Privacy Policy

Last updated: 16 February 2026

Introduction

Luca Gargiulo Photography ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our photography services, in accordance with the General Data Protection Regulation (GDPR) and Irish data protection law.

We are based in Cork, Ireland. If you have any questions about this Privacy Policy, please contact us at info@lucaphotoart.com.

Information We Collect

We collect information that you provide directly to us, including:

  • Contact Information: Name, email address, phone number, and postal address when you contact us or book our services
  • Event Details: Date, location, type of event, and specific requirements for photography services
  • Payment Information: Processed securely through third-party payment processors (we do not store credit card details)
  • Photographs: Images captured during photography sessions or events
  • Communication Records: Emails, messages, and other correspondence with us
  • Website Usage Data: IP address, browser type, pages visited, and time spent on our website (collected automatically through cookies and analytics)

How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide photography services, schedule sessions, and deliver final images
  • Communication: To respond to inquiries, send booking confirmations, updates, and delivery notifications
  • Payment Processing: To process payments and manage billing
  • Portfolio & Marketing: To showcase our work on our website, social media, and marketing materials (only with your consent or as permitted by contract)
  • Website Improvement: To analyze website usage and improve our online presence
  • Legal Compliance: To comply with legal obligations and protect our rights

Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data on the following legal bases:

  • Contractual Necessity: Processing necessary to fulfill our photography service contract with you
  • Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., using images in our portfolio)
  • Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving our services, preventing fraud)
  • Legal Obligation: Processing necessary to comply with Irish and EU law

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Inquiry Emails (No Booking): Deleted after 6-12 months if no service contract is established
  • Paid Client Contact Information: Retained for 6 years after the service date (required by Irish Revenue for tax compliance and financial record keeping)
  • Photographs: Retained indefinitely as part of our professional archive and portfolio (with your consent as outlined in our service agreement, or unless you request deletion)
  • Website Analytics: Aggregated and anonymized data retained for up to 26 months

Note: The 6-year retention for paid client data is a legal requirement under Irish tax law. Revenue (Ireland's tax authority) can audit financial records up to 6 years back, so we must retain invoices and related contact information for this period.

Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data (subject to legal and contractual obligations)
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us at info@lucaphotoart.com. We will respond within one month.

Data Sharing and Third Parties

We may share your information with the following third parties:

  • Cloud Storage Providers: For secure storage of photographs and data
  • Content Management System: Sanity CMS for website content management
  • Payment Processors: For secure payment processing (e.g., Stripe, PayPal)
  • Email Service Providers: For sending communications
  • Analytics Providers: For website analytics (data is anonymized where possible)

We ensure all third-party providers comply with GDPR and have appropriate data protection measures in place. We do not sell your personal data to third parties.

Cookies

Our website uses cookies to enhance your browsing experience and analyze website traffic. Cookies are small text files stored on your device. You can control cookies through your browser settings. For more information about the cookies we use, please see our Cookie Policy or contact us.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction. This includes encryption, secure servers, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

International Data Transfers

Some of our third-party service providers may be located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data.

Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete it. If photographs of minors are taken during events, we rely on parental/guardian consent.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically. Continued use of our services after changes indicates acceptance of the updated policy.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC):

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Phone: +353 (0)761 104 800
Email: info@dataprotection.ie
Website: www.dataprotection.ie

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Luca Gargiulo Photography
Cork, Ireland
Email: info@lucaphotoart.com