May 24, 2018

Privacy Statement

What information do I collect?

On initial contact I may request information such as your name, email address and details of your project.

If we are working together, I will require further information from you including a postal address for invoicing (and for domain registration if required), and various files required for the work.

While we are working together I may have access to data you collect such as personal information from your clients or customers, for example via your online forms, your online shop or a membership database, or Google Analytics reports and access logs.

And on the rare occasions I ask a specialist to do work associated with a project, I may have their personal details including bank details.

Where do I store the data?

Emails are stored on my password protected email server, hosted by 34SP.  Website files are also stored on password protected servers at 34SP.  These servers are regularly updated and patched.

Project and some website files are stored on my password protected local cloud drive which is not available outside my protected local network.  Files may also be backed up offsite to Mozy (by Carbonite) for resilience in the event of a major incident.

Both of these companies – 34SP and Mozy – are GDPR compliant and you can view their privacy policies here and here.

Data is transmitted securely via SFTP, TLS and SSL wherever possible.  Computers and services are password protected.  Physical access to the cloud drive is strictly limited, and it is not removed from the premises.

How long do I keep the data for?

Client personal data is kept for at least 7 years to comply with obligations to HMRC for tax purposes.

I keep data about projects during our working relationship, and unless you request otherwise, will continue to keep some data following termination of your project for up to 5 years.

Any personal data you have collected via website forms or databases to which I have had access will be deleted or returned to you immediately on termination.

Who do I share data with?

  1. I do not share your personal data with third parties unless I have asked for your permission to do so.
  2. I will not sell, lease or distribute your personal information to third parties unless I am compelled by law to do so.

If I register a domain name on your behalf I will share your personal information with my hosting company for the purpose of that registration.  You can ask me for opt-out options on domain name registrations.

I will share your data if required to do so by law e.g. a tax audit or police investigation.

I do not usually subcontract work but may occasionally engage a freelancer for a specific specialised requirement e.g. digital photograph colourisation, higher-level code development, support for a plugin.  I will not provide your personal details but the person may be given temporary access to your website files for the duration of their engagement should it be required. No client data will be provided to them.  Any website files containing data you collect will be removed and, if this is not possible, a non-disclosure agreement will be agreed and GDPR compliance checked.

Your data will not be used for marketing purposes.  I may ask if you would provide feedback about our working relationship and may share that feedback on my website, attributed to you if you agree.

 Website privacy –

My website collects the most basic of information – namely just the IP address of anyone visiting the site is stored in access logs

SSL is used to encrypt data submitted on my website.  Form submissions are emailed to me and are not secure while in transit.

 Your rights

If you wish to access, correct or delete data I hold about you or your project, or if you have any questions, please email