As you may be aware there is new Data Protection Legislation came in to force in the UK on 25th May 2018. The General Data Protection Regulation (GDPR), is EU wide legislation, and is currently being enacted into UK law and will become the 2018 Data Protection Act. This privacy statement I explains how I (Katrin Lange) collect and process your personal data, as the data controller for Katrin Lange Design.
This statement was last updated on 22 May 2020.
What Data do I collect?
Personal data from my clients who work with me as a freelancing designer and content creator. This might include any of the following:
- Personal identification information like your first and last name, user names or social media handles
- Contact Details may include billing address, email address, phone number or another way to contact you, like for example a Skype address
- Financial Data which may include your bank account or your PayPal details
- Transactional Data like details about your payments or details about purchases
- Contractual obligations in the form of quotes and invoices
- Personal Information they choose to share with me and that is needed for the serviced I provide
By browsing my website it collects technical and usage data that may include your IP address, your timezone settings, information on how you use the website as well as your browser type or version, your operating system and platform and other technology on the devices you use to access this site.
How do I collect your personal data?
Personal data is collected through a variety of different methods like:
You may provide data by interacting with me through email, file share, in person or through social media.
Automated technologies or interactions
By visiting my website I automatically receive information from your web browser or mobile device. If you chose to comment, use the contact form or view embedded content any of the following ways to collect data might apply to you:
Analytics (With Jetpack)
Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.
After approval of your comment, your profile picture is visible to the public in the context of your comment.
By submitting a message through the contact form you provide your name and an email address. I keep contact form submissions for customer service purposes only, but you do not use the information submitted through them for marketing purposes
“If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.”
How do I use your data?
I will only ever use the data where I am legally permitted to. The most common use of your personal data is to interact with you and provide the service I offer, for example:
- To fulfil the request of contacting you to provide a quote or an initial chat
- Performing of a contract with you
- To process and deliver your order including managing payments, fees and charges and to collect and recover money owed to me
- To get in touch with you and manage my relationship with you, for example, to follow up on a service you received after I worked for you
- Where I need to comply with a legal or regulatory obligation.
I also use the data my website collect to see how my site is used so I can improve my services and my portfolio.
Who do I share your data with?
I will never sell your data to third parties, but on occasion may have to share your personal data with third parties like:
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Outsourced team members, if you request and/or have agreed to that, that may include other professionals like copywriters photographers, website designers
- Service providers who provide my IT and system administration.
How long do I retain your data?
If you leave a comment, the comment and its metadata are retained by WordPress indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
I will keep your data for as long as our working relationship last
By UK tax law I am required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Other Technical Bits
The following providers, who I currently use to gather, store, share or process data, are compliant with GDPR (either being based in the EU, or through the EU-US Privacy Shield): DropBox, PayPal, Twitter, Facebook (including Instagram), LinkedIn
My website uses HTTPS/SSL security
My computer is protected by a security software
My data is backed up regularly on encrypted external storage.
What are your rights?
You can contact me any time under email@example.com for any of the following reasons regarding your personal data:
- Request access or a copy of your personal data I hold
- Request correction of your personal data or let me know of any changes, as it is important the data I hold is up-to-date and accurate
- Request me to delete your personal data.
- Object to processing of your personal data.
- Right to withdraw consent.
- Or if you have any questions about how I collect and process your data
Please keep in mind that you can always complain about the way I process and collect data to the Information Commissioner’s Office (http://ico.org.uk). I would always like to resolve any issues directly, so please do contact me in the first instance, if you have complains.