Your privacy matters.
I respect the EU’s General Data Protection Regulations (GDPR), furthermore I respect you and your rights over the data you share with me. This policy explains how I collect and treat any information you give me. You won’t find any complicated legal terms or long passages of unreadable text. I’ve no desire to trick you into agreeing to something you might later regret.
When you share your information with me, either by using my website, working with me or collaborating with me, I am responsible for your personal data. This gives me the fancy title of data controller.
I value your privacy as much as I do my own, and I’m committed to keeping your personal and business information safe.
I’m generally uncomfortable with the amount of information companies, governments, and other organisations keep on file, so I make sure I only ask the strictly necessary information from the people I work and collaborate with.
I’ll never use your personal information for any reason other than why you gave it, and I’ll never give anyone access to it unless I’m required to by law.
Information I collect
Why I collect it and what for.
Personal data means any information capable of identifying you, and it does not include anonymised data. In terms of personal data, I may collect and process Customer Data, User Data, and Marketing Data. I collect and process this information on the grounds of legitimate interest, to perform a contract between us or your consent to me collecting this data.
I occasionally use your contact information to send you details of our products and services. When I do, you have the option to unsubscribe from these communications and I won’t send them to you again. I might also email or phone you about my products and services, but if you tell me not to, I won’t get in touch again. I will use your information to send you invoices, statements, or reminders.
This is information about how you use my online services together with any information that you post for publication on my website or through other online channels. I process this data to operate, secure, maintain back- ups of my website and/or databases and to enable publication and administration of my website, other online services and business.
When you do business with me or hire my services I collect information such as your name, address, email, phone number, business business information and bank details and keep records of the invoices I send you and the payments you make. All card payments are processed by Stripe, my ecommerce platform and I never have access to your credit card information.
This includes any communication that you send me via forms on my website, email, text, social media or any other channel. I collect this information to be able to communicate with you, and for record keeping.
This information is about your preferences in receiving marketing from me and your communication preferences.I will occassionally use this information to send you details of our products and services.
I do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. I do not collect any information about criminal convictions and offences.
How I collect your data.
I collect data about you when you provide it directly to me, for example by filling in forms on my site or by sending me emails. I may ask for further information about you and your business if we are going to work together.
I use a system called Fathom analytics which doesn’t rely on cookies and anonymizes all the traffic information, so I can get an idea of who and how visiting my site without collecting your data.
If you leave a comment on my site, I collect the data shown in the comments form, and also your IP address and browser to help spam detection.
If you leave a comment on my site, an anonymized string created from your email (also called a hash) may be provided to the Gravatar service to see if you are using it. Your profile picture is visible in the context of your comment.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Links & Embeds
I don’t use any native social media ‘like’ or ‘sharing’ buttons which also build profiles of your internet activity. I don’t embed content from websites like YouTube that drop cookies while you watch their content on my site.
If you sign up fo a newsletter, I will collect your name and email address as well as your communication preferences and your interactions with the emails I send you.
Where & how is your data.
I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
I have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation.
Sometimes it’s inevitable that I transfer your data to third parties outside of the EEA. When I do this, I will ensure that certain safeguards are in place to so that those third parties provide a similar degree of security for your personal data, such as:
- I may transfer your data to countries that the European Commission has approved as providing an adequate level of protection for personal data.
- If I use US-based providers that are part of an EU approved privacy framework, I may transfer data to them, as they have equivalent safeguards in place.
- Where I use certain service providers who are established outside of the EEA, I may use specific contracts or codes of conduct or certification mechanisms approved by EU regulators which give personal data the same protection it has in the EEA.
Your Legal Rights
You own your data.
Under data protection laws you have rights regarding your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and, where the lawful ground of processing is consent, to withdraw consent. Ultimately, I don’t want to be using your information in any way you don’t want me to, so as far as the law allows me to, I will honor all your requests regarding your personal information.
If you are within the UK and are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. If you are within the EU and are not happy with any aspect of how I collect and use your data, you have the right to complain to the data protection authority of the country in which you are based.
I would appreciate it if you would contact me first if you do have a complaint so that I can try to resolve it for you.
On the shoulders of giants.
The second one is Suzzane Dibble’s template from her GDPR training materials.