Privacy Policy

Effective date: 27 June 2026 · Last updated: 27 June 2026

Who runs this site

This website (thomasfearn.co.uk) is operated by Thomas Fearn, a wildlife photographer based in the United Kingdom, trading as a sole trader. Thomas is the sole data controller for any personal data processed through this site.

For any privacy question, data request, or complaint, contact [email protected].

What this policy covers

This policy explains what personal data is collected when you visit thomasfearn.co.uk, how that data is used, who it is shared with, how long it is kept, and the rights you have over it under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It also covers the apps and integrations Thomas operates around this site, including the Pinterest publishing app described under "Third-party platforms" below.

What data is collected

Most of the site is a public photography portfolio — you can browse it without giving any personal data. Data is only collected when you actively interact with one of the features below:

• Contact form. When you submit the contact form, the site collects the name, email address, subject line, and message you provide, so a reply can be sent.
• Newsletter / wallpaper signup. If you submit your email to the newsletter form, that email address is stored so the free wallpaper and occasional updates can be sent.
• Print purchases (when the shop is live). When the print shop is enabled, checkout is handled by Stripe. To fulfil orders, Stripe collects your name, email, billing address, shipping address, and payment details. Thomas only sees the order summary (name, shipping address, items, total) — never your full card number.
• Server and analytics data. The web server records standard request information (IP address, browser user-agent, referring page, timestamp) in short-lived access logs for security and abuse-prevention. The site may also use a privacy-respecting analytics tool to count visits and see which images people view; where Google Analytics or a Pinterest Tag is used, this is disclosed in the cookie notice and you can decline non-essential cookies.
• Cookies. Strictly-necessary cookies may be used to remember your cart contents or whether you have dismissed a banner. Analytics or advertising cookies (e.g. Google Analytics, the Pinterest Tag) are only set with your consent.

Why this data is used (lawful basis)

• To reply to enquiries you send via the contact form — lawful basis: legitimate interest in responding to people who get in touch.
• To send the newsletter and free wallpaper — lawful basis: your consent, given when you submit the signup form. You can withdraw consent at any time using the unsubscribe link in every email.
• To process and fulfil print orders — lawful basis: performance of the contract you enter when buying a print.
• To run the site securely — lawful basis: legitimate interest in preventing abuse and keeping the service available.
• To understand how the site is used — lawful basis: your consent (for non-essential analytics cookies).

Third-party processors

The site uses a small number of trusted third-party services to run. Each processes only the data it needs:

• Hosting / DNS: Cloudflare (CDN, DNS, edge security) and the underlying hosting provider for the site.
• Email newsletter: ConvertKit (or, where configured, Mailchimp) handles delivery of the newsletter and free wallpaper.
• Payments and checkout: Stripe processes card payments and stores billing details. Stripe's privacy policy is at stripe.com/privacy.
• Print fulfilment: Prodigi prints and ships orders. Your shipping address is passed to Prodigi to print the label.
• Analytics: Where enabled, Google Analytics (and, if a Pinterest Tag is installed, Pinterest) receive anonymised event data about your visit.
• Social and stock platforms: Thomas operates accounts on Pinterest, Instagram, Saatchi Art, Fine Art America, Adobe Stock, Shutterstock, Alamy, Getty / iStock, Displate, Etsy, Redbubble, and Society6. The site links out to those platforms but does not share your visit data with them unless you click through.

Some of these processors are based outside the UK / EEA. Transfers are made under the UK Addendum to the EU Standard Contractual Clauses, the EU–US Data Privacy Framework, or equivalent safeguards each processor publishes.

Third-party platforms (Pinterest publishing app)

Thomas operates a small private app that connects to his own Pinterest business account (pinterest.com/thomas_fearn) via the Pinterest API. This app is used only by Thomas himself — it is not offered to other users. It does the following, all on Thomas's own account:

• Publishes photographs from this site to his own Pinterest boards on a schedule.
• Reads engagement metrics (impressions, saves, clicks) on his own pins for reporting.
• Reads and replies to comments on his own pins.

The app does not collect or process personal data about visitors to this website, and does not access data about other Pinterest users beyond the public comment text on Thomas's own pins. Any Pinterest data the app reads stays inside Thomas's own environment and is never sold, shared, or transferred to third parties.

How long data is kept

• Contact-form messages: kept for up to 24 months after the last reply, then deleted.
• Newsletter subscribers: kept until you unsubscribe, then removed promptly.
• Order records: kept for 7 years to meet UK tax and accounting obligations (HMRC).
• Server access logs: kept for up to 30 days, then rotated out.
• Analytics: retention follows the analytics provider's default (typically 14 months for Google Analytics 4).

Your rights under UK GDPR

You have the right to:

• Access the personal data held about you.
• Rectify any inaccurate or incomplete data.
• Erase your data ("right to be forgotten"), where there is no legal reason to keep it.
• Restrict or object to processing, particularly for marketing.
• Port your data — receive it in a machine-readable form to take elsewhere.
• Withdraw consent at any time for anything based on consent (e.g. newsletter).
• Complain to the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been mishandled.

To exercise any of these rights, email [email protected]. A reply will be sent within 30 days.

Children

This site is not aimed at children. No personal data is knowingly collected from anyone under 16. If you believe a child has submitted personal data, contact Thomas and it will be deleted.

Security

The site is served over HTTPS. Payment data is handled entirely by Stripe and never touches Thomas's servers. Reasonable technical and organisational measures are in place to protect the data that is stored, but no online service can guarantee absolute security.

Changes to this policy

If this policy changes materially, the effective date at the top will be updated and — for newsletter subscribers — a notice will go out by email. Older versions can be requested by emailing Thomas.

Contact

Thomas Fearn · [email protected] · United Kingdom.