Olga Dimenshtein (“I”, “me”, “the Photographer”) is the data controller responsible for your personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679 — GDPR) and Italian data protection legislation (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).
Depending on how you interact with me, I may collect the following categories of personal data:
I use your personal data exclusively for the purposes listed below. Each purpose is linked to its legal basis under Article 6(1) GDPR:
| Purpose | Legal Basis |
|---|---|
| Communicating with you about your booking, event planning, and photo delivery | Contract performance Art. 6(1)(b) |
| Performing the photography services described in our agreement (shooting, editing, selecting, and delivering your photographs) | Contract performance Art. 6(1)(b) |
| Displaying selected images in my portfolio (website, social media, printed materials, professional presentations) unless you have opted out or chosen the full-privacy option | Legitimate interest Art. 6(1)(f) |
| Issuing invoices, processing payments, and maintaining accounting records as required by Italian tax law | Legal obligation Art. 6(1)(c) |
| Responding to your enquiries or requests | Contract performance / Legitimate interest Art. 6(1)(b)/(f) |
| Hosting and delivering the website and email communications (Hostinger) | Legitimate interest Art. 6(1)(f) |
| Protecting the website against malicious traffic, automated abuse, DDoS attacks, and spam (Cloudflare, Cloudflare Turnstile) | Legitimate interest Art. 6(1)(f) |
| Displaying the website with consistent typography (Google Fonts) | Legitimate interest Art. 6(1)(f) |
| Improving my website and services through aggregated, cookie-free analytics (Cloudflare Web Analytics) | Legitimate interest Art. 6(1)(f) |
Where processing is based on legitimate interest, you have the right to object to such processing in accordance with Article 21 GDPR, subject to applicable legal exceptions.
| Type of Data | Retention Period |
|---|---|
| Finished (edited) photographs | 24 months from delivery date, for backup and portfolio purposes |
| RAW image files | Until completion of editing and delivery of the finished photographs to the Client, then securely deleted |
| Invoices and financial records | 10 years, as required by Italian tax law |
| Contact and communication records | 24 months from the last engagement, or until you request deletion |
| Website analytics data (Cloudflare Web Analytics) | Retained by Cloudflare in accordance with the settings and retention periods applicable to Cloudflare Web Analytics |
| Cloudflare security logs | Retained by Cloudflare in accordance with their data retention policy (typically up to 72 hours for security event logs) |
| Hostinger server logs | Retained by Hostinger in accordance with their data retention policy |
After the retention periods above, personal data is securely deleted or anonymised. Photographs used in my portfolio may be retained longer in accordance with the terms of our agreement.
Under GDPR, you have the following rights regarding your personal data:.
To exercise any of these rights, please contact me at . I will respond within 30 days.
I do not sell, rent, or trade your personal data. I may share limited data with the following categories of recipients, only as necessary:
| Recipient | Purpose | Data Processed |
|---|---|---|
| Cloud storage providers | Hosting and delivering your photographs via secure cloud links | Photographs, delivery metadata |
| Accountant / tax advisor | Processing invoices and complying with Italian tax obligations | Name, Codice Fiscale, invoice data |
| Second photographer / assistant | Sharing relevant logistical details when additional coverage is arranged for your event | Event schedule, location details |
| Service | Provider | Purpose | Data Processed | Legal Basis |
|---|---|---|---|---|
| Hosting & email | Hostinger International Ltd. (Lithuania / Cyprus) | Web hosting, email delivery, server-side processing | IP address, HTTP request data, email content and metadata | Legitimate interest |
| DNS & security | Cloudflare, Inc. (USA) | DNS resolution, DDoS protection, web application firewall, SSL/TLS encryption, bot management | IP address, HTTP headers, browser and network signals, and, where applicable, strictly necessary security cookies managed by Cloudflare | Legitimate interest |
| Web fonts | Google LLC (USA) | Serving typefaces for consistent website typography | IP address, browser user-agent string, referrer URL | Legitimate interest |
| Analytics | Cloudflare, Inc. (USA) | Privacy-focused website usage statistics and performance measurement | IP address, pages visited, referrer information, device/browser data, and performance metrics processed in aggregated form; Cloudflare states Web Analytics is cookie-free | Legitimate interest |
| Anti-spam / bot protection | Cloudflare, Inc. (USA) | Protecting forms from automated abuse and spam submissions (Turnstile) | IP address, browser and device signals, interaction data, verification token, and, depending on configuration, strictly necessary Cloudflare cookies or related challenge data | Legitimate interest |
Some of the third-party services listed above are provided by companies based outside the European Economic Area (EEA), including Google LLC and Cloudflare, Inc., which are based in the United States. When personal data is transferred outside the EEA, I ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including:
Hostinger International Ltd. processes data within the EU/EEA. You may request further details about the safeguards in place by contacting me at the details provided in Section 1.
This website uses cookies — small text files stored on your device — and similar technologies to ensure security, maintain essential website functionality and, where applicable, support limited privacy-focused analytics.
| Category | Cookie / Technology | Provider | Purpose | Legal Basis |
|---|---|---|---|---|
| Strictly necessary | Session cookies | This website | Essential for the website to function correctly | Legitimate interest |
| Security | __cf_bm, __cfruid, cf_clearance and similar Cloudflare security cookies, where applicable | Cloudflare | Bot detection, DDoS protection, security challenge management, and related site protection functions | Legitimate interest |
| Anti-spam / bot protection | Turnstile widget scripts, verification token, and related challenge datas | Cloudflare Turnstile v3 | Distinguishing human visitors from automated bots and protecting forms from abuse. Turnstile usually works without interactive CAPTCHA challenges. Depending on configuration, Cloudflare may also set strictly necessary security cookies./td> | Legitimate interest |
| Analytics | Cookie-free analytics script | Cloudflare Web Analytics 4 | Collecting aggregated website traffic and performance statistics in a privacy-focused, cookie-free manner, according to Cloudflare | Legitimate interest |
This website uses Cloudflare Web Analytics to measure website traffic and basic performance metrics in a privacy-focused manner. According to Cloudflare, Web Analytics is cookie-free and is designed to provide aggregated statistics without using client-side analytics cookies.
This website uses Cloudflare Turnstile to protect forms from automated abuse and spam. Turnstile works without traditional CAPTCHA challenges in most cases and generates a verification token that must be validated server-side to confirm a legitimate submission. Depending on your configuration and Cloudflare security features enabled on the site, strictly necessary Cloudflare cookies may also be set for security or challenge management purposes.
You can manage or disable cookies through your browser settings. Please note that disabling strictly necessary or security-related cookies may affect the proper functioning or security of this website. Because Cloudflare Web Analytics is described as cookie-free, there may be no analytics cookies to disable for that service itself.
I take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include encrypted storage, secure cloud services with access controls, regular backups, password-protected devices, and SSL/TLS encryption for all website traffic (provided via Cloudflare).
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, I will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach. I will also notify the Garante per la protezione dei dati personali as required under Article 33 GDPR.
During event photography, I may photograph individuals other than my direct client (e.g., guests, attendees). Under my service agreements, the client is responsible for obtaining the necessary permissions from individuals appearing in the photographs. If you believe a photograph of you has been taken or used without appropriate permission, please contact me and I will address your concern promptly.
I use selected photographs from my engagements for my professional portfolio and promotional purposes, based on legitimate interest (Art. 6(1)(f) GDPR). This usage is governed by the terms of my service agreement, which includes:
If you are a non-client individual who appears in photographs on my website or social media and would like to request removal, please contact me at the details above.
I do not knowingly collect personal data from children under the age of 16 without parental or guardian consent. When photographing events that include minors, the client is responsible for obtaining any necessary consent from parents or guardians. I take particular care when selecting images of minors for portfolio or promotional use.
I may update this privacy policy from time to time to reflect changes in my practices or legal requirements. The updated version will be posted on this page with a revised effective date. I encourage you to review this policy periodically.
If you have any questions about this privacy policy or how I handle your personal data, please contact me.
Last update: 22 April 2026