Privacy policy

I find privacy policies boring and difficult to read. And I doubt most of them would survive any competent legal challenge.

So, rather than following the herd, I’ve ditched the templates and written my own privacy policy.

πŸ‘¦πŸ» Summary for humans

  • I use cookies but not for collecting personally identifiable data.
  • I use forms to collect minimal personal information.
  • I won’t spam you or sell or share your personal data, because that would probably kill my business and I’m not an idiot.
  • I don’t use the Facebook Pixel to annoy you with ads for the rest of your life.
  • My site uses HTTPS/SSL security.
  • I’m registered with the Information Commissioner’s Office (ICO) in the UK – see ZA254256.

Learn more about how I deal with the following areas:

πŸ‡ͺπŸ‡Ί General Data Protection Regulations (GDPR)

Most people have heard of the GDPR, the updated set of data-protection rules that become enforceable on 25 May 2018.

You may have heard that the GDPR means you have to give your explicit consent before being signed up to receive marketing communications. That’s a good thing but the GDPR is about more than that.

Briefly, you also have the right to:

  • learn how your data is being used.
  • request that your data is deleted.
  • retrieve your data in a format you can read and re-use elsewhere.

By the way, the GDPR means you really ought to have your own privacy policy on your website.

The internet is full of free templates. I can’t vouch for their quality but they may act as a useful starting point for building your own privacy policy.

Lawyers will tell you that something you copy and adapt from the internet might not stand up to much scrutiny in a court of law. My advice is to be as clear as possible about what data you collect and what you plan to do with it, so that your users can make informed choices before handing over their info.

⬆️ Back to top

πŸͺ Cookies

Cookies are simple text files that your web browser uses to record some settings relevant to each website you visit.

I use Google Analytics to see how many people view my site and to understand which pages are most popular. This requires the use of cookies.

Some sites don’t use cookies at all, but every site that uses Google Analytics does – and that’s a lot of sites.

I don’t use cookies to collect personally identifiable data about the visitors to my site.

⬆️ Back to top

βœ‰οΈ Email newsletters

I use MailChimp to send my Espresso β˜•οΈ email newsletters to subscribers.

When you sign up, you go through a double opt-in system before your details are added to my list. That means you have to:

  1. enter your email address and name via a form on my website, and
  2. click an activation link in a confirmation email.

There’s an ‘unsubscribe’ link at the bottom of each Espresso β˜•οΈ email, so it’s easy to remove yourself from the list should you no longer wish to hear from me.

This isn’t the Hotel California – you can leave at any time 🎡

⬆️ Back to top

πŸ” Collecting personal information

I collect minimal personal information via the following web forms:

In all cases, I collect minimum personal data only so that I can communicate with you.

I don’t sell, trade or share your personally identifiable information, and you’re able to unsubscribe from my communications at any time.

Trust is everything for a sole trader like me. I’m not stupid enough to mess that up. Obviously, these are just words and I could be a very good liar.

⬆️ Back to top

πŸ“š Data processing

I use MailChimp and Dropbox to store and manage data.

Both companies use data servers in the US. That’s OK for GDPR because each company is registered on the Privacy Shield:

⬆️ Back to top

❓ Any questions?

If you want to learn more about how I handle and protect your data, please email me at support *at* espirian.co.uk.

Thanks for reading,

John Espirian


Last update: 21 May 2018