1. Legal and Privacy Statements

1.1 Steve Stark Design

Privacy matters. Data should only be used when absolutely necessary. This statement includes sections on legislation and law, how data is handled or stored, and who to contact.

1.2 This statement covers the relevant laws relating to data

Please refer to the following portal for GDPR Europe:

https://gdpr-info.eu/

1.3 What data do I collect?

I collect your data by positive opt-in via contact form(s). This can include your name, email and phone number and other details including address if included. I may also collect your data for the purpose of registration for a newsletter sign up. Signing up for a newsletter may include a third party marketing email service like MailChimp or iContact. These companies are covered by their own privacy statements and legislation governing email marketing companies. Any financial information, e.g. a card transaction is encrypted and data is not stored by my website.

1.4 How do I use personal information?

Information is only used through the course of usual business so I can contact you to provide a service. Your personal information is not used for any other purpose. If you have subscribed to a newsletter, then your information will be used to provide that service/information. I dislike spam as much as anyone, and will never send you inappropriate communications. You may unsubscribe at any time.

1.5 What legal basis do I have for processing your personal data?

I require your positive consent to receive and process your personal information. I only collect the minimum information to provide the service required and nothing else. You can withdraw and manage your consent for use of your personal information at any time by using the contact information at the bottom of this statement, or via the ‘unsubscribe’ link on any marketing email I send.

1.6 When do I share personal data?

I only share your personal data with designed email marketing companies like MailChimp or iContact. In addition, should this site include e-commerce functionality, then your personal information will be processed in the usual manner through payment providers, e.g. Paypal or similar. I do not share your personal information with any other company or individual.

1.7 How do I secure personal data?

My computer systems are compliant with all the relevant legislation. I use a reputable UK based hosting company with the appropriate security measures in place. I also have back ups of any data stored securely. Access to data is also secure. The website uses encryption through a security certificate (SSL) so no data is transmitted without encryption.

1.8 How long do I keep your data for?

I only keep personal information for the duration of my service to you. If you have subscribed for a newsletter, then will annually review my policy on keeping your information and delete it if it is no longer relevant.

1.9 Your rights in relation to personal data

You have many rights under GDPR EU law. At any time you can ask us what data I hold, request correction or deletion or request restrictions on its use. Please use the contact information at the bottom of this statement.

2. Cookies and other Data

2.1 Use of cookies and other technologies

All websites use cookies. These are small pieces of information that pose no security risk. My website may be connected to Google Analytics which uses cookies to analyse how visitors to my site use it. I include the EU cookies directive (pop up) on my site.

2.2 Using my blog/news section if activated

If the blog/news section of this site is active, then you may be able to comment on posts. This may/may not require you to create an account on the website. To that end, we may collect your basic personal information (name/email/password) so you can participate in discussions. The use of your personal data is restricted to the blog and the website database which is secured at my hosting company.

2.3 Pseudonymisation

At this time GDPR requires pseudonymisation.  Put simply, this means that an identifier (code) is added to sections of personal information which links this information together. The pieces of information are then separated. Without the code, your personal information and identity cannot be linked together.  As stated, I do not at this time collect or store any of your personal information through my websites. Almost all web applications using a Content Management System (CMS), e.g. WordPress (this site), Joomla, Drupal, Wix, Weebly etc do not yet comply with this part of the legislation. For example, as of 2018, there are nearly 500 million WordPress sites on the web and none of them yet meet this requirement. It will take some time for this change to be developed by the application developers. As soon as it is available, then I shall implement it on all my websites.

2.4 My hosting company is as secure as it can be

For all my websites I use a reputable UK hosting company. The hosting company industry is largely unregulated and many of the largest companies do not use sufficient levels of diligence to prevent hacking or other data breaches. The company I use complies with the Data Protection Act 1998 and has numerous measures to prevent compromise of websites and data.  My sites are secured in a ‘container’ that includes round the clock protection from hackers using their customised WAF (Web Application Firewall). They also maintain up to date software and have closed the main routes often used by hackers. All traffic to/from my sites use encryption via https: (SSL – security certification).  No website is 100% secure, but at stevestarkdesign.com I endeavour to ensure that everything I do online is as secure as it can be.

2.5 Issue with Data (Breaches)

I will report any data breach relating to this website and any of the associated storage. I will report this breach to the appropriate authorities within 72 hours as is the requirement under the GDPR legislation.

2.6 Contact Information

If you have any questions or concerns with regard to data or this policy, then please contact:

steve@stevestarkdesign.com