indigo dingo ltd - privacy policy 24 May 2018

Hello fellow human.

If you’ve clicked here you must really care about your data privacy and the recent implementation of GDPR. 

If you’ve arrived here by accident and don’t know what GDPR is, it stands for Gruelling Data in Photography Rules and it sometimes feels like it was primarily designed to create enormous headaches for small creative businesses that just happen to work with people’s faces. 

Whether your fizzog is classed as personal data has really yet to be confirmed in a legal sense under EU / UK law, but in the meantime we need to ensure that we are compliant in handling your data, so here is Indigo Dingo Ltd’s updated GDPR compliant privacy policy.

Personal data that we collect

We collect your name so we don’t have to call you Sir / Madam, your job title and organisation so we know whether to be extra nice to you (not that we’re ever nasty to anyone), your email address so we can communicate with you, your landline, mobile and Skype numbers so we can call you about important subjects or just for a friendly chat and your address so we can send you nice things via the analogue medium of post / courier or, more importantly, to meet you without having to employ a soothsayer to divine where you might live / work.  We may on occasion, also add a note, to remind our addled brains about such things as where we met you, or any unusual skills that you might have (e.g. the ability to juggle hedgehogs, or more likely in our case, that you can film underwater). All of this is necessary for us to do our job.

How we collect and keep your personal data

We will have either met you and you were kind enough to press a business card into our hands, or you have contacted us via telephone / e-mail / carrier pigeon (or another form of communication), and we decided that you seemed nice / talented / likely to give us some work and that we may therefore need to return the favour in the future.

We primarily store your data in our Google Gmail database / E-mail client software (which is GDPR compliant) and which employs fiendishly complex maximum strength password protection worthy of the enigma code cracking team at Bletchley Park.

The database is only accessible through a strictly limited number of official company computers / devices, all of which use the 2 step mobile login protocol. Our passwords are also changed regularly.

For newsletter mailing purposes, we may also store your name, email address and organisation in a separate Mailchimp account, which has similarly fiendish and complex maximum strength password protection (and is also GDPR compliant).

When we have a legitimate reason to store your details in a separate document (e.g. in legal contracts / artist release forms / call sheets) these, like all of our documents, are stored securely inside a password protected and encrypted Veracrypt folder, which is accessible only by trusted key personnel.

Commenting on social media

All of our social media channels (Faceybook / Linkeydin / Harold Pinterest etc) are set to public, so if you comment on any of our posts, please be aware that these will be in the public domain (so it would be a good idea not to include your credit card details).  

Right of confirmation, access, rectification and erasure

In all seriousness, if you would like to know what personal data we hold on you or are concerned about how it is handled, please contact our MD (and designated data manager) Paul Wightman at and he will be happy to comply (it’s not like we are MI5 or something).

If any of the information is wrong, you have the right to correct it, something that we would definitely recommend because that is in all our interests if we want to enjoy an on-going relationship (in a strictly platonic sense of course). 

If however, you would like us to delete all or part of your personal data, you have the right to request that, although we would of course advise against it if you’re expecting us to come and film you at your office sometime.

Use of your data

Perhaps the most important thing to know is that we are nice people with the best intentions for your personal data (not nefarious Mafioso like assassins populating a database with our next targets or selling it to the highest bidder, or for that matter to the lowest bidder).  We will however, definitely use your contact details to get in touch about work that we are doing and / or planning with / for you. We may also contact you in relation to unconnected things that we had a human conversation about (e.g. a link to a, like, really groovy band that we recommended man).

We will not share your contact details with any third parties, unless it is either with your express prior consent, or there is a legitimate reason for us to do so, such as on call sheets related to shoots that we’re undertaking and with which you have an involvement. When we are working with famous / infamous / very important people (which happily, happens remarkably often), we will only share their / your contact details with very senior members of the crew and only then, when there is a legitimate and strictly necessary reason for the crew member to have them. Even on the least star-studded shoot, we always request that crew members respect and protect the data of all those involved and that they destroy all call sheets afterwards.  

If we do send you the occasional newsletter, it will be via our secure password protected Mailchimp account with a clear unsubscribe option in case you don’t want to hear from us again (which would be hard to take, but we’ll get over it). Our Mailchimp database only stores your name, organisation, JOB TITLE and e-mail address.  To be clear though, unsubscribing from our Mailchimp mailing list does not mean that we will delete your data from our primary contacts database (unless you request this separately).

Use of your face-based data

When it comes to you appearing in one of our films or still images, the EU hasn’t been overly specific about what that means for working film crews / photographers and production companies, other than that we need to demonstrate legitimate and reasonable use.

With that in mind, we can confirm that we will not allow any film (or part thereof) which features your face / likeness to be used for any other purpose than the one for which it was originally intended and for which you gave consent in your artist release form / contract.  However, we must point out that, as a commercial production company which often assigns copyright / usage rights to commissioning clients, we may not be in a legal position to stop our clients doing as such.  However, in the highly unlikely event that one of our clients were to sell a close up of your face for use in an incontinence pads advert, we will be happy to direct you to the correct client contact so that you can take the matter up with them.

When you appear in a project for which we do retain 100% of the copyright and usage rights, we will only ever sell / give footage containing your face / likeness to a third party with your express prior consent (unless you have signed an all encompassing contract / artist release waiver form). 

If you see us filming on the street or maybe at an event where the entry T&Cs state that you are happy to be filmed, but you shouldn’t be there for some reason (we’re thinking of that scene in Ferris Bueller’s Day Off), then please tell us at the time if at all possible, so we can do our utmost to ensure that you do not appear in shot (OR AT THE VERY LEAST IN THE SUBSEQUENT EDIT). We are very reasonable people who respect your right to privacy and constantly assess whether our actions might have anything more than a minimal impact on your privacy.  We have done this on several occasions in the past where serving members of the SAS wandered into shot (although to be honest, it was more the official secrets act and fear of physical violence from the milk tray man than GDPR rules that was the driving reason behind us complying on that occasion).

As a commercial image production company, we occasionally use our footage and stills (production and behind the scenes) to promote our services on our social media channels and website. Use of your face / likeness will usually have been sanctioned by you in a signed artist release form / freelance contract, but being reasonable people, even when you have given us permission, we will always attempt to accommodate your privacy requests where we can, should your situation change (e.g. you’ve since entered the witness protection scheme and have yet to have the plastic surgery).  To be clear, not liking how your hair looked on the day is probably not a good enough reason, because clearly, you always look great when we are operating the camera.

We store footage and images of your lovely face on password encrypted hard drives stored inside locked filing cabinets inside a secure office with 3 lever mortise locks on the doors and locks on the windows and a guard dog. We also store footage containing your face on password encrypted cloud based video storage platforms (such as Vimeo and Dropbox), which are also GDPR compliant.

GDPR compliancy

Despite the slightly tongue-in-cheek nature of the above text, please be assured that we take your privacy very seriously and as such, are confident that we are compliant with gdpr and the relevant UK privacy / data legislation.