There are rules and regulations that govern how companies use and retain your information. As a sole trader I am not exempt from those rules and have to have something written on my website telling you all about them in the form of a privacy notice…
If you are interested in knowing everything about everything feel free to visit the Information Compliance Officer via the link. The ICO can explain far better than I can about this whole data retention thing. ICO.
This privacy notice provides you with details of how I collect and process your personal data through your use of my site www.jamiewalkercelebrant.com
By visiting my website and providing me with your data you are agreeing that you are over 13 years of age.
This is me, Jamie Walker, just in case you were wondering, and as such that makes me the Data Controller. I am responsible for your personal data (referred to as “me”, “I” or “mine” in this privacy notice).
I also have to give you my details: Full name of legal entity: Jamie Walker Celebrant
Email address: email@example.com Postal address: 5 Church Close, SG8 5NW
Please help me to keep up to date with the information I hold on you by emailing me any personal information changes (such as new address) to the above email address.
1. What information (data) is being collected?
‘Personal data means any information capable of identifying an individual’.
It does not include anonymised data.
So if you are just passing through and comparing my site and prices, other than the cookie data, not a lot.
However if you are more than passing through, here’s the key info.
That includes any communication that you send to me. Whether that be through the contact form on my website; through email, text, social media messaging, social media posting, or any other communication between us.
I process this data for the purposes of communicating with you. For record keeping and for the establishment, pursuance or defence of legal claims.
My lawful ground for this processing is my legitimate interests which in this case is to reply to communications sent to me. To keep records and to establish a pursue of a legal contract or defend legal claims.
That includes data relating to the contract of my services for your ceremony, such as your name, title, address, email address, phone number, contact details and ceremony details.
I process this data to supply the services you have contracted me for and to keep records of such transactions. My lawful ground for this processing is the performance of a contract between us and and/or taking steps at your request to enter into such a contract.
That includes data about how you use my website and any online services together with any data that you post for publication on my social media or other online services. I process this data to operate my website and ensure relevant content is provided to you. To ensure the security of my website. To maintain back- ups of my website and/or databases and to enable publication and administration of my website, other online services and business. My lawful ground for this processing is my legitimate interests which in this case is to enable me to properly administer my website and my business.
That includes data about your use of my website and online services such as your IP address, your login data, details about your browser, length of visit to pages on my website, page views and navigation paths. Details about the number of times you use my website, time zone settings and other technology on the devices you use to access our website. The source of this data is from my analytics tracking system. (Not that I am actively tracking this to the this degree, but if I ever get that proficient at analysing data, I’m covered!)
I process this data to analyse your use of our website and other online services to administer and protect our business and website, to deliver relevant website content. My lawful ground for this processing is my legitimate interests which in this case is to enable me to properly administer my website and my business and to grow my business and to decide my marketing strategy.
2. Marketing Data
Simple, I don’t send marketing messages.
I MAY, if I have been nominated for an award contact past clients asking them to vote for me, but I WON’T ever be soliciting for anything else other than a testimonial!
3. Sensitive Data
Given the nature of my role I may well be requesting some sensitive data about you.
The information you provide will allow me to write your ceremony in an inclusive way.
Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and information about your health/ disabilities.
However I will not be seeking any sensitive information such as your genetic and biometric data. I do not intend to collect any information about criminal convictions or offences unless they are totally relevant to the ‘script under development.
Where I am required to collect personal data by law, or under the terms of the contract between us and you do not provide me with that data when requested, I may not be able to perform the contract (for example, to deliver services to you). If you don’t provide me with the requested data, I may have to cancel a service you have contracted me for but if I do, I will notify you at the time.
I will only use your personal data for a purpose it was collected for.
I may process your personal data without your knowledge or consent where this is required or permitted by law.
Cookies are involved in this data collection somewhere along line, more about them later!
4. How do I collect your data?
When someone visits my website I use a third party service to collect standard Internet log information and details of visitor behaviour patterns. (Google Analytics based outside of the EU)
And then there are other third parties such as social media and advertising networks such as Facebook incorporating Facebook Pixels (also based outside the EU).
So basically the data is collected via my website, phone, text or email. I then email or call you back.
If we start to work together I will retain your information on spreadsheets on my computer. (Devised and maintained by myself) This information is also stored in the cloud, just in case everything crashes or the house burns down! And finally I create a folder in my email account for ease of communication.
5. What data am I after?
Basically I want to know how you use my website… what pages interest you etc, so that I can amend and adapt as I go along to ensure the information I am providing is relevant, up to date and of interest to you. This is all gathered via my webform submission, phone call, text or email and Facebook Pixels…
Oh and Google, Facebook, Pinterest, Twitter. (Should you click on any of the buttons that link to them via my website) They have all assured me and the rest of the world that they are holding the information in a different way to how they used to, so I can’t be held responsible if they use your data when and where they shouldn’t be …again! (they are always gathering information in the background for their advertising and targeting purposes and I have no control over what they do with that information)
At the end of the day…I can tell you what I am doing, and why, and I hope that is satisfactory as we continue our working relationship.
6. Why is it being collected?
I need to retain some of your data to enable me to do my job! I need to be able to contact you in the lead up to your big day as we work together to create your ceremony and more.
7. How long will it be kept for?
The personal information that you provide (names/address/tel. no’s /email addresses etc) is held on my computer/ Cloud until the end of the year of your particular ceremony.
(For example if you were to book me for a wedding in August 2020 this year (2019) I will hold your data until the end of 2020 at which time it will be deleted from my computer and my cloud storage).
All enquiries via my website/ Facebook or other social media platforms will be retained for 3 months before deletion, IF the enquiry has not converted into a contracted engagement of services.
8. Who will it be shared with?
Normally… without your express permission…No one!
This is after all about OUR working relationship!
However there might be a few occasions where I do need to share your personal data with the following:
Other wedding professionals…
As we ALL see fit. Be it another officiant or your wedding photographer or venue contact. This information is shared purely to allow the smooth running of your ceremony and big day.
Including lawyers, bankers, auditors and insurers, in the event of any complaint or claim either against me by you. Or against you in a claim instigated by me.
That require us to report processing activities.
Third parties to whom I transfer or merge parts of my business. (In the event I am unable to fulfil my contact due to illness or other unforeseen complication)
I require all third parties to whom I transfer your data to respect the security of your personal data and to treat it in accordance with the law. I only allow such third parties to process your personal data for specified purposes and in accordance with my instructions.
9.What will be the effect of this on the individual concerned?
Hopefully only a positive one as it allows us to keep in regular contact during our working relationship.
10. Is the intended use likely to cause individuals to object or complain?
I can’t think of a reason for objection or complaint if we are working together. It is best practice to maintain some form of system to record details for the duration of our working relationship.
My site obviously does use them, and you should have ticked a cookie generation button when you logged into it.
You can set your browser to refuse all or some of them, but please be aware the site might not work as well if you refuse or disable them.
12. Social Media
If you send me a private or direct message via any of the social media platforms, I will store the message for three months. (See the 3-month thing above) It will not be shared with any other organisations.
They all seem to know when you have looked at websites and pages, don’t ask me how, but trust me they are not passing your data on to me.
13.Third Party Links
I have only added them because I thought their services complimented mine. After all I have been lucky enough to work with a large number of awesomely incredible suppliers!
14. Data Security
I have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. I am a sole- trader and there is no need for me to share your data with any third party other than those persons outlined above.
They will only process your personal data on my instructions and they must keep it confidential.
I have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if I am legally required to.
15. Data Retention
I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for. This includes the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for I look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires me to keep basic information about my customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
In some circumstances I may anonymise your personal data for research or statistical purposes. In which case we may use this information indefinitely without further notice to you.
16. How can YOU access your data, to change or delete it?
Your legal rights…
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email us me at firstname.lastname@example.org
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up my response.
I will try to respond to all legitimate requests within one month. Occasionally it may take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you.
If you are not happy with any aspect of how I collect and use your data…
You have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). I would be grateful if you would contact me first if you do have a complaint so that we can try to resolve it for you.
In reality as a sole trader there are not many places I can physically hold your data in reality…my laptop, phone, tablet all tied and held together by the cloud…that’s it.
You DO have the right at any time during our working relationship to ask that I delete the information I hold on you.
Short of standing over my shoulder watching me do so, the only way I CAN reassure you that your records have been deleted is sending you my spread sheet. It will show the date of deletion along with what records have been deleted if you so wish. (I hope that makes sense!)
You’ll see affirmations doted throughout my website. These are kind words from couples and families who have used my services. If you too, are kind enough to write to me or fill in my feedback sheet I will be seeking YOUR permission to use your comments all over my social media and website. Because it’s nice to be liked and I like to spread the love! Plus it informs other couples about my service! Thank you.
A “Cookie” is a piece of information that is stored on your computer’s hard drive and which records how you move your way around a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.
Cookies are used by nearly all websites and do not harm your system.
Cookies are either:
- Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page but they do not collect any
- personal data from your computer; or
- Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. (This site and Google Analytics uses these types of cookies, and albeit I think I have Google Analytics I’ve yet to work out how to use it)
Cookies can also be categorised as follows:
Strictly necessary cookies: These cookies are essential to enable you to use the website effectively, ALL websites require these basic cookies.
These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
Performance cookies: These cookies enable me to monitor and improve the performance of my website. For example, they allow me to count visits, identify traffic sources and see which parts of the site are most popular.
My EU GDPR Statement of Data Protection Compliance
I have read the Information Commissioner’s Office Guidelines for compliance with the new General Data Protection Regulation (GDPR) rules, and the following explains how I comply with this. If you have given me your email address (by subscribing to my blog and or contacting me via my contact form, for example), you should read this to reassure yourself that I am looking after your data responsibly. I value the security of your information extremely highly, and will never intentionally breach the rules; the rules are designed for large organisations, and most authors are sole traders, just we are just doing our best to keep up.
I am a sole trader, so there is no one else in my organisation to make aware.
The Information I hold.
Email addresses of people who have contacted me via my contact form or via email, or people to whom I have replied, are automatically saved. I do not share this information with anyone – ever. From time to time other members of my immediate family use my laptop, but they do not have access to my email account, my WordPress account, my Facebook accounts or my Twitter accounts. I am the data controller but not the data processor for these external databases. I always use strong passwords.
Communicating privacy information.
I have attached this information to the ‘Legal bits’ section of my WordPress site.
On request, I will delete data. If someone asks to see their data, I would take a screenshot of their entry/entries and send it to them.
Subject access requests.
I will aim to respond to all requests within 24 hours, although there are some times when I am away from home, and will not see requests until my return.
Lawful basis for processing data.
If people have emailed me, or contacted me via my ‘Contact’ form, they have given me their email address. I do not add this to a list, database or spreadsheet, but my email server will automatically save it.
If in the future I set up an email list, I will ensure that those people who wish to be on my list receive reminders about the T and C of my holding their data, and I will regard this consent as confirmed for a year. Consent is not indefinite, so I will make sure that I remind subscribers that they can unsubscribe or ask for their information to be removed.
I only know the ages of the people who email me, or otherwise contact me, if they tell me, and I only have their word for that. If I became aware that a child had contacted me, I will reply to the email but not contact them again. Since I am not ‘processing’ their data, I am not required to ask for parental consent.
I have done everything I can to prevent this, by password-protecting my lap-top, my mobile phone, my WordPress account and the accounts I use within organisations such as Facebook. If the organisations with whom I have accounts were compromised, I would take steps to follow their advice immediately.
Data Protection by Design and Data Protection Impact Assessments.
I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.
Data Protection Officers.
I am not a major organisation so I do not need to appoint a Data Protection Officer.
My lead data protection supervisory authority is the UK’s ICO. This may change after Brexit, but for that, we will just have to wait and see.