Privacy Policy

Privacy Policy – Rene Maajärv Photography

Last updated: 22 October 2025

This Privacy Policy explains how Rene Maajärv Photography (“we”, “our”, or “us”) collects, uses, and protects personal data of visitors and clients who use the website https://maajarvphotography.eu and related services.

We are committed to protecting your privacy and processing all personal data in compliance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and applicable Estonian data protection laws.

1. Data Controller

Rene Maajärv Photography
Owner: Rene Maajärv
Email:
Registered in Estonia.

We act as the data controller in accordance with Article 24 GDPR, responsible for determining the purposes and means of processing personal data.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Name, email address, and phone number (if provided)
  • Messages and other information submitted via contact forms or email
  • Technical data such as IP address, browser type, operating system, and device information
  • Usage data such as visited pages, referral source, and time spent on the website
  • Cookies and analytics data (e.g., Google Analytics, Meta Pixel if used)

Records of data processing activities are maintained in accordance with Article 30 GDPR.

3. Purpose and Legal Basis for Processing

We process personal data for the following purposes:

  • Responding to inquiries and providing photography services
  • Managing client relationships and project communication
  • Maintaining and improving the website and user experience
  • Sharing updates about exhibitions, projects, or services (with your consent)
  • Complying with legal obligations

The legal bases for processing (under Article 6 GDPR) are:

  • Consent – Art. 6(1)(a) and Art. 7 GDPR: when you voluntarily provide data and give explicit permission.
  • Contract – Art. 6(1)(b) GDPR: when processing is necessary to fulfil a photography service agreement.
  • Legal obligation – Art. 6(1)(c) GDPR: when required by law.
  • Legitimate interest – Art. 6(1)(f) GDPR: to maintain client communication and improve our website.

4. Data Retention

We retain personal data only as long as necessary to fulfil the purposes for which it was collected, or as required by law.
Messages and inquiries are typically stored for up to 12 months, unless ongoing cooperation requires longer storage.

Retention complies with the principles of Article 5(1)(e) GDPR.

5. Data Sharing

We do not sell or trade personal data. Data may be shared only with:

  • Service providers (e.g., hosting, analytics, or email) under data processing agreements compliant with Article 28 GDPR.
  • Public authorities when legally required (Article 6(1)(c)).

All partners ensure appropriate safeguards and confidentiality.

6. International Transfers

If personal data is transferred outside the EU/EEA (e.g., via Google or Meta services), we ensure compliance with Chapter V GDPR (Articles 44–50), using Standard Contractual Clauses (SCCs) or other approved safeguards.

7. Data Subject Rights

Under Articles 12–22 GDPR, you have the following rights:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data (“Right to be forgotten”, Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

To exercise your rights, contact us at
You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Art. 77 GDPR).

8. Data Breaches

In the event of a personal data breach, we will notify the competent supervisory authority in accordance with Articles 33 and 34 GDPR without undue delay and, if necessary, inform affected individuals.

9. Cookies

Our website uses cookies to ensure functionality and analyse usage.
Cookies are processed in compliance with Article 6(1)(a) GDPR based on user consent.
You can manage or disable cookies in your browser settings.
Details are available in our Cookie Policy.

10. Data Security

We apply technical and organisational measures (Article 32 GDPR) to protect your personal data against unauthorised access, loss, or misuse.
While we take reasonable precautions, no data transmission over the internet is entirely secure.

11. Links to Other Websites

Our website may include links to external sites (e.g., exhibitions, social media).
We are not responsible for the privacy practices or content of third-party websites (Recital 63 GDPR).

12. Changes to This Policy

We may update this Privacy Policy periodically. The latest version is always available at:

Privacy Policy

13. Contact

Questions or requests regarding this Privacy Policy:

Related Images:

Close Menu