Privacy Notice.
Introduction.
I respect the EU’s General Data Protection Regulations (GDPR), furthermore I respect you and your rights over the data you share with me. This document explains how I collect and treat any information you give me. You won’t find any complicated legal terms or long passages of unreadable text. I have no desire to trick you into agreeing to something you might later regret.
When you share your information with me, either by using my website, working with me or collaborating with me on a project, I am responsible for your personal data. This gives me the fancy title of data controller.
I value your privacy as much as I do my own, and I’m committed to keeping your personal and business information safe. I’m generally uncomfortable with the amount of information companies, governments, and other organizations keep on file, so I make sure I only ask the strictly necessary information from the people I work and collaborate with.
I’ll never use your personal information for any reason other than why you gave it, and I’ll never give anyone access to it unless I’m required to by law.
Information I collect.
Personal data means any information capable of identifying you, and it does not include anonymized data. In terms of personal data, I may collect and process Customer Data, User Data, and Marketing Data. I collect and process this information on the grounds of legitimate interest, to perform a contract between us or your consent to me collecting this data.
I occasionally use your contact information to send you details of my products and services. When I do, you have the option to unsubscribe from these communications and I won’t send them to you again. I might also email or phone you about my products and services, but if you tell me not to, I won’t get in touch again. I will use your information to send you invoices, statements, or reminders.
User data:
This is information about how you use my online services together with any information that you post for publication on my website or through other online channels. I process this data to operate, secure, maintain back- ups of my website and/or databases and to enable publication and administration of my website, other online services and business.
Customer data:
When you do business with me or hire my services I collect information such as your name, address, email, phone number, business information and bank details and keep records of the invoices I send you and the payments you make. All card payments are processed by Stripe, my payment processor and I never have access to your credit card information.
Marketing data:
This information is about your preferences in receiving marketing from me and your communication preferences. I will occasionally use this information to send you details of my products and services.
Communication data:
This includes any communication that you send me via forms on my website, email, text, social media or any other channel. I collect this information to be able to communicate with you, and for record keeping.
Sensitive data:
I do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. I do not collect any information about criminal convictions and offences.
Collection methods.
Directly:
I collect data about you when you provide it directly to me, for example by filling in forms on my site or by sending me emails. I may ask for further information about you and your business if we are going to work together.
Cookies:
My website doesn’t use cookies or scripts designed to track the websites you visit. I only use the strictly necessary WordPress cookies for the site to function. See my cookie notice for more details.
Analytics:
I use a system called Fathom analytics which doesn’t rely on cookies and anonymizes all the traffic information, so I can get an idea of who and how visiting my site without collecting your data.
Comments:
If you leave a comment on my site, I collect the data shown in the comments form, and also your IP address and browser to help spam detection.
Avatars:
If you leave a comment on my site, an anonymized string created from your email (also called a hash) may be provided to the Gravatar service to see if you are using it. Your profile picture is visible in the context of your comment.
Media:
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Links & embeds:
I don’t use any native social media ‘like’ or ‘sharing’ buttons which also build profiles of your internet activity. I don’t embed content from websites like YouTube that drop cookies while you watch their content on my site.
Signups:
If you sign up to my newsletter, I will collect your name and email address, as well as your communication preferences and your interactions with the emails I send you.
Data storage.
I am responsible for the security of your information. You can contact me by email at privacy@mariaak.com or by phone on +46 (0) 761834310 if you have any concerns about the information I store.
Data retention.
I will only retain your personal data for as long as necessary to fulfill the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. You can learn more about this in detail by visiting my data retention policy
Data protection.
I have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorization. Find the details in my data protection policy.
International transfers.
Sometimes it’s inevitable that I transfer your data to third parties outside of the EEA. When I do this, I will ensure that certain safeguards are in place to so that those third parties provide a similar degree of security for your personal data, such as:
- I may transfer your data to countries that the European Commission has approved as providing an adequate level of protection for personal data.
- Where I use certain service providers who are established outside of the EEA, I may use specific contracts or codes of conduct or certification mechanisms, known as standard contractual clauses (SCCs) approved by EU regulators which give personal data the same protection it has in the EEA.
Your legal rights.
Under data protection laws you have rights regarding your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and, where the lawful ground of processing is consent, to withdraw consent. Ultimately, I don’t want to be using your information in any way you don’t want me to, so as far as the law allows me to, I will honor all your requests regarding your personal information. Please visit my data requests page and fill out the form so I can process your request.
If you are within the UK and are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. If you are within the EU and are not happy with any aspect of how I collect and use your data, you have the right to complain to the data protection authority of the country in which you are based.
I would appreciate it if you would contact me first if you do have a complaint so that I can try to resolve it for you. Don’t hesitate to get in touch.
This privacy policy borrows heavily from Suzzane Dibble’s template from her GDPR training materials.