Olga Dimenshtein (“I”, “me”, “the Photographer”) is the data controller responsible for your personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679 — GDPR) and Italian data protection legislation (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).
Depending on how you interact with me, I may collect the following categories of personal data:
I use your personal data exclusively for the purposes listed below. Each purpose is linked to its legal basis under Article 6(1) GDPR:
| Purpose | Legal Basis |
|---|---|
| Communicating with you about your booking, event planning, and photo delivery | Contract performance Art. 6(1)(b) |
| Performing the photography services described in our agreement (shooting, editing, selecting, and delivering your photographs) | Contract performance Art. 6(1)(b) |
| Displaying selected images in my portfolio (website, social media, printed materials, professional presentations) unless you have opted out or chosen the full-privacy option | Legitimate interest Art. 6(1)(f) |
| Issuing invoices, processing payments, and maintaining accounting records as required by Italian tax law | Legal obligation Art. 6(1)(c) |
| Responding to your enquiries or requests | Contract performance / Legitimate interest Art. 6(1)(b)/(f) |
| Hosting and delivering the website and email communications (Hostinger) | Legitimate interest Art. 6(1)(f) |
| Protecting the website against malicious traffic, DDoS attacks, and spam (Cloudflare, Google reCAPTCHA v3) | Legitimate interest Art. 6(1)(f) |
| Displaying the website with consistent typography (Google Fonts) | Legitimate interest Art. 6(1)(f) |
| Improving my website and services through anonymised analytics (Google Analytics) | Consent Art. 6(1)(a) |
Where processing is based on consent (e.g., analytics cookies), you can withdraw your consent at any time without affecting the lawfulness of prior processing.
| Type of Data | Retention Period |
|---|---|
| Finished (edited) photographs | 24 months from delivery date, for backup and portfolio purposes |
| RAW image files | Until completion of editing and delivery of the finished photographs to the Client, then securely deleted |
| Invoices and financial records | 10 years, as required by Italian tax law |
| Contact and communication records | 24 months from the last engagement, or until you request deletion |
| Website analytics data (Google Analytics) | 14 months (Google Analytics default)/td> |
| Cloudflare security logs | Retained by Cloudflare in accordance with their data retention policy (typically up to 72 hours for security event logs) |
| Hostinger server logs | Retained by Hostinger in accordance with their data retention policy |
After the retention periods above, personal data is securely deleted or anonymised. Photographs used in my portfolio may be retained longer in accordance with the terms of our agreement.
Under GDPR, you have the following rights regarding your personal data:.
To exercise any of these rights, please contact me at . I will respond within 30 days.
I do not sell, rent, or trade your personal data. I may share limited data with the following categories of recipients, only as necessary:
| Recipient | Purpose | Data Processed |
|---|---|---|
| Cloud storage providers | Hosting and delivering your photographs via secure cloud links | Photographs, delivery metadata |
| Accountant / tax advisor | Processing invoices and complying with Italian tax obligations | Name, Codice Fiscale, invoice data |
| Second photographer / assistant | Sharing relevant logistical details when additional coverage is arranged for your event | Event schedule, location details |
| Service | Provider | Purpose | Data Processed | Legal Basis |
|---|---|---|---|---|
| Hosting & email | Hostinger International Ltd. (Lithuania / Cyprus) | Web hosting, email delivery, server-side processing | IP address, HTTP request data, email content and metadata | Legitimate interest |
| DNS & security | Cloudflare, Inc. (USA) | DNS resolution, DDoS protection, web application firewall, SSL/TLS encryption, bot management | IP address, HTTP headers, browser fingerprint, cookies (__cf_bm, __cfruid) | Legitimate interest |
| Web fonts | Google LLC (USA) | Serving typefaces for consistent website typography | IP address, browser user-agent string, referrer URL | Legitimate interest |
| Analytics | Google LLC (USA) | Anonymised website usage statistics | IP address (anonymised), pages visited, session duration, device and browser data, cookies (_ga, _ga_*) | Consent |
| Anti-spam | Google LLC (USA) | Protecting forms from automated spam submissions (reCAPTCHA v3) | IP address, mouse movements and click patterns, browser plugins, CSS information, JavaScript objects, cookies, device and browser data | Legitimate interest |
Some of the third-party services listed above are provided by companies based outside the European Economic Area (EEA), in particular in the United States (Google LLC, Cloudflare, Inc.). When personal data is transferred outside the EEA, I ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including:
Hostinger International Ltd. processes data within the EU/EEA. You may request further details about the safeguards in place by contacting me at the details provided in Section 14.
This website uses cookies — small text files stored on your device — and similar technologies to improve your browsing experience, protect against abuse, and understand how visitors use the site.
| Category | Cookie / Technology | Provider | Purpose | Legal Basis |
|---|---|---|---|---|
| Strictly necessary | Session cookies, cookie consent preferences | This website | Essential for the website to function correctly | Legitimate interest |
| Security | __cf_bm, __cfruid, cf_clearance | Cloudflare | Bot detection, DDoS protection, security challenge management | Legitimate interest |
| Anti-spam | _GRECAPTCHA, reCAPTCHA scripts | Google reCAPTCHA v3 | Distinguishing human visitors from automated bots to protect forms from spam. reCAPTCHA v3 runs invisibly in the background and assigns a risk score without user interaction | Legitimate interest |
| Analytics | _ga, _ga_* | Google Analytics 4 | Collecting anonymised data about website traffic, pages visited, and user behaviour to improve the site. IP anonymisation is enabled | Consent |
When you visit a page, your browser connects to Google\'s servers to download the font files. In doing so, your IP address and browser user-agent string are transmitted to Google. Google Fonts does not set cookies, but the connection itself constitutes a data transfer. For more information, see Google Fonts Privacy FAQ.
This website uses Google reCAPTCHA v3 to protect forms from automated spam. Unlike earlier versions, reCAPTCHA v3 works invisibly in the background — it does not display challenges or checkboxes. Instead, it analyses browsing behaviour (mouse movements, scrolling patterns, keystrokes, and similar interaction data) to assign a risk score. This data is transmitted to Google. For more information, see Google\'s Privacy Policy and the reCAPTCHA page.
You can manage or disable cookies through your browser settings. Please note that disabling strictly necessary or security cookies may affect the functionality and security of this website. You may also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
I take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include encrypted storage, secure cloud services with access controls, regular backups, password-protected devices, and SSL/TLS encryption for all website traffic (provided via Cloudflare).
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, I will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach. I will also notify the Garante per la protezione dei dati personali as required under Article 33 GDPR.
During event photography, I may photograph individuals other than my direct client (e.g., guests, attendees). Under my service agreements, the client is responsible for obtaining the necessary permissions from individuals appearing in the photographs. If you believe a photograph of you has been taken or used without appropriate permission, please contact me and I will address your concern promptly.
I use selected photographs from my engagements for my professional portfolio and promotional purposes, based on legitimate interest (Art. 6(1)(f) GDPR). This usage is governed by the terms of my service agreement, which includes:
If you are a non-client individual who appears in photographs on my website or social media and would like to request removal, please contact me at the details above.
I do not knowingly collect personal data from children under the age of 16 without parental or guardian consent. When photographing events that include minors, the client is responsible for obtaining any necessary consent from parents or guardians. I take particular care when selecting images of minors for portfolio or promotional use.
I may update this privacy policy from time to time to reflect changes in my practices or legal requirements. The updated version will be posted on this page with a revised effective date. I encourage you to review this policy periodically.
If you have any questions about this privacy policy or how I handle your personal data, please contact me.
Last update: 30 January 2026