As a human in the modern world, I’m an advocate for data privacy. Here’s how I comply with latest General Data Protection Regulations (GDPR) and Data Protection.
I believe it’s important to be as transparent and clear as possible when it comes to data collection. I have therefore carefully put together this document in an effort to make all related information accessible and understandable by yourselves. If you have any further questions or there’s anything that’s unclear please email me.
Who am I?
I’m Sarah Key, a registered self-employed sole trader working in marketing and communications. My email is [email protected]
I am affected by GDPR in three areas
How I collect and use data collected via my website (https://www.sarahkey.co.uk)
How I manage data as a result of being the data processor for a number of clients
How I manage data and information gathered as a result of working with a client in my role as a data controller
There are some more details about each of these below for you.
Data from my website
Why I collect data from my website
Data collected from my website is used for one of two things; to help me understand how my site is being used so that I can improve the users’ online experience, and to allow me to receive enquiries via my contact form.
What data is collected and how it’s used
When someone visits www.sarahkey.co.uk I use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site for example. This information is only processed internally and in a way which does not personally identify anyone. You can read more about their Terms and Conditions here:
https://privacy.google.com/businesses/compliance and https://www.google.com/analytics/terms/us.html
When you submit the contact form to get in touch, I collect the personal data entered into this form. This includes your name, email address and any message you have written. These details are emailed to my email account and also get stored within my WordPress database (so that if the email fails I still have a record of your enquiry). You are required to check the field to agree to the terms set out in this privacy notice. If you don’t check this field you will be unable to submit the form.
How it’s stored
My email account is secured via a strong password and uses two-factor authentication for extra security.
The site is securely hosted with Cevo Ltd and is accessible by me and my developer via a secure password.
I do not actively share any of the information collected with third-parties outside of those listed above. It is used internally to help me improve my service to you.
Links to other websites
What are cookies?
Cookies are very small text files that are stored on your computer or mobile devices when you visit a website. They generally track, save and store information about your interactions with the website and are usually required for the site to run as effectively as possible. They allow me to know things like how you use the site and what technology you’re using to access it so that I can make appropriate improvements. Cookies are nothing to be afraid of and are a common part of using the modern Internet.
I don’t use many cookies and aim to keep them to a minimum for your peace mind. The ones I do use are to help give you a better user experience and also to help me understand more about how the site’s being used so that I can improve it in the future.
The cookies I use
The following types of cookies are used on www.sarahkey.co.uk.
These are cookies that are required for the site to function correctly. I use the following functional cookies on my website:
WordPress cookies that check whether you are logged in or not and act appropriately.
Analytical cookies track and gather data about what a user does on a website. These cookies are not essential for my website to work, but are useful for me to understand how the site’s used and therefore make improvements for your benefit and mine. I use the following analytical cookies on my website:
- Google Analytics cookies help me understand how you engage with my website, including how you came to the website, which pages you visited and for how long, what you clicked on and your location (based on your IP address). Google Analytics cookies used on the website are the _ga, _gid and _gat cookies. Information collected by Google Analytics cookies is aggregated and anonymised.
How you can block or delete cookies
You can block or delete any cookies, although this may stop websites from functioning properly. Without cookies enabled the site won’t know what’s in your basket and so you may not be able to make purchases successfully.
All modern browsers allow you to change your cookie settings, and you can usually find these in the ‘settings’ or ‘preferences’ menu. Here are some links to help you depending what browser you are using.
- Manage cookies in Internet Explorer
- Manage cookies in Microsoft Edge
- Manage cookies in Firefox
- Manage cookies in Chrome
- Manage cookies in Safari (web) and Safari (iOS).
You can visit the following sites if you would like more information about managing cookies:
How you can see the cookies that are set
You can see your cookies via your browser. Find out how to view cookies for yourself.
If we work together
I’m lucky to work with many great clients and, if you aren’t already, I think you should probably be one of them too. It’ll be the start of something beautiful. If we work together, there’s clearly going to be an increase in data collecting and sharing as a result of a working relationship.
My role as a data controller
As a client, inevitably there will be a large amount of information shared between both parties as part of the project. This will include information from yourselves for business reasons (to sign contracts etc), and perhaps details/access to services you may use if they need to be integrated into the new website in any way (for example, your MailChimp details). I have secure and planned processes in place for the collection and retention of this data and more specific details will be provided in a separate privacy document when we decide to work together.
My role as a data processor
Often as part of marketing and communications projects there is a requirement to share user information and/or customer details between parties. In these instances it is the responsibility of the client to make their users/customers aware of this transfer of their information as deemed appropriate. When such data is passed to me I ensure I store is securely and only use it myself for its intended project use. I retain this information for as long as is required and then delete accordingly. When we start working together more details about this data processing will be provided in a separate privacy document. If you wish to see this more detailed document now, please get in touch using the details below and I’ll happily send it on to you.
Transferring your information outside of Europe
As part of the services offered to you through this website, the personal information you provide may be transferred to countries outside the European Union (‘EU’). By way of example, this may happen if any of my servers are, from time to time, located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal information, you are agreeing to this transfer, storing, or processing. If I transfer your information outside of the EU in this way, I will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected.
Access to your personal information
You have the right to request a copy of your data or to request me to delete any data that relates to you. If you would like to do so please email me at [email protected] Please note that requests may take up to 30 days to process and I will require proof of identification prior to acting upon the request.
Process in the event of a data breach
In the unlikely event of a data breach I will do all I can to appropriately tackle the situation. It is most likely I will be informed in one of three ways; by notification from third-party services, recognised malicious activity or something physical like a theft or loss of device. Depending on the circumstances, as a data controller I will determine the risk of the breach adversely affecting the individuals’ rights and freedoms and follow the ICO’s guidance as to whether or not they or any other party need to be informed. It may be that I inform users of such a breach via my website. In my role as a data processor I will notify the client and data controller within 72 hours of becoming aware of it.
Changes to this privacy notice
I regularly review this policy; it was last updated on 11th April 2019.