Privacy Notice


As a small business, our reputation is extremely important to us, and maintaining the trust and confidence of visitors to our website is key. Any personal data shared with us will not under any circumstance be sold or leased to other organisations and as a business, we will only work with companies that are compliant with the new GDPR that comes into effect on the 25th of May 2018.  If you would like to find out further information on the General Data Protection Regulation please visit the ICO's website 

The following privacy notice will provide you with detailed information on how we collect and process personal data through your use of this website

It is important that you read this notice prior to providing your data and by providing us with your data, you represent and warrant to us that you are over 13 years of age. 

1. Who is collecting your data?

The data controller of your data will be Louise Mallan trading under the name Louise Mallan Photography.

Email: [email protected]

Address: 5 Laurel Gait, Cambuslang, Glasgow, G72 7BE

Telephone: 07547682880

It is important that the personal information we hold is as accurate. Please get in touch if your personal data changes by emailing [email protected] or logging into your account via the login button on our website

2. How is your personal data collected?

Information is collected about you through your direct input into a number of available web forms and through email communication. These web forms include but are not exclusive to

  • Contact Me
  • Account Management
  • Order Processing/Shopping Cart
  • Contract Fulfilment
  • Model Release
  • Terms and Conditions

Additionally, the website automatically stores personal data via cookies and other web technologies. To find out more information regarding our cookie policy please visit section 11 below or please visit our cookie policy 

Our website also utilises Google Analytics to collect standard usage information and details of behaviour patterns. We use this service to find out about the number of visitors to pages of our site. We have configured our site communication with Google Analytics to prevent the identity of individuals visiting our site from being disclosed to Google or us.

3. What data is being collected and what is the legal basis for processing that data?

We may process the personal data you provide us in a number of ways, how we use that and our lawful grounds for doing so is listed in the tables below:


What this Includes How we use it
Any electronic correspondence via web forms, email, social networking, text, instant messaging and any other available communication that you may send to us We process this information to allow us to communicate with you, for record keeping and for establishing evidence should there be a need to pursue or defend a legal claim.
Lawful grounds for processing: Legitimate Interest

Customer Details and Purchasing Information

What this Includes How we use it
Any information related to purchasing of products and/or services, model releases, and contracts may include the following

  • Name
  • Billing address
  • Delivery address
  • Email address
  • Phone number
  • Purchase history
  • Bank transaction references
  • Photographs
We process this information to allow us to fulfil our contract with you and for record keeping of the transactions.
Lawful grounds for processing: Contract

Browser Information and how you use oUr website

What this Includes How we use it
Through visiting our website, we automatically store information about your

  • Device
  • Operating system
  • Browser 
  • IP address
We process this information to ensure the security of our site by monitoring normal and malicious use, we also process this information to allow us to analyse the usage of our site in order to support the browser, operating systems and devices using it.

We record page views, page visits, navigation paths and the actions you take.

We process this information from our site and our website analytics source. This data allows us to make improvements to our site navigation, functionality and the content delivered.
Lawful grounds for processing: Legitimate Interest

Marketing Information

What this Includes How we use it
Any information related to marketing

  • Name
  • Email Address
  • Marketing Preferences
We process this information in accordance with the Privacy and Electronic Communication Regulations in conjunction with the General Data Protection Regulations see section 4 of this privacy notice, we may process this data for promotions, competitions, prize give-aways.
Lawful grounds for processing:Consent or Legitimate Interest

Sensitive Data

We do not collect sensitive data. If you would like to find out more about what the GDPR defines as sensitive data please visit the ICO's key definitions page

Automated Decision Making

We do not have any systems in place that would make automated decisions.

Legal Obligations

Where legally obligated or permitted by law to do so we may process your data without your knowledge or consent.

4. Will I receive any marketing?

We are not in the habit of spamming or pestering people but from time to time in the name of growing our business we may use your personal data to send you marketing communications when you have given consent to do so (Opted in to receive marketing) or under the lawful grounds of legitimate interest (You have requested information on a service/product or made a purchase).  These lawful grounds for processing are covered by the Privacy and Electronic Communications Regulations (PECR) and the GDPR.

If at any point you wish to opt-out of our marketing communications you have that right, this can be achieved by emailing [email protected] or by clicking the available opt out button on the marketing communication you received. Opting out of marketing communications will not apply to personal data held in relation to other business transactions such as purchasing or photo sessions.

5. Who will your data be shared with?

To function as a business it is necessary for us to share your data with other organisations. We will only transfer data to other organisations when necessary for a specific purpose. Those organisation themselves must be compliant with the data protection laws and only process this data in accordance with our instructions.

Set out below are the types of organisations that we may have to share your personal data with:

  • Web Hosting Service Provider (UK)
  • Email Service Provider (UK)
  • Email Marketing Service Provider (US)
  • Website Analytics Service Provider (US)
  • Payment Collection Service Provider (EU)
  • Photo Printing Service Provider (UK)
  • Customer Data Transfer Service Provider (EU)
  • Data Storage Provider (EU)
  • Government bodies (UK)

6. Will your data be transferred outside of Europe?

To ensure the protection of your personal data the GDPR places restrictions on the transfer of that data outside of the European Economic Area (EEA). Those restrictions have been implemented to ensure the same level of protection for your data outside of the EEA. 

We will only share your personal data with companies, organisation and service providers outside of the EEA where

  • they reside in a country that has been approved by the European Commission (EC).
  • they offer a contractual agreement or certification that has been approved by the EC to offer a similar level of data security
  • they are based in the US and are part of the EU-US Privacy shield.
Our business does utilise a small number of service providers that are based outwith the EEA, These companies are US based providers who have the approved level of protection with adequate safeguards in place and are a part of the EU-US Privacy Shield thus meeting GDPR requirements that allow data to be transferred.

7. What security precautions are in place?

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.  All processing partners must keep your personal data confidential.

In the event of a suspected personal data breach, processes have been developed to ensure that you and the relevant authorities (Information Commissioners Office) will be notified as we are legally required to do so.

8. How long will your data be retained?

We will only retain your information for as long as necessary to fulfil the purposes set out in this section 2 of this privacy notice. This will include any reporting needs, accounting and legal obligations (For example, tax and revenue laws require me to keep basic customer information for a period of six years)

9. What are your legal rights?

Under the GDPR (General Data Protection Regulation) you as an individual have rights in relation to the personal data we process. These include the right to request access, rectification, erasure, restrict processing, data portability and object (where the lawful basis for processing is consent).

You can find out further information regarding these rights at

If you wish to exercise any of the rights set out above, please email your request to [email protected]

In most case we will not charge for a data subject request however If your request is repetitive, manifestly unfounded or excessive, we may request an administrative fee to process your request or refuse to deal with that request.

If a data subject request is submitted it will be necessary to request proof of identification from the individual before considering that request, this ensures the security of data we control to prevent disclosure of information to unauthorised individuals.

When a data subject request is made we will respond within one month of that request. In situations where there are multiple requests from the same individual or complex request, we may extend the time for response by a further two months as per the ICO's guidance. If we extend the response duration we will notify the individual requesting the reasons for this extension.

If you are unhappy with the way that we have collected or processed your personal data you reserve the right to make a complaint with the ICO (Information Commissioners Office). The ICO is the UK’s independent authority set up to uphold information rights in the public interest and data privacy for individuals. Before contacting the ICO we would be grateful if you could contact me in the first instance to allow me to resolve the issue for you. If you still wish to proceed please visit the ICO's website at

10. Does this website have links to other websites?

Our website may contain links to our social accounts and/or other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. We recommend that you read the privacy notice of each website you visit.

11. What cookies does this website have?

For information about the cookies we use please visit If you would like to block cookies, you can do so via the settings of your browser. If you choose to disable or refuse cookies some areas of this website may not function or be inaccessible.

We will review our privacy notice from time to time as we may be required by law. If we do we will keep a record below

  • Version: 2.1 Effective From: 02 January 2023
Loading More Photos
Scroll To Top
Close Window