GDPR Privacy Policy

Last updated: November 30, 2025

This GDPR Privacy Policy explains how Brigitte Roelant Photography (“we”, “us”, or “our”) collects, uses, discloses and protects personal data of individuals in the European Economic Area (EEA), the United Kingdom and Switzerland in accordance with the General Data Protection Regulation (GDPR) and equivalent laws.

By using our website or services, you agree to the practices described in this Policy.

  1. DATA CONTROLLER

The data controller for the purposes of the GDPR is:

Brigitte Roelant Photography

Genève, Switzerland

Email: bri.r.photography@gmail.com

  1. DEFINITIONS

“Account” means a unique account created for you to access our Service.

“Personal Data” means any information relating to an identified or identifiable natural person (such as name, email, address, IP address).

“Usage Data” means data collected automatically when you use the Service (for example, IP address, browser type, pages visited, time spent).

“Cookies” are small files stored on your device that help us operate and improve the website.

“Service” refers to our website and related online services.

“Website” refers to Brigitte Roelant Photography, available at https://brigitteroelantphotography.com

“Data Subject” or “User” means the individual using the Service whose Personal Data is being processed.

“Service Provider” means any third party that processes Personal Data on our behalf (data processor).

  1. PERSONAL DATA WE COLLECT

We may collect the following categories of Personal Data:

Personal Data you provide to us:

– First and last name

– Email address

– Phone number

– Billing and shipping address

– Order and payment-related details (processed through secure payment providers)

– Any information you include when you contact us

Usage Data collected automatically:

When you use our Website, we may automatically collect:

– IP address

– Browser type and version

– Device type and operating system

– Pages visited and time spent

– Date and time of visits

– Referring URLs and other diagnostic data

  1. COOKIES AND TRACKING TECHNOLOGIES

We use Cookies and similar tracking technologies (such as pixels and tags) to:

– Operate the Website

– Remember your preferences

– Improve performance and user experience

– Analyze traffic and usage patterns

Types of Cookies we use:

– Necessary/Essential Cookies: Required for basic website functions and security.

– Preference/Functionality Cookies: Remember your choices (such as language or login details).

– Performance/Analytics Cookies: Help us understand how visitors use the Website.

You can set your browser to refuse Cookies or to alert you when Cookies are being sent. If you disable Cookies, some parts of the Website may not function properly.

For more details about Cookies used by Shopify, please visit: https://www.shopify.com/legal/cookies

  1. PURPOSES AND LEGAL BASES FOR PROCESSING

We process your Personal Data for the purposes and on the legal bases listed below:

– To provide and maintain our Service

Legal basis: performance of a contract (Article 6(1)(b) GDPR)

– To process and fulfill your orders, including payments, shipping and customer support

Legal basis: performance of a contract (Article 6(1)(b) GDPR)

– To manage your Account (if you create one)

Legal basis: performance of a contract (Article 6(1)(b) GDPR)

– To communicate with you about your orders, questions or support requests

Legal basis: performance of a contract and/or legitimate interests (Article 6(1)(b) and 6(1)(f) GDPR)

– To send you optional news, updates or marketing communications (where permitted)

Legal basis: consent (Article 6(1)(a) GDPR). You can withdraw your consent at any time.

– To improve and secure our Website, analyze usage trends and prevent fraud

Legal basis: legitimate interests (Article 6(1)(f) GDPR)

– To comply with legal obligations (such as tax and accounting rules)

Legal basis: legal obligations (Article 6(1)(c) GDPR)

  1. HOW WE SHARE YOUR PERSONAL DATA

We may share your Personal Data with:

– Service Providers that help us operate the Website and provide services (for example: Shopify, payment processors, hosting providers, analytics and email tools)

– Shipping and logistics partners to deliver your orders

– Professional advisors (such as accountants or legal advisors) where necessary

– Public authorities or law enforcement, when required by law or to protect our legal rights

All Service Providers are required to process Personal Data only according to our instructions and in compliance with applicable data protection laws.

We do not sell your Personal Data.

  1. INTERNATIONAL DATA TRANSFERS

Your Personal Data may be processed and stored in countries outside of your country of residence.

When we transfer Personal Data outside the EEA, UK or Switzerland, we take appropriate safeguards such as:

– Using countries that have been recognized as providing an adequate level of protection, or

– Using the European Commission’s Standard Contractual Clauses or equivalent safeguards.

  1. DATA RETENTION

We keep Personal Data only for as long as necessary for the purposes described in this Policy, including:

– For as long as you have an active Account

– For as long as required to fulfill orders and provide services

– For the period required by legal, tax and accounting obligations

– For a reasonable period to handle disputes or enforce agreements

When Personal Data is no longer needed, it will be securely deleted or anonymized.

  1. SECURITY OF YOUR PERSONAL DATA

We use appropriate technical and organizational measures to protect your Personal Data against loss, misuse, unauthorized access, disclosure, alteration or destruction.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

  1. YOUR RIGHTS UNDER GDPR

If you are in the EEA, UK or Switzerland, you have the following rights regarding your Personal Data:

– Right of access: You can request a copy of the Personal Data we hold about you.

– Right to rectification: You can ask us to correct inaccurate or incomplete data.

– Right to erasure (“right to be forgotten”): You can request deletion of your Personal Data in certain circumstances.

– Right to restriction of processing: You can ask us to restrict the processing of your data in certain circumstances.

– Right to data portability: You can request your Personal Data in a structured, commonly used, machine-readable format and have it transferred to another controller where technically feasible.

– Right to object: You can object to processing based on our legitimate interests, and to direct marketing at any time.

– Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at: bri.r.photography@gmail.com

We may ask you to verify your identity before responding.

You also have the right to lodge a complaint with your local data protection authority if you believe that our processing of your Personal Data violates data protection laws.

  1. CHILDREN’S PRIVACY

Our Service is not intended for children under 16 years of age.

We do not knowingly collect Personal Data from children under 16. If you believe a child has provided us with Personal Data, please contact us so we can delete it.

  1. LINKS TO OTHER WEBSITES

Our Website may contain links to other websites not operated by us.

We are not responsible for the privacy practices of those third-party sites and encourage you to review their privacy policies.

  1. CHANGES TO THIS GDPR PRIVACY POLICY

We may update this Policy from time to time.

Any changes will be posted on this page with an updated “Last updated” date.

We recommend that you review this Policy periodically.

  1. CONTACT US

If you have any questions about this GDPR Privacy Policy or how we process your Personal Data, you can contact us:

By visiting this page on our website: https://brigitteroelantphotography.com

By sending us an email: bri.r.photography@gmail.com