Caitlin McAllister Privacy Notice
On 25th May 2018, the General Data Protection Regulations came into force to govern Data Protection. These regulations replace the Data Protection Act of 1998 and apply to all citizens in the EU. Under these GDPR regulations all individuals in the EU have rights regarding the way that businesses collect and use their data. You can find out more from the Information Commissioner’s Office here.
What are your rights?
Everyone has rights regarding the way their data is processed. You can find out more about your rights here. They include, but are not limited to, the right to complain about the way your data is being processed. If you do have any complaints about the way that I am processing your data I would really appreciate it if you let me know first so I have the opportunity to make this right. I am a sole trader, and only want to do the best for you and your business, so any questions or concerns you have please do get in touch with me.
What information do I collect and what is my reason?
I collect a variety of information to enable me to carry out the services I provide to you.
I only work with adults, so by providing your data you are confirming that you are over 13 years of age.
The data I collect includes:
|What data is collected and how I collect this||What I do with your data||What is my reason for processing|
|Identification details, questions and feedback submitted through contact forms and via email.||Respond to your questions and feedback.||Legitimate interest in responding to your contact.|
|Identification details, payment details provided for the purchase of services or products.||I use the information to process your payment and provide the services or products you require.||I have a contractual reason to process this information and a legitimate interest to continue to use them if you do not pay as agreed and I need to take further action.|
|Identification, behaviours, IP address and other information collected about your use of my website and email.||I use this to understand how people are engaging with my website and marketing in order to better understand what people want. I also use it to ensure my website and IT systems are secure. I may use it to ensure advertising is targeted appropriately.||Legitimate interest to run an effective business.|
|Information regarding your businesses set up and running provided by email or verbally.||I use this to better understand your business, for the purpose of providing the agreed upon service.||Contractual arrangement to provide a service.|
|Contact details provided by email or verbally.||I hold these in order to be able to contact you about mutually beneficial business or referrals.||Legitimate interest in growing my business network.|
Note: If at any time you feel you would no longer like to be contacted by me, you can email me directly at email@example.com and request that I delete any details I hold on you.
The information I collect from you may be used in order to:
- Personalise your experience by helping me better respond to your individual needs.
- Improve customer service by helping me to more effectively respond to your needs.
- To process transactions as requested by you.
Information that is passed to me
I sometimes receive information from third parties who may be collecting data on my behalf.
- Google Analytics who manage my website usage information
- Wordfence website security management
I look after this data in the same way as data that is given directly to me.
Disclosing your information
In order to provide the services you request and run my business in a lawful and professional manner, I may need to share your information with selected third parties. These could include:
- Official authorities who may require access to the information (such as HMRC)
- Advisers who support my business with professional services such as accountants, insurers, lawyers and other business support services.
- Admin and IT service providers who I choose to work with.
Where information is shared, a processor agreement will be put in place as appropriate to ensure proper protection of your data.
I don’t share your details with any third parties for marketing purposes and will never sell your data.
Transfer of information outside of the European Economic Area
Where possible, data will be kept on secure servers within the European Economic Area, however for certain services it may be transferred out of the EEA. When this happens, and to maintain the continued protection of your data, I will ensure that either:
- The country to which the data is transferred has equivalent standards of data protection to those offered by GDPR as set out by the European Commission.
- There is a contract in place with the processor that ensures that data security is equivalent to the protection provided within the EU.
- Where the data is transferred to the US, the company providing the service is signed up to the Privacy Shield Agreement.
The security of your data is of genuine importance to me, as it should be for all businesses. I use best practices to ensure that data is stored safely and where I do need to share data with other people, I make sure I share only what is absolutely necessary.
In the event of a data breach I will take appropriate steps in accordance with ICO recommendations, including informing both you and the Information Commissioner of the breach in a timely manner.