Privacy and Data Protection Policy
Effective Date: 18 September 2024
Introduction
We are committed to protecting the privacy and security of our users’ personal data. This Privacy and Data Protection Policy outlines how we collect, use, store, and protect personal data in compliance with GDPR, CCPA, PIPEDA, Australia’s Privacy Act 1988, New Zealand’s Privacy Act 2020, and other applicable data protection laws.
Scope of the Policy
This policy applies to all personal data processed by our organisation, including data from customers, employees, partners, and other stakeholders. It covers data collection, processing, storage, retention, and disposal practices. The policy also applies to users in jurisdictions outside the UK, including the United States, Canada, Australia, and New Zealand, with specific compliance for CCPA, PIPEDA, Australia’s Privacy Act, and New Zealand’s Privacy Act.
Data Collection
Types of Data Collected:
- Personal Data: Includes names, contact details, email addresses, marketing preferences, IP addresses, and other relevant data.
- Behavioural Data: We collect behavioural data through third-party analytics tools, including Microsoft Clarity (heat maps, session recordings), Google Analytics, and WordPress Stats.
- Marketing and Advertising Data: We collect data related to advertising, such as information from Google Ads Conversion Tracking, Meta Pixel, and Google Tag Manager to monitor conversions and user behaviour for targeted marketing purposes.
Purpose of Data Collection:
- To provide services.
- To respond to enquiries.
- To improve the user experience.
- To conduct analytics and performance tracking.
- To comply with legal obligations.
- To conduct marketing activities (subject to consent).
Legal Basis for Processing
The legal bases for processing data include consent, contractual necessity, legal obligations, legitimate interests, and compliance with applicable laws such as GDPR, CCPA, PIPEDA, Australia’s Privacy Act, and New Zealand’s Privacy Act.
Data Usage
Purpose Limitation:
Data is used only for the purposes for which it was collected.
Data Minimisation:
We collect only the data that is necessary for the purposes outlined.
Third-Party Data Processors
We utilise third-party processors to help us deliver services and analyse user behaviour. These include:
- Google Analytics: Analyses website traffic and user behaviour.
- Microsoft Clarity: Collects user interaction data, such as heat maps and session recordings, to analyse user behaviour for website optimisation.
- Google Tag Manager: Manages marketing and advertising trackers.
- Meta Pixel: Monitors conversions and user behaviour for targeted ads.
- ClickMeeting and Zoom: Used to facilitate online meetings and webinars.
Data Retention Policy
Purpose of Retention:
Data is retained for service continuity, communication, and legal obligations.
Retention Period:
Data is retained for the duration of engagement with us and securely deleted afterward if no longer necessary. Marketing-related data is retained as long as the user consents to receive such communications.
Data Security
We implement technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure, or destruction.
User Rights
Under various privacy laws, including GDPR, CCPA, PIPEDA, Australia’s Privacy Act, and New Zealand’s Privacy Act, users have the following rights:
GDPR (EU/UK):
- Rights to access, rectify, delete, restrict processing, data portability, and object to processing.
CCPA (California, USA):
- Rights to know what personal information we collect, request deletion, and opt-out of the sale of personal data.
PIPEDA (Canada):
- Rights to access and correct personal information.
Australia’s Privacy Act 1988:
- Rights to access and correct personal information and be informed of how their data is used.
New Zealand’s Privacy Act 2020:
- Rights to access and correct personal information and to ensure personal data is collected and used lawfully.
Consent Management and Withdrawal
Users can manage and withdraw consent via account settings or privacy settings on our website. For users under GDPR, CCPA, PIPEDA, Australia’s Privacy Act, and New Zealand’s Privacy Act, additional controls are available to manage consent and data use, especially regarding data collection for marketing purposes.
Data Transfers Outside the UK/EU
If personal data is transferred outside of the UK/EU (including to the United States, Canada, Australia, or New Zealand), we ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your data.
Data Breaches
In the event of a data breach, we will notify the relevant authorities and affected individuals within 72 hours of becoming aware of the breach, in line with GDPR, CCPA, Australia’s Privacy Act, New Zealand’s Privacy Act, and other applicable laws.
Contact Information
For queries or requests related to this policy, users can contact us at:
Email: enquiries@andrewcurry.co.uk
Policy Updates
We may update this policy to reflect changes in our practices or legal requirements. Updates will be communicated to users through our website or by direct communication when necessary.