POPI stands for the Protection of Personal Information (POPI) and is an act of the South African government to promote the protection of personal information processed by public and private bodies. The official document can be found here.

As a processor of personal information on behalf of photographers we do the following to protect our clients data:

• Follow industry best practise to secure the website and data storage.
• Allow photographers and customers to request the information we store about them.
• Allow for the correction of incorrect data that we store about a photographer or customer.
• Allow for the deletion of data that we store about a photographer or customer.
• We will never sell on your personal information to third parties.
• In case of a data breach we will notify the impacted individuals as well as informing the Information Regulator.

Over and above what is already stated we do the following to protect individuals that are part of a gallery hosted on photoset:

• Each individual gallery is protected by a password and is not generally available to the public.
• The website and images are secured using SSL/TLS encryption.
• Galleries are set to expire after 18 months. At that point all images are deleted and no one will have access to the gallery.

In terms of the customers that place orders through Photoset we do the following:

• We do not store any banking details on our systems. Our payment providers approve payments and send us an acknowledgement for us to proceed with the order.
• Customers when viewing the gallery will be given the option to request email reminders about the gallery. There is an option to opt out of these notifications.
• Any automated emails sent to customers from Photoset will have an option to opt out of further emails.

• The most important aspect for photographers is to make sure the subjects in the photographs have consented to their images being processed and published online. In a lot of cases this consent would have already been provided by parents to the school but you need to make sure that is the case. If consent has not been provided you will either need to get consent from the parents in writing or else the child should not be included in the gallery publish on Photoset.
• Make sure galleries and passwords are sent out individually so as to limit the audience.
• Make sure the password for the gallery is unique and not easy to guess.
• In cases where the customer withdraws their consent please contact support@photoset.co.za in order for the images to be removed.

As parents of school kids we understand the need to keep our kids safe. If you have any concerns please do not hesitate to contact us at support@photoset.co.za