Track” setting.

The LensTwist Website currently does not respond to DNT signals due to industry-wide limitations, but:

We do not use aggressive tracking
We do not sell or exploit personal data

Your privacy remains protected regardless.

7.9 Updates to Cookie Practices

We may update cookie usage when:

New features are added
Third-party providers change their systems
Website structure updates
Legal requirements change

Any major update will be reflected in this Privacy Policy.

8. Data Retention

LensTwist Photography keeps personal data only for as long as it is necessary for business operations, legal compliance, and providing high-quality photography services.

We do not store more data than needed, and we delete or anonymise information when it is no longer required.

This section outlines how long different types of data are kept and why.

8.1 General Retention Principles

We keep data only when it is required for:

Fulfilling bookings and services
Processing payments
Managing memberships
Maintaining legal tax records
Protecting against fraud
Resolving disputes
Providing customer support
Complying with UK GDPR

Once data is no longer necessary, it is:

Securely deleted
Anonymised
Or archived with restricted access

8.2 Retention Periods by Data Type

Below are the typical data retention timelines used by LensTwist Photography:

✔ Booking & Client Records

Up to 6 years

(Required for tax, proof of service, and legal compliance)

Includes:

Booking history
Deposits
Invoices & receipts
Payment confirmations

✔ Communication (Emails, Contact Forms)

Stored for 1–3 years, depending on relevance.

Useful for:

Support
Complaint resolution
Session reference

✔ Membership Data (Monthly Subscriptions)

Stored while active + up to 2 years after cancellation.

Includes:

Billing cycles
Session usage
Subscription history

✔ Online Galleries & Download Links

Typically available for 1–3 months.

After expiration:

Galleries may be deleted
Files may be archived temporarily
Reuploads may require a small fee

✔ RAW Files

Stored temporarily for editing purposes.

Kept for:

3–12 months, then securely deleted.

RAWs are never kept permanently.

✔ Edited Images

We may store them for several months after delivery, but long-term storage is not guaranteed.

Clients are responsible for downloading and backing up their images.

✔ Loyalty Programme Data

Stored while the client has an active Website account.

If the account is deleted:

Loyalty data is deleted
Points are removed

✔ Website Analytics & Cookies

Kept for 30 days to 2 years, depending on cookie type.

Analytics data is anonymous and cannot identify you personally.

✔ Marketing Email Data

Stored only while you are subscribed.

If you unsubscribe:

Your email is removed
You will not receive further marketing messages

8.3 Data We Cannot Delete Immediately

Some data must be kept due to legal obligations, including:

Payment records
Invoices
Financial transactions
Tax documentation

UK law requires retention for 6 years.

We cannot delete such data until the legal period expires.

8.4 Client Requests to Delete Data

You may request deletion of your data at any time, except where retention is legally required.

Upon request:

Personal details are removed
Account is deleted
Photos stored on our system (if still present) are deleted
Communication records may be anonymised

We respond within 30 days, as required by UK GDPR.

8.5 Anonymous & Aggregated Data

Some data may be anonymised for:

Analytics
Service improvement
Trend evaluation

Anonymous data cannot identify you and may be kept indefinitely.

8.6 Responsibility for Photo Backups

LensTwist encourages clients to:

Download galleries immediately
Create personal backups
Save images in multiple locations

We cannot guarantee image storage after gallery expiration.

8.7 Secure Deletion Practices

When data is deleted, we use:

Encrypted deletion
Secure overwriting
Permanent removal from cloud systems
Removal from backups when feasible

We do not resell or reuse deleted data.

9. How We Protect Your Data

LensTwist Photography is fully committed to keeping your personal information safe.

We use strong technical and organisational security measures to protect data from:

Unauthorised access
Loss
Misuse
Disclosure
Alteration
Destruction

We take privacy seriously and design our systems to ensure your data stays secure at all times.

9.1 Technical Security Measures

We use advanced digital protections, including:

✔ SSL/HTTPS Encryption

All data sent through the Website is encrypted to prevent interception.

✔ Secure Servers

Data stored through Wix, Stripe, PayPal, Klarna, Clearpay and gallery hosts is protected by enterprise-grade servers.

✔ Password Protection

All internal accounts and admin tools are secured with strong passwords.

✔ Two-Factor Authentication (2FA)

Enabled on payment providers and key systems for enhanced security.

✔ Encrypted Local Storage

RAW files, edited images and backups are stored on encrypted drives.

✔ Firewall & Anti-Malware Protection

Used to prevent cyber threats, malicious software and unauthorised access.

✔ Fraud Detection Technology

Payment processors use automated tools to detect suspicious activity.

9.2 Organisational Security Measures

We take practical steps to reduce risk:

✔ Limited Access

Only the photographer (Danut P.) has access to your data.

✔ Staff-Free Operation

LensTwist Photography has no employees who can see your data.

This greatly reduces data exposure risk.

✔ Strict Confidentiality

All communication and client information is handled privately.

✔ Secure Handling of Devices

Work devices are kept locked, encrypted and protected at all times.

✔ Controlled Sharing

Data is shared only with trusted partners when absolutely necessary (Section 5).

9.3 Payment Security

LensTwist does not store or process full card details.

All payments are handled securely by:

Stripe
PayPal
Klarna
Clearpay
Apple Pay
Google Pay

These payment providers use:

PCI DSS Level 1 security
Tokenisation
Fraud prevention tools
Encrypted transactions

This means your card details are fully protected and never accessible to LensTwist.

9.4 Website Platform Security

The Website is hosted on Wix, which provides:

Advanced firewalls
DDoS protection
Security patches and updates
Encrypted database storage
SOC 2 Type II compliance
24/7 monitoring for threats

Wix is one of the most secure website platforms available.

9.5 Online Gallery Security

We protect your images through:

Unique gallery links
Password protection (if activated)
Expiration dates
Watermark options (where applicable)
Secure download systems

Clients are responsible for keeping gallery links private.

9.6 Data Minimisation

We only collect the minimum amount of personal data necessary for:

Providing the service
Processing payments
Legal compliance
Client communication
Website functionality

We do not store unnecessary or excessive information.

9.7 Secure Backup Practices

To prevent data loss, we maintain secure backups of:

Editing files
Final images
Critical business data

Backups are stored on:

Encrypted local drives
Secure cloud systems (if used)

RAW files are backed up only temporarily and deleted once processing is complete.

9.8 Monitoring & Prevention

We monitor systems to identify unusual behaviour such as:

Multiple failed login attempts
Suspicious IP activity
Bot attacks
Repeated checkout failures
Account misuse
Fraudulent booking patterns

Any threats are dealt with immediately.

9.9 Reporting Security Concerns

If you believe there is a security risk or data issue, you can report it to:

Email: info@lenstwist.com

LensTwist will investigate all reports promptly.

9.10 Data Breach Procedures

In the unlikely event of a data breach, we will:

Investigate the breach immediately
Secure affected systems
Notify impacted clients as soon as possible
Report to the ICO if legally required
Take steps to prevent recurrence

Our goal is to minimise harm and maintain transparency.

10. External Links

The LensTwist Website may contain links to external websites, social media platforms, partner sites, articles, tools or third-party services.

These links are provided for convenience, information and improved client experience.

This section explains how external links work and what responsibilities LensTwist has regarding them.

10.1 Not Responsible for Third-Party Content

LensTwist Photography is not responsible for:

The content of external websites
The accuracy of information on third-party sites
How third-party websites handle your data
Their privacy practices
Their terms, policies or security standards
Any harm caused by clicking external links

Once you leave the LensTwist Website, you are subject to the policies of the other site.

10.2 No Control Over Third-Party Policies

We do not control and cannot guarantee:

How third-party websites collect data
Whether they share data with others
Their cookie practices
Their security measures
How long they store information

You should always review the Privacy Policy and Terms & Conditions of any external website you visit.

10.3 Third-Party Integrations Used by LensTwist

Some external links and tools are integrated into the LensTwist Website, such as:

Stripe, PayPal, Klarna, Clearpay (payments)
Apple Pay & Google Pay
Wix Gallery
Google Maps location links
Instagram & Facebook profiles
Blog article references
Tutorial or informational links

These are necessary for providing photography services, but operate under their own policies.

10.4 Social Media Links

If you click links to:

Instagram
Facebook
TikTok
YouTube

…these platforms may collect data independently.

LensTwist does not control:

Tracking used by social media sites
How they use your profile data
Their advertising algorithms

Your social media interactions are governed by their own privacy rules.

10.5 External Booking or Event Links

Occasionally, LensTwist may share:

Event links
Venue websites
Maps or directions
Local resources
Photography tips or external guides

These are offered purely for convenience.

LensTwist is not responsible for any issues that arise from using these links.

10.6 Referral Links / Partner Links

In rare cases, we may recommend:

Makeup artists
Hair stylists
Venues
Local businesses
Printing services

These are recommendations only, not formal partnerships.

LensTwist is not responsible for:

Their service quality
Their pricing
Their availability
How they use your information

You interact with them at your own discretion.

10.7 Security of External Sites

We cannot guarantee that external sites:

Are free from malware or threats
Use encrypted connections
Follow GDPR
Maintain strong security

Always check the website address and security certificate (HTTPS) before entering personal details.

10.8 Third-Party Changes

External websites may change:

Their URL
Their policies
Their content
Their features
Their availability

LensTwist has no control over such updates.

10.9 Links Do Not Mean Endorsement

Adding a link does not mean LensTwist:

Endorses the content
Approves of the opinions expressed
Guarantees accuracy
Has a partnership with the site

Links are provided only to help or inform clients.

10.10 Client Responsibility

By using external links, you agree that:

You leave the LensTwist Website voluntarily
You understand external sites have different privacy rules
You take responsibility for any data shared on those sites

LensTwist cannot be held liable for actions taken on external platforms.

11. Children’s Privacy

LensTwist Photography takes children’s privacy and safety very seriously.

We follow strict UK GDPR rules regarding the collection, use and protection of personal data belonging to minors.

This section explains how we handle children’s information, how consent works, and what parents need to know when booking sessions involving children.

11.1 Parental/Guardian Consent Required

LensTwist does not photograph minors (under 18) without:

✔ A parent or legal guardian present

and

✔ Explicit verbal or written consent

By booking a session that includes children, the parent/guardian confirms that:

They have the legal right to give consent
All participating minors are allowed to be photographed
They will supervise the children at all times
They understand how photographs will be used

11.2 What Data We Collect From Children

We collect as little data as possible about minors, limited to:

First name or nickname (optional)
Age or approximate age (if relevant for poses)
Photographs taken during the session
Parent/guardian’s name and contact details

We do not collect:

Addresses of children
Personal emails
Phone numbers
Identification documents
Sensitive personal data

Children cannot create accounts on the Website.

11.3 Parental Responsibility During Sessions

To ensure safety:

A parent/guardian must be present at all times
Children must be supervised
Parents must ensure clothing and appearance are appropriate
Parents must help with posing or calming children if needed

LensTwist is not responsible for:

Behavioural issues
Safety risks created by unsupervised children
Uncooperative participants affecting the final results

11.4 Use of Children’s Photos in Portfolio

LensTwist will never post or share images of minors unless:

✔ The parent/guardian gives explicit permission

or

✔ They did not opt out when provided the option

Parents can request removal of images at any time by emailing: info@lenstwist.com

LensTwist will remove the images from all platforms we control.

11.5 Protection of Children’s Data

We protect children’s photos and information through:

Secure encrypted storage
Password-protected galleries
Private delivery links
Limited access (only the photographer)
Strong organisational security measures

No child-related data is shared with third parties unless required to deliver the service (e.g., gallery link to parent).

11.6 Sharing Children’s Data

We only share children’s data with:

Parents or legal guardians
Online gallery systems (for delivery)
Payment processors (parent/guardian only)

We do not share children’s information with:

Advertisers
External platforms
Third parties
Other clients
Social media (unless parent consents)

11.7 Deleting Children’s Data

Parents may request deletion of a child’s:

Gallery
Photos
Session information
Any associated personal details

We will process the deletion within 30 days, except where data must be retained for legal or tax reasons.

11.8 No Direct Marketing to Children

LensTwist does not:

Send marketing emails to minors
Create child accounts
Track children for advertising
Allow minors to sign up independently

All communication is handled exclusively with the parent/guardian.

11.9 Online Safety for Children

LensTwist supports safe online practices.

We encourage parents to:

Keep gallery links private
Download images instead of sharing full gallery access
Monitor social media posts involving children
Avoid including sensitive information in captions
Request privacy settings when needed

11.10 Schools, Events & Group Photography

If photographing events involving groups of children:

Written consent may be required from all guardians
LensTwist may work with organisers for compliance
No photos of unapproved minors will be shared publicly
Individual portrait permissions are verified

We adhere to strict safeguarding guidelines.

12. Changes to This Privacy Policy

LensTwist Photography may update or modify this Privacy Policy from time to time to reflect:

Changes in UK laws or regulatory requirements
Updates to Website features
Improvements to data protection practices
Changes in the services we offer
Updates to booking systems, memberships or payment methods
Security enhancements
Feedback from clients or industry standards

Updates ensure that the policy stays accurate, transparent and fully compliant with UK GDPR.

12.1 How We Notify You

When changes are made:

The “Last updated” date at the top of this Privacy Policy will be revised
Significant updates may be announced on the Website
You may receive an email notification for major changes (where appropriate)

Your continued use of the Website, making bookings or maintaining a membership after policy updates implies acceptance of the new terms.

12.2 Changes Affecting Past Bookings

Policy updates do not affect:

Sessions already completed
Images already delivered
Refund rights already applied
Deposits already paid
Membership cycles already active

Updates apply only to future bookings and data processing, unless required by UK law.

12.3 Your Responsibility

Clients are encouraged to:

Review the Privacy Policy periodically
Stay informed about how their data is used
Contact LensTwist for clarification when needed

We aim to keep the policy easy to understand and accessible at all times.

12.4 Right to Withdraw Consent After Changes

If you disagree with any updates:

You may contact us to withdraw consent for optional data processing
You may request deletion of stored data (if permitted by law)
You may choose not to continue using the Website or services

You always remain in control of your personal information.

13. Contact Information

If you have any questions, requests or concerns about this Privacy Policy, your personal data, or how LensTwist Photography handles your information, you can contact us using the details below.

We aim to respond to all enquiries within 30 days, as required by UK GDPR.

13.1 Data Controller

The Data Controller responsible for handling your personal information is:

LensTwist Photography

Operated by Danut P.

Lincoln, Lincolnshire, United Kingdom

13.2 Contact Email

You can contact us directly at: info@lenstwist.com

This is the primary contact method for:

Privacy requests
Data access requests (SAR)
Data correction requests
Deletion requests
Consent withdrawal
Complaint submissions
Questions about security or data processing

13.3 Website

You may also visit: www.lenstwist.com For:

Booking information
Updates
Terms & Conditions
Service descriptions
Contact forms

13.4 Communication Requirements

For security and verification:

We may request proof of identity before processing data requests
Requests must be made in writing (email is preferred)
We cannot process privacy requests through social media DMs

This ensures full compliance with UK GDPR.

13.5 Complaints to ICO

If you believe your data has been handled improperly and we cannot resolve your concern, you have the right to contact the:

Information Commissioner’s Office (ICO)

Website: www.ico.org.uk

The ICO is the UK authority overseeing data protection rights.

13.6 Trustpilot Reviews

We use Trustpilot to collect and display customer reviews on our website. When you interact with Trustpilot widgets, links, or embedded review sections, Trustpilot may process certain information such as your IP address, device details, browser data, and cookies for security, analytics, and fraud-prevention purposes.

This data is processed under Trustpilot’s own Privacy Policy. You can view how Trustpilot handles personal information by visiting their official website.

Interaction with the Trustpilot platform is voluntary and is not required to use the services provided by LensTwist.

Privacy Policy

Last Updated: 29 November 2025

1. Who We Are

1.1 Purpose of This Privacy Policy

1.2 Commitment to Data Protection

1.3 What This Policy Covers

1.4 Who This Policy Applies To

1.5 Updates to This Privacy Policy

1.6 Contact for Data Protection

2. What Data We Collect

2.1 Information You Provide Directly

✔ Contact Information

✔ Booking & Session Information

✔ Account Information (for clients with accounts)

✔ Communication Data

✔ Payment & Billing Information

✔ Subscription Information (Memberships)

✔ Client Consent & Preferences

2.2 Information Collected Automatically

✔ Device & Browser Information

✔ Website Usage Data

✔ IP Address & Location

2.3 Information Collected Through Cookies

2.4 Information Collected from Photography Sessions

✔ Photographs & Videos (if applicable)

✔ Metadata (Automatic)

2.5 Information from Social Media Interactions

2.6 Information from Third-Party Providers

2.7 Sensitive Information

2.8 Children’s Data

2.9 Optional Information You May Provide

2.10 Data We Do NOT Collect

3. How We Use Your Data

3.1 To Process and Manage Bookings

3.2 To Deliver Membership Services

3.3 To Provide the Photography Service Itself

3.4 To Communicate With You

3.5 To Operate the Website

3.6 To Manage Payments

3.7 To Provide Customer Support

3.8 To Improve Our Services

3.9 For Marketing (Optional)

✔ you subscribed to marketing emails​

✔ you explicitly gave consent

3.10 To Maintain Loyalty Programme

3.11 For Legal, Security & Compliance Reasons

3.12 Photo Usage

3.13 Preventing Misuse & Fraud

3.14 Automated Decisions & Profiling

4. How We Store Your Data

4.1 Storage Locations

✔ LensTwist Website Platform (Wix)

✔ Payment Providers

✔ Email Servers

✔ Online Gallery Platform

✔ Local Encrypted Storage

4.2 Security Measures

✔ Encryption (SSL/TLS)

✔ Encrypted local storage

✔ Access restrictions

✔ Password-protected systems

✔ Two-factor authentication (where supported)

✔ Regular security updates

✔ Secure backup systems

✔ Fraud detection tools

4.3 How Long We Keep Your Data

✔ Booking & Client Records:

✔ Emails & Messages:

✔ Membership Information:

✔ Online Gallery Photos:

✔ RAW Files:

✔ Loyalty Points Data:

✔ Analytics & Cookies:

4.4 Deleting Your Data

4.5 Storage of Photographs

RAW Files:

Edited Images:

Client Responsibility:

4.6 Online Gallery Security

4.7 Transmission of Data

✔ you subscribed to marketing emails