This policy is in place for DPA and GDPR compliance. Nevertheless, I believe everyone has the right to privacy, regardless of legislation put in place. I do not want or need any personal information about you unless you choose to give it to me. However, should you provide me with information, you can be assured that it will only be used in accordance with this privacy statement.
This policy is effective from 20th May 2018 and has been updated for GDPR compliance.
What I collect and why
I only collect personal data from people who contact me about a project. This information may include:
- Name and job title.
- Contact details including email address, telephone number and office address.
- Details about your project.
I require the information clients and prospects give me for internal record keeping and to communicate with them about their project. Any site traffic data I collect is only used to improve my products and services.
How I protect your data
I have put in place a several measures to prevent unauthorised access to information I collect. These include but are not limited to the following.
- All my personal workstations and local servers are enabled with full-disk encryption.
- All backups are stored encrypted.
- Passwords are created with a cryptographically-strong pseudo random number generator.
- Passwords are unique and managed using an encrypted password manager.
- ‘Bugs’ and ‘honeypots’ are implanted within my systems to help alert me if I’ve been breached.
- Encrypted communications and file transfers are used whenever possible.
- I use a secure email provider that encrypts messages stored on their servers, as well as offering encrypted communications if supported by the receiving party.
- Two factor authentication is enabled with third-party providers whenever possible.
I use third party providers who make it possible or more efficient to deliver my services. Their systems require me to enter client contact information so that my clients can use their services. However, I only use providers who are PCI, DPA and GDPR compliant.
The third party providers I use are as follows:
- Bahnhof AB for development server hosting.
- Basecamp, LLC for project collaboration.
- Freshbooks (2NDSITE Inc.) for accounting and invoicing.
- Fire Financial Services Limited for payment processing.
- Liquid Web, LLC for website hosting.
- PayPal (Europe) S.a.r.l. et Cie, S.C.A. for payment processing.
- Stripe, Inc. for payment processing.
- TransferWise Ltd for payment processing.
- UpCloud Ltd for development server hosting.
Sometimes I may partner with a third-party contractor or agency in order to fulfill a project’s requirements. They may be based outside the European Economic Area. When I do so, I only give the contact information needed to communicate with my clients about a project. If you are a client, you will be introduced to any third-party contractors at the start of the project and may choose not to work with them for any reason.
How long I retain your data
- Database dumps and backups for content migration projects are deleted within 90 days after project close-down.
- Contact form entries are saved for five years.
- Analytics records are stored for one year.
- Client records are retained for fifteen years. This length of time is necessary because many are long-term clients.
Controlling your personal information
I will never sell, distribute or lease your personal information to third parties unless I have your explicit permission or are required by law to do so. You may choose to restrict the collection or use of your personal information in the following ways:
- You may request details of personal information which I hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please contact me.
- You may contact me to update or delete any records I hold about you.
- I will comply within 30 days to any requests to correct or delete information I hold about you.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
I use traffic log cookies to identify which pages are being used. This helps me analyse data about webpage traffic and improve my website in order to tailor it to customer needs. I only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help me provide you with a better website by enabling me to monitor which pages you find useful and which you do not. A cookie in no way gives me access to your computer or any information about you, other than the data you choose to share with me.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. For more help on how to disable your cookies or delete them visit www.aboutcookies.org
Google provides a Browser Add-on that enables you to opt out of all Google analytics: Google Analytics opt out
Links to other websites and embedded content
My website may contain links to other websites of interest. However, once you have used these links to leave my site, you should note that I do not have any control over that other website. Therefore, I cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
DPA registration number