Privacy & Cookie Policy
Last updated: April 2026
This website is operated by Jamie Randall, trading as Randall Photos. We are committed to handling your personal data responsibly and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).
If you have any questions about this policy, please contact Jamie directly at [email protected].
1. What information we collect
When you place an order
To process a purchase — whether a print or a digital download — we collect your email address. For print orders, your delivery address is also collected via the Stripe payment page (see section 4). We retain order records to fulfil the order and as required for accounting purposes.
When you submit an enquiry
The enquiry form collects your name, email address, and the details you provide. This information is used solely to respond to your enquiry and is not shared with third parties.
When you access a private event gallery
We record the time and outcome of each access-code attempt, along with your anonymised IP address, to protect against brute-force attacks. We do not store the access code you enter in plain text.
Website analytics
We record basic page-view data server-side: the page visited, the time of the visit, the referring website (if any), and whether the visit came from a mobile device. Your IP address is anonymised before storage — only the first three octets of an IPv4 address are retained (for example, 192.168.1.0). This analytics data contains no personally identifiable information and requires no cookies.
2. Cookies
This website uses only strictly necessary cookies. No advertising, tracking, or analytics cookies are set. Under UK PECR, strictly necessary cookies are exempt from requiring your consent.
| Cookie name | Purpose | Duration |
|---|---|---|
.RandallPhotos.Basket |
Remembers your download basket between pages so you can select multiple photos before checking out. | Session (deleted when you close your browser) |
.AspNetCore.Antiforgery.* |
Security token that protects all forms on the site against cross-site request forgery (CSRF) attacks. | Session |
.AspNetCore.Identity.* |
Used only when the site administrator logs in to the admin area. Not set for regular visitors. | Session / up to 14 days if "remember me" is selected |
3. How we use your information
- Order fulfilment — to dispatch prints and deliver download links.
- Customer communications — to respond to enquiries and send order confirmations.
- Security — to detect and prevent abuse of the access-code system.
- Site improvement — anonymised analytics to understand which pages are most useful.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Third-party services
Stripe
Payments are processed by Stripe.
When you click "Pay", you are taken to a Stripe-hosted checkout page on the
stripe.com domain. Stripe collects and processes your payment card
details and, for print orders, your delivery address. Stripe may set their own
cookies on their domain. Their privacy policy is available at
stripe.com/gb/privacy.
Google Fonts
This site loads typefaces from Google Fonts. Google may log the request (including your IP address) when fonts are fetched. See Google's privacy policy for details.
5. Data retention
- Orders — retained for 7 years for accounting and legal compliance.
- Enquiries — retained for 2 years, then deleted.
- Access logs — retained for 90 days, then deleted.
- Analytics page views — retained for 13 months, then deleted.
- Download tokens — expire after 72 hours and are then inert.
6. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request erasure of your data (subject to legal retention obligations).
- Object to or restrict certain processing.
- Lodge a complaint with the Information Commissioner's Office (ICO).
To exercise any of these rights, please contact [email protected].
7. Changes to this policy
We may update this policy from time to time. The date at the top of this page will always reflect the most recent revision. Continued use of the site after a change constitutes acceptance of the updated policy.