Who we are
Our website address is: jimgregory.nl
What personal data we collect and why we collect it
Contact Forms
When visitors fill out the contact form, we collect the data shown in the form, and also the visitor’s IP address to help with spam detection.
Cookies
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks or until your cookies are cleared in some other manner. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Profile information
When members fill in profile data, that data is typically visible publicly on their user profile. Any information we collect about you in this way shall be used in a manner in keeping with the spirit in which the information was provided. For example, if you enter biographical information about yourself on your profile, that information shall be displayed to other users when they visit your profile.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
How long we retain your data
For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
IP addresses that have been stored as part of site usage (rather than as part of the meta data of a comment) are kept for a period of 3 months and then discarded. This is to help us with spam, harassment and fraud prevention.
If you choose to delete your user account, messages that you have sent will remain on the site. This includes messages posted publicly, such as in forums or on news posts. This is similar to how sending an email cannot be undone; the recipient of the message may keep it for reference or conversational continuity. This includes messages left on articles, in direct messages and in forums.
Notes made by staff in a user's moderation/customer service log may be kept indefinitely.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
We do not view messages you have left for other users, such as comments, as personal information; however, your name may be removed from comments if you have also closed your user account with which you made those comments (if any.)
Who we share your data with
Jim Gregory photography staff members, such as administrators and moderators, can view data you provide to us or post on the site. Private information is held in confidence and not discussed outside of the staff.
We never sell or trade your information to third-parties.
In the few and rare cases where information is shared with third parties, it is with the understanding that that information be used solely to assist us in providing you with the services associated with Jim Gregory photography. See "where we send your data" below for more on this topic.
Where we send your data
Your contact information
On rare occasions, we may use your provided contact information (email) to contact you off-site. This includes "transactional" messages (such as receipts,) and questions or notices regarding your account.
If you've entered links to social media sites on your public profile, site visitors may be able to find and contact you on those sites. Please use your best judgement about whether or not you wish to publicly share contact information.
Additional information
How we protect your data
Securing a website requires many different types of threats to be minimized and prepared for. This includes securing the website code, the server that the website is hosted on, and the transfer of data between the user's access device and our service. It also includes having appropriate data-handling policies in place and a culture of security for staff that must handle user data. We've made efforts to address all of these areas, and continue to educate ourselves on evolving best-practices and update our procedures or code accordingly.
All connections to the site are done via https:// with a valid third party SSL certificate to prevent attackers from "listening in" or changing data as it is sent between your computer and our server, and vice versa.
All passwords are stored using one-way encryption; not even the staff here at Jim Gregory photography can see your password. In addition, access to even the encrypted passwords is restricted to a very small number of staff members whose jobs absolutely require interacting with the database.
Our customer service procedures are written to require that when someone contacts us about an account, we may only discuss account information or provide password resets or other assistance with the email address associated with the account. If for some reason this is not possible, then other methods of identification must be provided. Simply telling us you no longer have access to your email account is insufficient, as anyone could tell us this. If a member is requesting assistance changing the email associated with their account, we will email the old email address first, in addition to asking for other methods of identification.
We keep our underlying software updated with all necessary security patches.
We have worked with the hosting company that owns the server that Jim Gregory photography is hosted on to ensure that our hosting server has been properly hardened against attackers, and have received assurances that if a security breach occurs on their end we will be immediately notified.
In addition to our continued efforts to keep the site safe and secure, we urge our users to make use of good password hygiene practices, including not re-using passwords between different sites or accounts. This is one of the most important steps an individual can take to avoid losing control of more sensitive accounts, such as email and banking.
What data breach procedures we have in place
If we discover or suspect that a data breach has taken place, we will notify all potentially affected users as soon as possible, and no later than 24 hours after becoming aware of the data breach. This will allow potentially affected users to take immediate action to protect themselves such as by changing their passwords on any other site where they re-used their Jim Gregory photography password.
We will thoroughly investigate the breach or potential breach, and provide further updates to affected members should any new information of relevance come to light. We will also take corrective action to prevent a similar breach from re-occurring. However, these remedies will not delay our initial alert to members.
If we have a reason to suspect that an individual account has been compromised on the user's end (ex. having your laptop that was logged into our service stolen, having your password known or guessed by a jealous ex) we may initiate a password reset and contact the account owner.
What automated decision making and/or profiling we do with user data
Industry regulatory disclosure requirements
Thanks to Infinite Synergy Solutions for their help in drafting these disclosures and policies.