top of page

GDPR‑compliant privacy policy

Effective date: 1 Jan 2025

List last reviewed: 19 April 2025.

1. Introduction

O|Brand Photography ("O|Brand", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose and safeguard the information you provide when you visit https://www.o-brand.com (the "Site") or engage our photography and related services (the "Services").

This Policy is drafted to comply with the EU General Data Protection Regulation ("GDPR") and other applicable privacy laws. Please read it carefully to understand our practices.

2. Who is the data controller?

If you have questions about this Policy or how we handle your personal data, please contact us at the email address above.

3. Personal data we collect

We collect three broad categories of personal information:

A) Information you provide to us (directly)


Examples include your first and last name, email address, telephone number, postal address, company name and role, the messages you write in our contact or booking forms, answers to pre‑shoot questionnaires, payment or invoicing details, and any photographs or video recordings in which you appear.
We receive this data when you:

  • complete a form on the Site;

  • schedule or purchase a photo session;

  • communicate with us by email, phone or social media; or

  • take part in a shoot or other Service we deliver.

B) Information we collect automatically (via technology)


When you browse the Site, we automatically log certain technical details such as: IP address, device type and operating system, browser type and language, referring URL, pages you visit, the date/time and length of your visit, click‑stream actions and unique cookie identifiers. This information is gathered by cookies, pixels, server logs and similar tools so we can secure and improve the Site.

C) Information we receive from third parties


We may obtain limited data from trusted partners, for example:

  • aggregated usage statistics from analytics providers (e.g., Google Analytics);

  • payment confirmation and fraud‑prevention signals from our payment processor;

  • basic profile information when you engage with us on social‑media platforms.

We do not intentionally collect personal data about children under 16. If we discover that we have done so, we will delete it promptly.

4. Why we process your data (Purposes & Legal Bases)

We process personal data only when we have a lawful basis under the GDPR:

  1. Responding to enquiries, scheduling consultations and handling bookings – necessary to enter into or perform our contract with you (Article 6 (1)(b)).

  2. Delivering photography, retouching and other agreed Services – performance of a contract (Article 6 (1)(b)).

  3. Processing payments and issuing invoices – performance of a contract and compliance with Dutch accounting laws (Article 6 (1)(c)).

  4. Operating, securing and improving our Site and Services – our legitimate interest in running and developing our business (Article 6 (1)(f)).

  5. Sending service‑related or marketing communications (e.g., news, offers, updates) – your explicit consent (Article 6 (1)(a)). You may withdraw consent at any time.

  6. Complying with other legal or tax obligations – necessary to meet statutory requirements (Article 6 (1)(c)).

  7. Protecting our rights, preventing fraud and resolving disputes – our legitimate interest in safeguarding our operations (Article 6 (1)(f)).

5. Cookies & tracking technologies

You can control cookies through your browser settings and (where required) via our cookie banner. ​

This section explains what cookies and similar technologies are, which ones we use, the legal bases that allow us to place them, and how you can control them.

5.1 What are cookies?

Cookies are small text files that your browser stores on your device when you visit a website. They enable the website to recognise your device, remember your actions and preferences, and can be used for security, analytics or advertising.

We also use related technologies - such as HTML5 local storage, pixels, server‑side logs and JavaScript identifiers - which work in a comparable way. For simplicity we refer to all of these as “cookies”.

5.2 Why we use cookies

We set first‑party cookies (served by o‑brand.com) and allow selected third parties to set cookies on our Site to:

  • Ensure basic functionality and security (e.g., load pages, keep you logged in, protect against malicious activity);

  • Remember your preferences (e.g., language, cookie choices);

  • Measure Site traffic and performance so we can improve our Services; and

  • Deliver and measure marketing or social‑media features (e.g., Facebook Pixel).

5.3 Categories of cookies

We group the cookies we use into four categories:

• Strictly necessary – Core functions such as page loading, network management, security and accessibility. These cookies are always active and may be set before consent because they are essential to operate the Site.

• Functional / preference – Remember choices (e.g., language, cookie banner decision) or personalise content. These are set only after you have given consent.

• Analytics / performance – Help us understand how visitors use the Site by collecting aggregated, anonymous statistics (for example, which pages are visited most often). Set only after consent.

• Marketing & social‑media – Track visitors across websites so we (or selected third parties) can display relevant ads or enable social‑sharing widgets. Set only after consent.

5.4 Cookie list (illustrative)​

 

Below is an overview of the main cookies that may be stored on your device when you visit o‑brand.com. Names and durations can vary if providers update their technology.

• cookie_consent – o‑brand.com
 Stores your cookie‑consent state so we do not ask you again on every page (expires after 1 year). Category: strictly necessary.

• _ga – Google Analytics
 Generates statistical data on how you use the Site (expires after 13 months). Category: analytics.

• _ga_ – Google Analytics*
 Continues to distinguish users across sessions (expires after 13 months). Category: analytics.

• _fbp – Meta / Facebook
 Helps deliver targeted advertisements and measure their effectiveness (expires after 3 months). Category: marketing.

List last reviewed: 19 April 2025.

5.5 Legal bases for using cookies

  • Strictly necessary cookies – processed under our legitimate interest in providing a functional, secure website (Article 6 (1)(f) GDPR).

  • All other cookies – processed only with your explicit, granular consent (Article 6 (1)(a) GDPR), collected via our cookie banner. You may withdraw consent at any time.

5.6 How to manage cookies

When you first visit the Site, a banner lets you accept or reject non‑essential cookies and provides detailed controls. You can revisit these settings at any time by clicking the “Cookie settings” link in the footer.

Most web browsers also allow you to block or delete cookies entirely through their settings. Please note that blocking strictly necessary cookies may impair core Site functionality.

5.7 Changes to this cookies section

We may amend this section to reflect changes in legislation, technology or our business practices. Any updates will appear here with a new "last revised" date.

6. How we share your data

We share personal data only when necessary and in accordance with this Policy:

  • Service providers (e.g., website hosting, booking platform, email service, payment processor, cloud storage, CRM, analytics).

  • Professional advisers (accountants, lawyers, insurers) bound by confidentiality.

  • Authorities when legally required (e.g., tax authorities, courts, law‑enforcement).

We do not sell or rent your personal data.

7. International data transfers

Some service providers may operate outside the European Economic Area ("EEA"). When we transfer personal data internationally, we rely on:

  • An adequacy decision by the European Commission; or

  • Standard Contractual Clauses (SCCs) or other approved safeguards to ensure your data remains protected.

8. Data retention

We keep your personal data only as long as necessary for the purposes set out above, including:

  • Client files & images: up to 10 years after the last interaction (unless you request deletion sooner, subject to legal exceptions).

  • Financial records: 7 years (Dutch tax law requirement).

  • Marketing data: until you withdraw consent or we determine it is outdated.

We regularly review retention periods and delete or anonymise data when it is no longer needed.

9. Your rights (GDPR)

You have the right to:

  1. Access your personal data.

  2. Rectify inaccurate or incomplete data.

  3. Erase your data ("right to be forgotten").

  4. Restrict processing in certain circumstances.

  5. Object to processing based on legitimate interests or direct marketing.

  6. Data portability – receive your data in a structured, machine‑readable format.

  7. Withdraw consent at any time where processing is based on consent.

  8. Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have infringed your rights.

10. Exercising your rights

To exercise any of the rights above, please contact us at info@o-brand.com. We may need to verify your identity. We will respond within one month (extendable by two months for complex requests).

11. Security measures

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (HTTPS), access controls, secure backups and regular security reviews. No system is 100% secure; therefore, we cannot guarantee absolute security.

12. Third‑party links

The Site may contain links to third‑party websites or plugins. We do not control those sites and are not responsible for their privacy practices. We recommend you read their privacy policies before providing any personal information.

13. Changes to this Privacy Policy

We may update this Policy occasionally. We will post the new version on this page and, where appropriate, notify you by email. Please review this page periodically. The "Effective date" at the top indicates when this Policy was last revised.

14. Contact us

If you have any questions about this Policy or how we process your personal data, please contact:

Ol Brand Photography
Amstelveen, the Netherlands
Email: info@o-brand.com

Thank you for trusting Ol Brand with your personal data.

bottom of page