I respect your right to privacy online and understand that you want to keep control of your personal information. That’s why I am committed to protecting any information you share with me.

I will never sell, distribute or intentionally make your personal information public and have implemented appropriate technical and organisational security measures to protect the data you share with me from loss and preserve its security and confidentiality. All your interactions with this website are protected by strong 256-bit encryption and I aim to collect the minimum of personal information needed to provide an effective service.

I believe in being transparent about what data is being collected and how it will be handled. The information below sets out my privacy policy in detail. In each case I’ll explain why a particular piece of data is being processed and how long it will be retained. I am also committed to providing relevant information and control at the point of collection so that you can make informed decisions about what personal data you choose to share.

My Legal Bases for Processing

I will collect and process information about you only where I have legal basis for doing so. This legal basis will depend on the individual services you use and how you use them. Additional information is provided below but in general terms I will only collect and use your information where:

• It is necessary for to provide you with a service, including for support or to protect the safety and security of the services themselves.
• It satisfies a legitimate interest which is not overridden by your data protection interests. Such as for research and development.
• You have given consent to do so for a specific purpose.
• I need to process your data to comply with a legal obligation.

In cases where you have consented to my use of your personal information for a specific purpose you have the right to change your mind at any time. Where I am using your information because I have a legitimate interest to do so, you have the right to object to that use, but in some cases this may mean your are no longer able to fully access my services.

Third Party Data Processors

Like most businesses I rely on a number of third-party providers to support my day-to-day operations, for example in areas such as online file storage and email delivery. At times I may also hire third parties to operate, maintain or improve my website and other digital services. Some of these service providers will by necessity have access to or be directly involved in processing or storing a subset of the personal information you share with me.

All my third-party data processors have been carefully chosen as service suppliers who also practice responsible data handling. I believe that each has in place appropriate protections to ensure the security of the data I store or process with them and have clear policies for how they treat that data. But if in doubt you should review their individual Privacy Policies.

Amazon Web Services (File storage):
https://aws.amazon.com/compliance/data-privacy-faq/

Google (Website analytics):
https://support.google.com/analytics/answer/6004245?hl=en

Google (Email services):
https://cloud.google.com/security/gdpr/

MailChimp (Email marketing):
https://mailchimp.com/legal/privacy/

The Pixel Parlour (Digital services development & support):
https://www.pixelparlour.co.uk/about/privacy-and-cookies/

Tsohost (Hosting):
https://www.tsohost.com/legal/privacy-policy

Before using or sharing your information with third parties in ways not described here or previously authorised by you, I will provide you with notice and an opportunity to control the further use or disclosure of your personal information.

Transfers outside of the European Economic Area

Under certain circumstances I or a contracted third party will transfer your information outside of the European Economic Area. This will only happen with your informed consent, when it is necessary to perform a contract I have with you or where the receiving organisation has adequate safeguards in place – for example certification under the EU-US Privacy Shield framework.

General Browsing

My website is hosted in the UK in a data centre managed by Tsohost. When you visit the website or access one of the files stored on our web server information about this request will be automatically stored in a log file to provide usage statistics, enable security features and aid technical troubleshooting. This is on the legal basis of legitimate commercial interests. In these cases your IP address at the time acts as a unique identifier and is stored along with information about your operating system, browser version and the pages/files you access. These logs are retained on the server for up to 30 days, after which they are automatically deleted. Tsohost will also record a similar set of data for the purposes of data management and security. This data is retained by them for up to 3 months.

Like most businesses I use Google Analytics to help understand how my website is being discovered and interacted with and use this information to help improve the experience for visitors and make decisions about future development. Google Analytics presents aggregate information about the geographic location, device types and operating systems used by website visitors, but not in a way that personally identifies you. Additionally Google will record your computer’s IP address and set a number of temporary cookies in your browser to help distinguish you as an individual visitor as you move around our site. In the interests of limiting the amount of data Google collects via our site I am using Google’s standard Analytics implementation and have not enabled any additional advertising features, such as remarketing tags which would tie your usage of our site in with your broader browsing habits. Any user-level data that is associated with Analytics’ cookies are retained for up to 26 months from your last activity on our site, after which it is automatically deleted from Analytics’ servers.

This website contains a number of links to third party sites. It is important to be aware that these external sites are governed by their own privacy policies and I do not accept any responsibility or liability for these policies. The inclusion of a link to an external source should not be understood to be an endorsement of that website, its owners or their products/services. Always check the individual privacy policies of these external sites before you submit any personal data through them.

Cookies

Cookies are temporary files stored in your web browser by a website to help track usage and enable services that rely on a persistent identity. You can control which cookies you accept and remove them at any time by adjusting your browser settings or using the controls built-in to this site, but it is important to be aware that some cookies are essential and our website may not function as expected without them.

Essential cookies
These cookies are strictly necessary to provide you with services available through my website and to use some of its features. But you can still block or delete them by changing your browser preferences.

• None currently set

Functional cookies
These cookies are used to enhance the performance and functionality of my website. They are non-essential but without them certain functionality may become unavailable.

• YSC (YouTube) – used to support playback of embedded YouTube videos. Expires at the end of your session.
• VISITOR_INFO1_LIVE (YouTube) – used to support playback of embedded YouTube videos. Expires after 8 months.
• PREF (YouTube) – used to support playback of embedded YouTube videos. Expires after 8 months.
• NID (Google) – Set by Google to remember your preferences relating to their online services, such as your preferred language. Expires after 6 months.

Analytics and customisation cookies
These cookies collect information to help us understand how my website is being used or customise it in order to enhance your experience.

• _ga (Google Analytics) – used to distinguish between users. Expires after 2 years.
• _gat (Google Analytics) – used to distinguish between users. Expires after 24 hours.
• _gid – (Google Analytics) – used to throttle the request rate. Expires after 1 minute.
• loc, mus, ssc, uid, uvc (AddThis) – set by the service we use to provide social sharing to record usage stats, including the geographic location of sharers. Expire after 13 months.
• _jid (Disqus) – set by the Disqus commenting system to provide analytics on the number an behaviour of Disqus users. Expired after 30 minutes.
• _utma (Disqus) – set by the Disqus commenting system to provide analytics on the number an behaviour of Disqus users. Expires at the end of your session.
• _utmb (Disqus) – set by the Disqus commenting system to provide analytics on the number an behaviour of Disqus users. Expires after 1 hour.
• _utmc (Disqus) – set by the Disqus commenting system to provide analytics on the number an behaviour of Disqus users.E xpires at the end of your session.
• _utmt (Disqus) – set by the Disqus commenting system to provide analytics on the number an behaviour of Disqus users. Expires after 5 minutes.
• _utmz (Disqus) – set by the Disqus commenting system to provide analytics on the number an behaviour of Disqus users. Expired after 6 months.
• Disqus_unique (Disqus) – set by the Disqus commenting system to provide analytics on the number an behaviour of Disqus users. Expires after 12 months

Advertising cookies
These cookies are used to make third-party advertising messages more relevant to you and your interests.

• bkdc, blu (Oracle BlueKai) – set by AddThis social sharing tool to provide personalised marketing. Expiry after 6 months. You can learn more and opt-out here: http://www.addthis.com/privacy/opt-out
• Fr (Facebook) – set by Facebook when you visit one of our pages with commenting. Expires after 3 months.
• nnls, pxrc (LiveRamp) – set by marketing personalisation company LiveRamp to improve the relevance of advertising messages. https://pippio.com/optout/ Expire after 1 month.
• didts, did (LiveRamp) – set by marketing personalisation company LiveRamp to improve the relevance of advertising messages. https://pippio.com/optout/ Expire after 12 months.
• zync-uuid (rezync.com). Used to learn about your interests and show you relevant adverts on other sites. Expires after 10 years.
• sd-session-id (rezync.com) Used to learn about your interests and show you relevant adverts on other sites. Expires after 5 years.

Email Marketing

I use MailChimp for my email marketing. So when you subscribe to my newsletter the email address and name you submit will be held securely by them and the information also made accessible to me. MailChimp’s servers are based in the United States, so your information may be transferred to, stored, or processed in the US. MailChimp participates in and has certified its compliance with the EU- U.S. Privacy Shield Framework, which certifies that is has adequate safeguards in place. As a respected email marketing provider MailChimp won’t share your information with any unauthorised third parties or contact you directly at any time – you can read their full privacy policy here: https://mailchimp.com/legal/privacy/

I use a double opt-in process where a confirmation email will be sent to the email address supplied with a link to click. Only after clicking that link will you be opted-in to receive my emails. At this point MailChimp will also collect your IP address, which along with a timestamp helps provide our evidence of consent should I need to provide this to the regulator.

By default I will retain your data in MailChimp for as long as you choose to stay subscribed or such time as I consider your account to be in-active (ie. you are no longer opening or engaging with our emails).

You can update your details or opt-out of my emails at any time using the ‘Unsubscribe’ or ‘Email Preferences’ links found at the bottom of every email we send via MailChimp. If you unsubscribe MailChimp will retain your email address for the purposes of a suppression list to ensure that no further marketing messages can be sent unless you actively choose to opt-in again.

In addition to the information you supply at sign-up MailChimp will also capture data about your interactions with our emails and website, such as which links you click within an email which pages you go on to visit on our website. It does this using a combination of tracking pixels and cookies. You can learn more about those in the Cookies section of this privacy policy. I use this information to help improve my product and provide more personalised messaging.

I may also combine the information you provide us at sign-up with data from other sources, such as our website, to help improve the relevance of the emails sent. For example if you attend one of my workshops that information will be recorded in your MailChimp subscriber profile to ensure that the content of future emails reflects that.

Contacting me by Email

When you send me an email, either directly or through the online contact form, I will collect your email address and any other information you provide within your email. This information will only be processed in relation to the purpose of your correspondence. I have no fixed retention period for email correspondence, but I am committed to only storing your data for no longer than is necessary to serve my legitimate interests of record keeping or to perform a contract I have entered into with you.

Google is my email service provider so any emails you send will be stored on their servers. Therefore your email and any associated personal data may be transferred outside of the European Economic Area to servers located in the USA. Google’s certification under the EU-US Privacy Shield Framework commits it to maintaining appropriate safeguards for international data transfers. You can learn more here: https://cloud.google.com/security/gdpr/

Children Under 16

My website and services are not for use by children under 16 years and I will not knowingly collect or use the personal data of children. If you are under the age of 16 please do not provide any personal data even if prompted to do so.

Personal Data Breaches

A breach is considered any loss, alteration, unauthorised disclosure of, or access to, personal data. I am committed to disclosing any personal data breaches that might adversely affect your rights and freedoms without undue delay so that you can take appropriate action. Any notifiable breaches will also be reported to the UK’s Information Commissioner’s Office within 72 hrs. This includes breaches affecting the third party services identified in this privacy policy, where personal data is being held on my behalf.

Questions & Access Requests

The General Data Protection Regulation (2018) gives you the right to know what person data we hold, to have it updated if it is inaccurate or removed entirely if you no longer consent to our use of it. We will endeavour to respond to any such requests within one month confirming receipt and outlining what follow-up actions will be taken and when.

We also welcome questions about our Privacy Policy and these or any access requests should be submitted via our Contact page.

Policy Changes

Any updates we may make to our Privacy Policy in the future will be published on this page and significant changes noted below.

24 May 2018 – Expanded Privacy Policy published in preparation for the new General Data Protection Regulation