Who I Am
I am both the data controller and processor and I am registered with the ICO.
In short, to provide you with the best service (and in some cases, any service at all), I collect and process your personal data. I don’t do anything untoward with it and I will never sell your data to third parties.
WHAT PERSONAL DATA I COLLECT AND WHY I COLLECT IT
When you leave comments on my website, I collects the data shown in the comments form, and also your IP address and browser user agent string to help spam detection.
When you contact me through my contact form, no data is stored on the website. Instead the information is emailed to me at firstname.lastname@example.org
If you use this form, you will be consenting to me having your name, email address and any information you provide in your message. If you do not become a client, this information is deleted from my emails 1 calendar month after our last correspondence. If you do become a client, this information may be used to form part of our contract together and stored securely in order for me to complete my duties under our contract. I do not use information supplied to me through my contact form for marketing purposes. The only reason I would share this information with a third party would be if I was required to by law (for example if you decided to use my contact form to tell me you were a terrorist or that you were laundering money).
I use Gmail when responding to website enquiries, both from my contact form and direct emails. Gmail encrypts messages in transit (using TLS Transport Layer Security).
TLS means that emails can’t be
read by third parties in transit. If your email provider doesn’t use TLS, the information you include in your email (including any email trail between us) may not be secure so it is important to bear that in mind.
Google servers are based in the US and this means your email address and IP address may go outside the EEA.
Gmail (as part of Google) is covered by the US Privacy Shield, which is a level of approved security to pass information from UK to the US. You can read more here.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Embedded content from other websites
Articles on my website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if you had visited the other website.
I use Google Analytics to provide me with in depth data about my website users. This information is anonymised. The information collected includes your IP address and approximate location, pages visited, number of site visits and the type of device you are using (desktop, tablet or mobile).
Google’s use and ability to
This information helps me to make sure my content is appropriate and engaging for my website visitors.
Who I Share Your Data With
I will never share your data with anyone unless
- I am legally obliged to or
- There is a legitimate interest for me to do so (such as a safeguarding issue) or
- You have given me your consent to do so.
How Long I Retain Your Data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
How I Protect Your Data
Electronically held data is held on a password protected laptop and a smartphone protected by both a passcode and biometric security.
Paper data is stored in a locked document file in a locked property.
Data Breach Procedures
In the unlikely event of a data breach, I follow the following procedure:
- I will report certain types of personal data breach to the relevant supervisory authority. I will do this within 72 hours of becoming aware of the breach, where feasible.
- If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, I will also inform those individuals without undue delay.
- I have robust breach detection, investigation and internal reporting procedures in place. This facilitates decision-making about whether or not I need to notify the relevant supervisory authority and the affected individuals.
- I also keep a record of any personal data breaches, regardless of whether I am required to notify.
What Rights You Have Over Your Data
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
You can read more about your rights here.
How To Contact Me