Legal
Privacy Policy
Last updated: April 2026
This policy explains how Jonny Evans Photography ("we", "us") collects, uses, and protects your personal data when you visit jonnyevansfoto.com or make a purchase. We are committed to handling your data responsibly and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
The data controller is Jonny Evans, trading as Jonny Evans Photography. If you have any questions about this policy or how your data is used, please contact us:
2. Data We Collect
We only collect data that is necessary for the purposes described in this policy. We collect personal data through the following channels:
Contact Form
When you submit our contact form, we collect your name, email address, subject, and message. This data is transmitted via Resend (our email delivery provider) and forwarded directly to our inbox. We do not store contact form submissions in a database.
Stripe Checkout
When you purchase a print, you are redirected to Stripe's secure checkout. Stripe collects your name, email address, payment card details, and shipping address on our behalf. We receive confirmation of the order and the shipping address necessary to fulfil it. We do not store or have access to your payment card details at any point — these are handled entirely by Stripe.
Newsletter Sign-Up
If you subscribe to our newsletter, we collect your email address only. This is used solely to send you updates about new work, collections, and limited edition releases. You can unsubscribe at any time using the link in any newsletter email.
Website Analytics
We use Vercel Analytics to understand how visitors use our website. This collects anonymous, aggregated data about page views and traffic patterns. No personally identifiable information is collected, and no cookies are used for analytics purposes.
3. Legal Basis for Processing
Under UK GDPR, we process your personal data on the following legal bases:
- Contract — when you make a purchase, we process your name and shipping address to fulfil your order.
- Legitimate interests — we process contact form submissions to respond to your enquiry.
- Consent — we process your email address for newsletter communications only where you have opted in. You may withdraw consent at any time.
4. How We Use Your Data
- To respond to enquiries submitted via the contact form.
- To process and fulfil print orders, including communicating order status and arranging delivery.
- To send newsletter updates where you have given consent.
- To understand how our website is used and improve the visitor experience (anonymous analytics only).
We will never sell, rent, or share your personal data with third parties for marketing purposes.
5. Third-Party Processors
We use a small number of trusted third-party services to operate our website. Each acts as a data processor on our behalf and is bound by appropriate data protection agreements:
Prodigi
Print fulfilment
Receives your name, shipping address, and print file to manufacture and dispatch your order. Prodigi dispatches directly to you from their facility. Data is processed under a data processing agreement and may be handled in the UK and EU.
Privacy policy →Stripe
Payment processing
Handles all payment card data. PCI-DSS Level 1 certified. Data may be processed in the US and EU.
Privacy policy →Resend
Email delivery
Transmits contact form submissions to our inbox. No data is stored beyond transmission.
Privacy policy →Vercel
Website hosting & analytics
Hosts this website and provides anonymous analytics. Data processed in the US under Standard Contractual Clauses.
Privacy policy →Sanity
Content management
Stores website content (images, print details). Does not process visitor personal data.
Privacy policy →Google Fonts
Typography
Serves web fonts. Google may log font request metadata; no personal data is shared by us.
Privacy policy →6. Data Retention
We retain your personal data only for as long as necessary:
- Contact form submissions: retained in our email inbox for up to 2 years, then deleted.
- Order data (name, shipping address): retained for 7 years to comply with UK tax and accounting obligations.
- Newsletter email addresses: retained until you unsubscribe, after which they are deleted within 30 days.
- Analytics data: anonymous and aggregated — no retention limit applies.
7. Your Rights
Under UK GDPR you have the following rights regarding your personal data:
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate data.
- Right to erasure — you can ask us to delete your data where there is no lawful reason to retain it.
- Right to restrict processing — you can ask us to limit how we use your data.
- Right to data portability — you can request your data in a commonly used, machine-readable format.
- Right to object — you can object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent (e.g. newsletter), you may withdraw it at any time.
To exercise any of these rights, please contact us at jonnyevans@jonnyevansfoto.com. We will respond within 30 days.
8. Right to Complain
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK's data protection regulator:
We would, however, always welcome the opportunity to resolve any concern directly before you approach the ICO.
9. Cookies
This website does not use cookies for advertising or tracking purposes. Vercel Analytics operates without cookies. Stripe may set cookies during the checkout process on their own domain — this is governed by Stripe's privacy policy.
10. Changes to This Policy
We may update this policy from time to time. The date at the top of this page reflects when it was last revised. Continued use of the website after any changes constitutes acceptance of the updated policy.