Privacy Policy

This privacy policy document outlines the different ways in which I collect and use your personal data. 

My commitments:

  • To comply with privacy legislation.
  • To obtain your personal information lawfully, fairly and transparently.
  • To keep your personal information in strict confidence.
  • To maintain appropriate technical and organisational safeguards to protect your personal information against loss, theft, unauthorised access, disclosure, copying, use or modification
  • To maintain appropriate procedures to ensure that the personal information I possess about you is accurate and, where necessary, kept up-to-date.
  • Where I choose to rely on third parties to process data (Google Analytics), I do so in accordance with applicable law and take all reasonable precautions regarding the practices employed by the service provider to protect your personal information.
  • Not to make automated decisions or profiling based on the data I hold about you.
  • Not to sell your personal information.

Controller of Personal Data

Under the General Data Protection Regulation (GDPR), I am a controller of personal data. A controller is an entity that determines the purpose and processing of the personal data it uses. 

Legal bases and purposes for processing personal data

The GDPR defines personal data as:

 “…any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Article 6 of the GDPR sets out six lawful bases for data processing. At least one of these must apply whenever I process personal data. I operate under Contract, Consent, Legitimate Interest and Legal Obligation.

Legal Basis: Contract

Article 6(1)(b):

“…processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”

Purpose:

Personal Data

Necessity: 

To provide you with accurate quotations as per your indications

  • Contact Details
  • Communication History

To communicate with you

Legal Basis: Consent

Article 4(11):

“…‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Purpose

Personal Data

Necessity

To provide you with details of services that may be of interest to you.

  • Contact Details
  • Communication History

To promote my services to previous customers who consented to receiving my Newsletter

Legal Basis: Legitimate Interest

Article 6(1)(f):

“…processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

Purpose

Personal Data

Necessity

To analyse (anonymised) data for statistical purposes 

  • Services purchased
  • Contact Details
  • Communication History

To elaborate statistical analyses and so improve the offer of services (data is anonymised)

 

Legal Basis: Legal Obligation

Article 6(1)(c):

“…processing is necessary for compliance with a legal obligation to which the controller is subject.”

Purpose

Personal Data

Necessity

To keep financial records for tax purposes

  • Contact Details
  • Communication History
  • Invoices

To comply with tax regulations

To keep attendance records for Public Authorities

  • Contact Details
  • Communication History
  • ID information

To comply with applicable laws and regulations in relation to requests from public authorities

How I collect personal data

I collect personal data about you via different means:

  • email correspondence
  • online forms
  • phone calls
  • meetings in person
  • website and/or social media analytics (see Cookie Policy for more details)

How long I keep your personal data

I only keep your information for as long as I need it to provide you with the information or services that you have requested, to comply with the law, to comply with operational and quality standards, to administer your relationship with me, or to ensure I do not communicate with those that have asked me not to. My general retention period is five years after a record has ceased to be active.

Where I store your personal data

I store your data on a secure online cloud-archive. I use appropriate security procedures to protect and safeguard your personal data from unauthorised access. Access to the online cloud-archive is restricted by security login procedures.

Who has access to the personal data I store

I can access your information via security login authentication to an online-cloud archive. I only share your personal information with third parties where it is directly relevant to the services you have requested. I require third parties to treat your data with the same level of care as if I were handling it directly.

Whom I share your personal data with

Any third-party agencies engaged by me only and uniquely to enable the delivery of the services requested. I may also disclose your personal information to public authorities when I am required to do so by legal obligation.

Your rights

You have a number of rights in relation to your data. These are:

  • The right to be informed: you have the right to know how and why I collect, store and use your personal data.
  • The right of access: you have the right to access and receive a copy of the data and information I hold about you.
  • The right to rectification: you have the right to request a correction or removal of whichever information you think may be inaccurate.
  • The right to erasure: you have the right to ask me to delete any information I hold about you.
  • The right to restrict processing: you have the right to limit the way I process your data.
  • The right to data portability: you have the right to request your data to be provided in an easy-to-use format to another supplier.
  • The right to object: you have the right to opt out of hearing from me at any point.

Please note that if you make a request not to be contacted by me or to have all your data erased, I will need to keep a record of your contact details. This minimal record is allowed under the GDPR and necessary for me to ensure you will not be  contacted again in the future. The GDPR and the Data Protection Act 2018 set out exemptions to some of the rights and obligations above in some other circumstances

How to contact me

In case you wish to send me any requests concerning your personal data, please use the contact form on this website. Requests will be dealt with and responded to within one month.