Privacy policy

The privacy policy below explains what data I’m collecting and holding, for example your contact details if we’ve worked together. If you have any questions about this then please get in touch using the details below.

This privacy policy will be updated from time to time, so please check back every so often for any changes that may affect you. This policy was last reviewed on: 24 September 2020

Greg James Sandford
www.gregjsandford.com
Get in touch

What type of information I collect and process
Clients and prospective clients – I will collect the name of contacts, contact details (such as email address and phone number), information about the business they work for (including the name, address, company number and details needed for invoicing), notes on the type of work done including dates and invoice amounts, plus any notes and emails relevant to each particular project I have worked on or discussed working on.

Web visitors – I use third party services such as WordPress to understand how you use my website. For example, this may include the pages visited, links clicked, and the length of time spent on the website.
You can disable this feature at any time on this website using the pop-up that appears when you visit. Please also see my cookie policy below.

Attendees – From time to time it may be necessary for me to collect attendance data from participants at events that I have been asked to host and/or speak at. These may be in person or online. This data may include information such as participants names, their email addresses and the nature of their work. This data will only be shared with the event’s sponsor/organiser – for example, a university – and this will be clear at the point that you are asked to provide your information. Please contact the sponsoring/partner organisation directly if you have a question about how they have stored or used your data.

How I get the information and why I have it
Most of the information I process is provided to me directly by you (for example by email exchange, phone call or another site such as LinkedIn) so that I can provide you with quotes, complete any work agreed, and keep a record of this work for tax purposes. I may also receive information from contacts who think we might work well together and who may put you in touch with me.

Under General Data Protection Regulation (GDPR), the lawful bases I rely on for processing this information are:
a) Your consent. You are able to remove your consent at any time. You can do this by contacting me.
b) I have a contractual obligation
c) I have a legitimate interest

Cookie policy
This website (gregjsandford.com) uses cookies for analytics tracking. A cookie is a small text file which is downloaded and stored on your computer or mobile device by websites that you visit. Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. On this website, they allow analytics tools to identify your device as you move between pages on the website, so I can see information like how many people use my website and what pages they tend to visit. The information stored in any given cookie can only be accessed by the website that created it and cookies are limited to communicating only the information that you have disclosed to the site.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

What I do with information you’ve provided:
I use the information that you have given me to provide the services agreed and invoice for this work. I will only ever share your personal details with another provider with your full knowledge and consent, for example if introducing a third party supplier who I think may be well placed to help us complete a piece of work. Information from web analytics is used to help inform my website content and marketing. If I’m required by law to share any information, where possible I’ll contact you to let you know.

How I store your information
Your data is securely stored on relevant systems such as Google Drive, Private Email, WordPress and accounting systems which are GDPR compliant. I use two factor authentication wherever possible. Some of these servers are based in the USA, and therefore data is transferred to and stored at a destination outside of the European Economic Area (EEA).

I store identifying data for as long as projects are in progress, customers remain active clients, and for up to 3 years afterwards unless you have requested to have your data erased before this time.

I may store data related to financial transactions for up to seven years to ensure I have sufficient records from an accounting and tax perspective.

I may hold data relating to negotiations, contracts agreed, payments made, disputes raised and your use of my services for up to seven years.

I may store aggregate data without limitation (on the basis that no individual can be identified from the data). Information for website analytics will be held for as long as the website is live.

In line with these time frames I will delete records held on cloud files and any emails containing the data described above.

Your data protection rights
Under data protection law, you have rights including:
– You have the right to ask me for copies of your personal information.
– You have the right to ask me to rectify or complete information you think is inaccurate or incomplete.
– You have the right to ask me to erase your personal information in certain circumstances.
– You have the right to ask me to restrict the processing of your information in certain circumstances.
– You have the the right to object to the processing of your personal data in certain circumstances.
– You have the right to ask that I transfer the information you gave me to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you.
Please contact me if you wish to make a request.

How to complain
You can also complain to the ICO if you are unhappy with how I have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
Web: ico.org.uk/concerns/