Privacy Policy

Last updated: 04 October 2025

This Privacy Policy explains how Attila Prester operating through attilaprester.com and related services (collectively, the “Website”) collects, uses, discloses, and protects your personal data. It also explains the choices you have and your legal rights. We use UK English spelling throughout.

If you have any questions or wish to exercise your rights, contact us at privacy@attilaprester.com.

1. Who we are and how to contact us

Data Controller: Attila Prester
Email: privacy@attilaprester.com

This Website showcases fine art photography, a journal, and an online print store. We may also provide contact forms for commissions and licensing, and optional newsletters.

We process your personal data under the UK GDPR and the Data Protection Act 2018. Where we serve individuals in the EEA, we also comply with the EU GDPR as applicable. If you are located elsewhere, we will process your data according to applicable local laws.

If you are in the EEA and wish to contact us about your data, you may do so using the details above. If we begin to target or regularly serve individuals in the EEA, we will appoint an EU Representative under Article 27 GDPR and publish their contact details here.

2. What we collect

We collect personal data in the following categories:

2.1 Information you provide to us

  • Contact details: name, email address, phone number, and message content sent via forms or email.

  • Account details: if the store or client area offers registration, we collect login credentials and profile information.

  • Order and fulfilment data: billing and shipping addresses, order contents, purchase history, and any delivery instructions.

  • Licensing and commissions: details necessary to evaluate or deliver a commission, including brief, reference materials, contract terms, invoicing data, and correspondence.

  • Consent and permissions: model releases, location releases, and any written permissions relating to identifiable individuals in photographs when applicable.

  • User-generated content: comments on the journal, testimonials, or files you upload or send to us.

  • Newsletter preferences: your subscription status and marketing preferences.

2.2 Information we collect automatically

  • Usage data: IP address, device and browser type, pages viewed, referring URLs, session duration, and interactions with page elements.

  • Cookies and similar technologies: identifiers that help us remember your preferences, maintain sessions, provide essential store functions, measure audience, and understand performance. See Section 10 for details.

2.3 Information from third parties

  • Payment providers: limited transaction information for fraud prevention and reconciliation. We do not receive or store your full payment card details.

  • Fulfilment and shipping partners: delivery status and logistics information related to your orders.

  • Analytics and social media tools: aggregated statistics and, where applicable, anonymised or pseudonymised audience data.

3. Why we process your data and legal bases

We process personal data under the UK GDPR and the Data Protection Act 2018. Where we serve individuals in the EEA, we also comply with the EU GDPR as applicable. Below are the purposes for which we process personal data and the corresponding legal bases.

Provide the Website and store
We operate and secure the Website, enable browsing, store preferences, maintain sessions, and process shopping baskets and checkouts.
Legal basis: performance of a contract or steps prior to entering a contract, and our legitimate interests in running a secure and available service.

Communicate with you
We respond to enquiries, arrange shoots, provide customer support, and manage your requests.
Legal basis: performance of a contract or steps prior to contract, and our legitimate interests in responding efficiently.

Payments and fulfilment
We process orders, coordinate printing, framing and delivery, handle returns, and keep transaction records.
Legal basis: performance of a contract and legal obligations for accounting and tax.

Commissions and licensing
We evaluate briefs, create and deliver commissioned work, manage usage rights, and administer agreements.
Legal basis: performance of a contract and our legitimate interests in managing our business and protecting our rights.

Photography that features people
We may create and publish images that incidentally or directly include identifiable people. See Section 3.1 for details.
Legal basis: our legitimate interests to create, exhibit and sell artistic works, and consent where required by law, venue policy, contract, or the nature of the use.

Marketing
We send newsletters and updates about exhibitions, releases, and services.
Legal basis: consent for email marketing, or in the UK the soft opt-in for existing customers where permitted. EEA residents will receive marketing only with consent unless a similar local exemption clearly applies. You can opt out at any time.

Analytics and improvement
We measure performance, diagnose issues, and improve content and usability.
Legal basis: our legitimate interests in understanding and improving our services.

Security and fraud prevention
We monitor for abuse, protect accounts and payments, and investigate suspected fraud.
Legal basis: our legitimate interests in keeping the service secure and, where applicable, legal obligations.

Legal compliance
We retain records and respond to lawful requests from authorities.
Legal basis: legal obligations.

Special category data
We do not intentionally collect special category data such as health or religion. We do not use images for biometric identification. If information of this nature is incidentally captured through our work, we rely on appropriate GDPR conditions and, where applicable, the artistic exemptions under the UK Data Protection Act 2018. We assess any objections case by case.

Soft opt-in for existing UK customers
Where UK law allows, if you buy from us or enter negotiations for a purchase, we may email you about our own similar products or services, provided you were given a clear opportunity to opt out at the time your details were collected and in every message. You can opt out at any time. For EEA residents we obtain consent before sending marketing emails unless a similar local exemption clearly applies.

Balancing test for legitimate interests
When we rely on legitimate interests, we assess and balance those interests against your rights and expectations. You have the right to object at any time. See Section 8 for how to exercise your rights.

3.1 About photography of individuals

We may create and publish images that incidentally or directly include identifiable people. The typical legal basis is legitimate interests to create, exhibit, and sell artistic works balanced against the rights and expectations of individuals. Where required by law, venue policy, contractual obligation, or the nature of the use, we will seek consent or a model release. You have the right to object to processing based on legitimate interests. See Section 8.

We do not use biometric identification or facial recognition for automated decision-making. We apply a legitimate interests balancing test and respect the UK Data Protection Act 2018 exemptions for artistic purposes where applicable. You can object to publication or request review using the contact details in Section 20.

4. Children

Our services are not directed to children under 13 in the UK. For EEA visitors, where we rely on consent for online services offered directly to a child, we will obtain consent from a parent or guardian if required by local law (member-state age thresholds vary between 13 and 16).

We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without appropriate consent, contact privacy@attilaprester.com and we will take appropriate steps.

5. Sharing your data

We share personal data only as needed for the purposes described:

  • Service providers and processors: hosting, content delivery networks, email and newsletter platforms, e-commerce platforms, payment providers, printing laboratories, framing and fulfilment partners, couriers, customer support tools, analytics providers, and backup services. These parties act under instructions and appropriate contracts.

  • Professional advisers: accountants, legal counsel, and auditors bound by confidentiality.

  • Third party platforms you select: for example, if you choose to log in with a social platform or to share content via your social profile.

  • Legal and compliance: to comply with law, court orders, or lawful requests by public authorities, or to protect our rights, users, or others.

  • Business or asset transfers: If we sell or transfer all or part of our assets (for example, the Website, the online store, or the photographic archive), personal data relevant to those assets may be transferred to the new controller in accordance with applicable law. The new controller may use your data only for the same purposes unless you are notified otherwise and given any required choices.

We do not sell personal data.

6. International data transfers

We are based in the United Kingdom, and our service providers may operate in the UK, the EEA, the United States, or other countries. When personal data is transferred outside the UK, we use safeguards recognised by UK law, such as the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and supplementary measures where needed. For EEA transfers, we use the EU Standard Contractual Clauses and supplementary measures where needed. Where our US providers participate in the EU-US Data Privacy Framework and the UK Extension, we may rely on those frameworks for eligible transfers.

7. Retention

We keep personal data only as long as necessary for the purposes described, and to meet legal, accounting, or reporting obligations.

Typical retention periods:

  • Orders and invoices: generally 6 years to satisfy UK tax and accounting requirements, or longer where required (for example for VAT records or to establish, exercise, or defend legal claims).

  • Client and licensing records: for the duration of the relationship plus up to 6 years, or longer where required to protect or exercise legal rights.

  • Portfolio and archival images: retained indefinitely as part of our artistic archive, unless you successfully exercise the right to erasure or objection and no overriding grounds exist.

  • Marketing data: until you withdraw consent or opt out, after which we keep a minimal suppression record to respect your choice.

  • Website logs and analytics: generally 6 to 24 months, aggregated or anonymised thereafter.

8. Your rights

Depending on your location, you have the following rights:

  • Access: obtain a copy of your personal data.

  • Rectification: correct inaccurate or incomplete data.

  • Erasure: request deletion where the data is no longer needed, you withdraw consent, or processing is unlawful.

  • Restriction: limit processing in certain cases.

  • Portability: receive data you provided in a structured, commonly used, machine-readable format and request transfer to another controller where technically feasible.

  • Object: object to processing based on legitimate interests, including photography that features you, direct marketing, or profiling related to direct marketing.

  • Withdraw consent: where processing is based on consent, you can withdraw it at any time.

  • Lodge a complaint: with your local supervisory authority. In the UK this is the Information Commissioner’s Office (ICO). Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline: +44 303 123 1113. Website: ico.org.uk.

To make a request, email privacy@attilaprester.com. We may ask for information to verify your identity. We will respond without undue delay and in any event within one month of receipt of a valid request, extendable as permitted by law for complex requests.

9. Marketing communications

You can subscribe to newsletters or updates. We send marketing communications with your consent, or where permitted based on an existing customer relationship. You can opt out at any time by using the unsubscribe link in our emails or by emailing privacy@attilaprester.com. Opting out does not affect service messages such as order confirmations or essential notices.

Marketing communications
When you subscribe through the Website, you are giving consent to receive email updates about my photography, stories, and new work for sale. Your email address will be added to my marketing list for this purpose.

You can unsubscribe at any time by using the link in any email or by contacting privacy@attilaprester.com.

I do not share your email address with third parties for their own marketing.

10. Cookies and similar technologies

We use cookies and similar technologies for the following purposes:

  • Strictly necessary: required for site operation, security, and shopping cart functions.

  • Preferences: remember choices such as language and cookie settings.

  • Performance and analytics: understand how visitors use the Website to improve content and usability.

  • Marketing: measure the effectiveness of campaigns and, where used, deliver more relevant content on our site and on third-party platforms.

You can manage your preferences through your browser settings and, where implemented, through our on-site cookie banner or a Cookie Settings link. Blocking some cookies may impact the functionality of the Website. For mobile applications or embedded browsers, consult the device or app settings.

We will not set non-essential cookies (for example analytics or marketing) until you provide consent through our cookie banner. You can withdraw consent at any time via the Cookie Settings link. We honour cookie choices as required by UK law, including PECR and the UK GDPR, and for EEA visitors as required by the EU ePrivacy rules and GDPR. Do Not Track signals are not yet standardised so the Website may not respond to them.

11. Payments

We use third party payment providers to process transactions. Your payment card details are transmitted securely to the provider and are not stored on our servers. The provider acts as an independent controller for payment processing and fraud prevention. Please review the privacy policy of your chosen payment provider during checkout.

Our payment processors act as independent controllers for UK payments compliance, including fraud prevention and obligations under the Payment Services Regulations 2017.Our providers are expected to comply with PCI-DSS and UK Strong Customer Authentication requirements under the Payment Services Regulations 2017.

12. Print, framing, and shipping fulfilment

If you order physical products, we share only the data necessary to fulfil your order with trusted partners, such as printing laboratories, framers, and couriers. These partners use the data solely to produce and deliver your order and are required to protect it appropriately.

13. Social media, embeds, and external links

The Website may include social sharing buttons, embedded content, and links to external sites. Interactions with these features are governed by the privacy policies of the third parties providing them. We encourage you to review those policies before interacting. We are not responsible for the privacy practices of external sites.

14. EXIF metadata and image submissions

Images may contain EXIF or similar metadata, such as date, time, and location information. Before uploading or sending images to us, consider removing metadata if you do not wish to share it. If we publish images you submit, we may strip or preserve metadata depending on editorial and technical needs.

15. Client responsibilities when sharing third party data

If you provide us with personal data about other individuals, including names, contact details, or reference photos, you must ensure you have a lawful basis to share that data with us and that the individuals have been informed where required. You remain responsible for the legality of the data you provide.

16. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Measures include encryption in transit, access controls, authentication practices, regular updates, and backup procedures. No method of transmission or storage is entirely secure, so we cannot guarantee absolute security. We apply appropriate technical and organisational measures consistent with UK GDPR Article 32. We limit access to personal data to personnel and suppliers who need it for the purposes described, under appropriate confidentiality obligations.

17. Automated decision-making and profiling

We do not engage in automated decision-making that produces legal effects or similarly significant effects on individuals. We may use limited profiling for analytics and to understand the performance of the Website and our content. You can object to profiling for direct marketing at any time.

18. International visitors and additional rights

Certain jurisdictions grant additional rights. If you are a resident of California, you may have rights under the CCPA or CPRA, including the right to know, delete, correct, and opt out of certain sharing for cross-context behavioural advertising. We do not sell personal information in the common meaning of that term. To exercise California rights, email privacy@attilaprester.com and specify your residency.

We are established in the UK and primarily apply the UK GDPR and the Data Protection Act 2018. Residents of other jurisdictions should contact us to understand how their local laws apply. EEA residents can raise concerns with their local data protection authority. Contact details are available from the European Data Protection Board.

19. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on the Website and revise the “Last updated” date at the top. Material changes may also be communicated by email if appropriate.

20. How to contact us and how to complain

For any questions, requests, or concerns about this Privacy Policy or our handling of your personal data, contact:

Email: privacy@attilaprester.com

You also have the right to lodge a complaint with your local supervisory authority. In the UK this is the Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline: +44 303 123 1113. Website: ico.org.uk. You can contact the authority in the country where you live, where you work, or where you believe an infringement occurred.

21. Summary of your choices

  • Review, correct, or delete your data by emailing privacy@attilaprester.com.

  • Opt out of marketing by clicking “unsubscribe” in any marketing email or by contacting us.

  • Control cookies through your browser and, where available, our on-site cookie banner or Cookie Settings link.

  • Object to processing based on legitimate interests, including publication of your identifiable images, by contacting us with details so we can assess your request.

  • Withdraw consent at any time where we rely on consent.

22. Key definitions

  • Personal data: any information that identifies or can be used to identify an individual.

  • Processing: any operation performed on personal data such as collection, storage, use, disclosure, or deletion.

  • Controller: the party that determines the purposes and means of processing personal data.

  • Processor: a party that processes personal data on behalf of the controller.

  • Legitimate interests: our interest in conducting and managing our business and artistic practice to enable us to provide the best service, balanced against your rights.

Final note for clients and visitors

We aim to balance artistic freedom and documentary value with respect for privacy. If you appear in an image on this Website and have concerns, please contact privacy@attilaprester.com with a link to the image and a brief explanation of your request. We will review it promptly and respond in line with applicable law and industry practice.