Who I Am
I am Alice Tew and this privacy policy relates to my website:  https://www.alicetew.com.

I am both the data controller and processor and I am registered with the ICO.

This privacy policy explains how I comply with GDPR, DPA & PECR regulations (or in other words, what I do with the information you give me about you and why).

In short, to provide you with the best service (and in some cases, any service at all), I collect and process your personal data. I don’t do anything untoward with it and I will never sell your data to third parties.

WHAT PERSONAL DATA I COLLECT AND WHY I COLLECT IT

Comments

When you leave comments on my website, I collects the data shown in the comments form, and also your IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact forms

When you contact me through my contact form, no data is stored on the website. Instead the information is emailed to me at hello@alicetew.com

If you use this form, you will be consenting to me having your name, email address and any information you provide in your message. If you do not become a client, this information is deleted from my emails 1 calendar month after our last correspondence. If you do become a client, this information may be used to form part of our contract together and stored securely in order for me to complete my duties under our contract. I do not use information supplied to me through my contact form for marketing purposes. The only reason I would share this information with a third party would be if I was required to by law (for example if you decided to use my contact form to tell me you were a terrorist or that you were laundering money).

I use MailerLite to manage my waiting list and email marketing subscriber list and to send emails to my subscribers. MailerLite is a third-party provider, which may process your data using industry-standard technologies to help us monitor and improve our newsletter.

MailerLite’s privacy policy is available at https://www.mailerlite.com/legal/privacy-policy

You can unsubscribe from my waiting list and/or newsletter by clicking on the unsubscribe link provided at the end of each newsletter.

Email enquiries

I use Gmail when responding to website enquiries, both from my contact form and direct emails. Gmail encrypts messages in transit (using TLS Transport Layer Security).

TLS means that emails can’t be read by third parties in transit. If your email provider doesn’t use TLS, the information you include in your email (including any email trail between us) may not be secure so it is important to bear that in mind.

Google servers are based in the US and this means your email address and IP address may go outside the EEA.

Gmail (as part of Google) is covered by the US Privacy Shield, which is a level of approved security to pass information from UK to the US. You can read more here.

Cookies

This website uses cookies to help it work efficiently and also provides information to me about the way people use my site.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

Embedded content from other websites

Articles on my website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if you had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

I use Google Analytics to provide me with in depth data about my website users. This information is anonymised. The information collected includes your IP address and approximate location, pages visited, number of site visits and the type of device you are using (desktop, tablet or mobile).

Google’s use and ability to share information collected via Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy which you can find here.

This information helps me to make sure my content is appropriate and engaging for my website visitors.

Who I Share Your Data With
I will never share your data with anyone unless

  1. I am legally obliged to or
  2. There is a legitimate interest for me to do so (such as a safeguarding issue) or
  3. You have given me your consent to do so.
How Long I Retain Your Data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

How I Protect Your Data
Electronically held data is held on a password protected laptop and a smartphone protected by both a passcode and biometric security.

Paper data is stored in a locked document file in a locked property.

Data is deleted after it is no longer required and details of timescales are available elsewhere in this privacy policy.

Data Breach Procedures
In the unlikely event of a data breach, I follow the following procedure:

  • I will report certain types of personal data breach to the relevant supervisory authority. I will do this within 72 hours of becoming aware of the breach, where feasible.
  • If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, I will also inform those individuals without undue delay.
  • I have robust breach detection, investigation and internal reporting procedures in place. This facilitates decision-making about whether or not I need to notify the relevant supervisory authority and the affected individuals.
  • I also keep a record of any personal data breaches, regardless of whether I am required to notify.
What Rights You Have Over Your Data
The GDPR provides the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

You can read more about your rights here.

How To Contact Me
For any queries about my privacy policy and procedures, please email me at hello@alicetew.com