Sorry about the wall of text – I’m looking at various ways to present this information more effectively, but as I’m not much of a web coding guru, it’s gonna take some time….
The general stuff:
Everyone says “we take your privacy very seriously”, so why should you believe me when I say it too? Well, I mean it, because my whole professional existence as Miss IG Geek Ltd is based on taking privacy and data protection jolly seriously indeed.
Miss IG Geek Ltd is the Data Controller (ICO registration number ZA821959), for your personal data when you visit this website.
There are some data protection rights that always apply, no matter what processing I’m doing, or under what lawful basis.
These rights are……
To Be Informed
Hence this privacy notice. If at any point I change the processing described here, I will let you know by email.
You have the right to ask for a copy of the personal data that I’m processing about you, along with an explanation of:
- the purpose, lawful basis and processing activities
- whether there are any recipients of your personal data, and if so; who they are, why they’re recieving it
- how long I’ll hang on to your data, and why/what for
- where in the world your data is being sent to as part of my processing
If you want to make a subject access request (SAR), please use my contact form and include a subject line that says SAR. I may need to ask you for additional information so I can verify your request and send the data to the right place. Once I have this info, I have 30 days to fufil your request.
If you’re concerned or cross about my data protection practices, you can complain about me to the ICO. Naturally, I’d like the chance to try and resolve any problems directly with you first, (and the ICO will expect you to have tried), but it’s your call.
My Contact Form
Purpose: Establishing contact between us to talk about whether/how I can help with your data protection boggles
Processing: TL;DR – you fill out my web form, I get an email, I respond to you by email
- When you fill out my contact form, the data you input is stored on my web server within the Content Management System (WordPress, self-hosted on 34SP).
- The contact form plugin triggers an email to me, containing the message content, sender, and date/time info for when it was received
- I’ll reply with an email following up on your enquiry, and we’ll take it from there.
- If our correspondence looks likely to result in a formal engagement, I’ll add your name, email address and company to my Customer Records Management tool (Zoho Bigin)
Lawful basis: Legitimate interests – I want the business, you want help with data protection stuff
(Of course I’ve done an LIA!)
Where’s the data going?
My website is hosted in the UK, and my Office 365 instance is hosted somewhere in the EU. My CRM is hosted in the Netherlands. I have legally-binding Data Processor terms in place with all of these service providers, which also dictate parameters for any sub-Processors they might use.
Objection – if you want me to stop processing this personal data for this process in these ways; you can send me an objection. I’ll revisit my LIA and add your objection to the balancing test. If I have compelling reasons to continue processing your personal data, I might not uphold your objection (like; if you’re a current client, and there’s no-one else who can take over as primary point of contact with me) but I will explain my decision-making.
Erasure – you can tell me to delete your web enquiry data, and if any of the following apply, I have to do it
- I don’t need the data any more
- You’ve objected to my processing, and there’s no compelling reason for me to carry on processing it
- I’m processing it unlawfully
- There’s a law that says I have to delete it
(NB: there are other circumstances in which the right of erasure might apply, but they’re not relevant to this processing)
Rectification – you can tell me to fix inaccurate or out-of-date personal data that relates to you
Restriction – you can tell me to limit all processing of your personal data to only what is needed for legal claims, protecting someone else’s rights or important public interest reasons. NB: this right only applies if:
- The accuracy of your personal data is disputed and I need some time to fix it
- My processing is unlawful but you don’t want the data erased
- I don’t need the data any more, but you need me to have it to support legal action
- You object to my processing and I’m still reviewing the balancing test
(Other rights exist, but these are the ones which are directly applicable to this particular processing)
I use a plugin to ask for cookie consent, and that plugin itself sets a cookie to remember your answer. This is legit an ‘essential’ cookie!
Please note that if you have ‘Do Not Track’ enabled in your browser, all non-essential cookies will be disabled for your visit and you won’t see the consent request box.
If you already gave consent to, or declined my analytics cookies but you’ve changed your mind now, you can use the link below to update your consent settings.Change cookie settings
I use Matomo, which is a privacy-friendly analytics tool. This tells me about numbers of site visitors, approximate geographical locations, pages or posts visited within the site, dates and times. I have disabled all of the demographics functionality because I don’t want to know. What interests me is which bits of my site are useful to others so I can do more of that sort of thing. Matomo lets me track that.
Matomo sets 2 cookies, one to recognise unique visitors, and the other to track sessions.
Instead of the hassle of self-hosting; I use Innocraft’s cloud platform for Matomo, under Data Processor terms.
I use Wordfence to protect my site, and quite a lot of info is logged as a result. I’ll only even look at this if there’s a security alert on my site, and all I’m interested in is whether there’s a hole I need to fix.
I’ll purge web logs on a yearly basis
The not-for-biz bit
When I post, administer, or check the blog section, I take the Miss IG Geek Ltd hat off and it’s just me, an individual geek who cares about data protection.
I don’t reap personal data from the blog and I really don’t care who’s visiting as long as you don’t say horrible things to me, in which case I might notice your comment handle and cuss you out in the privacy of my own home.
I have a buymeacoffee widget for contributions to my cat’s toy fund on my blog pages, from which all funds will be spent on things to keep the cat amused. If you use the widget to slip me a tip then it will land a cookie on you in order to work. Buymeacoffee will be able to track you.
I have an embedded video on the site and a widget linking to my YT channel. Because of this, YouTube parks a cookie on you when you load the video. Google’s tracking you everywhere anyway, but this gives them yet another datapoint to profile you with.
If you want to protect yourself in general from the myriad web of cyber-stalking-for-money that powers the Internet, then head on over to my Staying Private On The Web page to learn more.