March 23, 2018
Who we are
Our website address is http://www.StefanDrew.com
What personal data we collect and why we collect it
GDPR legislation will/has replaced previous data privacy law, giving more rights to you as an individual and more obligations to organisations holding your personal data.
One of the rights is a right to be informed, which means we have to give you even more information than we do now about the way in which we use, share and store your personal information.
This means that we will be publishing a new privacy notice so you can access this information, along with information about the increased rights you have in relation to the information we hold on you and the legal basis on which we are using it.
This new privacy notice will be published on this website on 25 May.
How we use your information
This privacy notice tells you what to expect when we collect personal information. It applies to information we collect about:
- people who use our services, eg who subscribe to our newsletter or request a publication from us; request quotes or for whom we carry out marketing and related services
- Visitors to our websites
When someone visits our websites we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. We have set Google Analytics to retain the information it gathers for “all time”. This is to enable us to manage the website effectively and efficiently.
If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
We use an App called Albacross to monitor companies that visit our website. It does this by gathering the IP address of the visitor and checking that against registered IP address of businesses worldwide. Albacross cannot identify the individual visiting the website. However, we might be able to make an educated guess that, say, a marketing person might be visiting a page describing our marketing services. And if there were only one person responsible for marketing that might be indicative of who had visited. However, that would take a significant amount of research work via several different external systems to make this vague determination and we would not record or contact that person directly.
Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either us or any third party.
We have dispensed with the use of e-newsletters. Where we used to use this technology we gathered statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. All information gathered in this way has now been destroyed and was not provided to any third parties
We occasionally carry out surveys on our website. When we do this we use SurveyMonkey and no information is kept longer than we need it to carry out our research or improve our services. The maximum time we keep any identifiable information is one year. At no time is any identifiable information provided to any third parties.
Security and performance
We use several third-party services to help maintain the security and performance of our websites To deliver this services visitor’s IP addresses may be gathered but we are unable to use this information to identify individuals. See also WordFence and Albacross.
WordPress / Typepad
We use third-party services, WordPress.com and Typepad to publish our websites/blogs. These sites are hosted at WordPress.com, which is run by Automattic Inc. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example, the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. WordPress and Typepad require visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic’s and Typepad’s privacy notices.
We use Wordfence on several of our websites to block malware and other virus insertions. Their GDPR compliance can be seen here
People who contact us via social media
We use several third-party providers, including Hootsuite and Missinglettr to manage our social media interactions.
If you send us a private or direct message via these sites the message will be stored by them for a limited period e.g., by HootSuite for three months. It will not be shared with any other organisations.
People who email us
We use Fasthosts webmail and Gmail for our email transactions. We recommend you use our Gmail to contact us as this is encrypted. It is possible to hack many common email systems and, although we do all we can to ensure our systems are safe we give no warranty that any email it totally secure as factors such as your own encryption, or lack of it, may impact our ability to protect all messages. Hence you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
People who use our Pubble Live Chat service
We use a third-party provider, Pubble, to supply and support our Live Chat service, which we use to handle customer enquiries in real time and, via an AI powered system.
If you use our Pubble Live Chat service we will collect your name, email address (optional) and the contents of your Live Chat session. This information will be retained for two years and will not be shared with any other organisations.
People who make a complaint to us (we’ve never had one yet)
If we receive a complaint from a person we will make up a file containing the details of the complaint. This would normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We will compile and possibly publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
We use an accountancy package called FreeAgent to run our accounts. We will record individuals names and other details in this system if we have quoted for work or carried out work for you. This means we need to gather and store your information required by law to do this. We will then keep your details as required by HMRC for the period that is defined in UK or other relevant law.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on May 23 2018
How to contact us
2, Manleys Lane