Privacy Policy

As you may be aware there is new Data Protection Legislation came in to force in the UK on 25th May 2018. The General Data Protection Regulation (GDPR), is EU wide legislation, and is currently being enacted into UK law and will become the 2018 Data Protection Act. This privacy statement I explains how I (Katrin Lange) collect and process your personal data, as the data controller for Katrin Lange Design.

This statement was last updated on 22 May 2020.

Who Am I?

Katrin Lange Design is run just by me as an individual. You can contact me through my contact form or through

What Data do I collect?

Personal data from my clients who work with me as a freelancing designer and content creator. This might include any of the following:

  • Personal identification information like your first and last name, user names or social media handles
  • Contact Details may include billing address, email address, phone number or another way to contact you, like for example a Skype address
  • Financial Data which may include your bank account or your PayPal details
  • Transactional Data like details about your payments or details about purchases
  • Contractual obligations in the form of quotes and invoices
  • Personal Information they choose to share with me and that is needed for the serviced I provide

By browsing my website it collects technical and usage data that may include your IP address, your timezone settings, information on how you use the website as well as your browser type or version, your operating system and platform and other technology on the devices you use to access this site.

How do I collect your personal data?

Personal data is collected through a variety of different methods like:

Direct interaction
You may provide data by interacting with me through email, file share, in person or through social media. 


Automated technologies or interactions
By visiting my website I automatically receive information from your web browser or mobile device. If you chose to comment, use the contact form or view embedded content any of the following ways to collect data might apply to you:


Analytics (With Jetpack)
I am using the WordPress Plugin Jetpack to track stats, their privacy policy can be found here.
ata Used: IP address, user ID (if logged in), username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.
Activity Tracked: Post and page views, video plays (if videos are hosted by, outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the JavaScript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, JavaScript files, CSS files, etc.). The site owner has the ability to force this feature to honor DNT settings of visitors. By default, DNT is currently not honored.

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here:
After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact Form
By submitting a message through the contact form you provide your name and an email address. I keep contact form submissions for customer service purposes only, but you do not use the information submitted through them for marketing purposes

Embedded Content
Blog posts on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Use of Cookies
My website uses cookies. A cookie is a small piece of data or a text file that is downloaded to your computer or mobile device when you access certain websites.My website is hosted by Namecheap and was built in WordPress, WordPress installs some necessary cookies by default and provide the following information about it:

“If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.”

How do I use your data?

I will only ever use the data where I am legally permitted to. The most common use of your personal data is to interact with you and provide the service I offer, for example:

  • To fulfil the request of contacting you to provide a quote or an initial chat
  • Performing of a contract with you
  • To process and deliver your order including managing payments, fees and charges and to collect and recover money owed to me
  • To get in touch with you and manage my relationship with you, for example, to follow up on a service you received after I worked for you
  • Where I need to comply with a legal or regulatory obligation.

I also use the data my website collect to see how my site is used so I can improve my services and my portfolio. 

Who do I share your data with?

I will never sell your data to third parties, but on occasion may have to share your personal data with third parties like:

  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
  • Outsourced team members, if you request and/or have agreed to that, that may include other professionals like copywriters photographers, website designers
  • Service providers who provide my IT and system administration.

How long do I retain your data?

If you leave a comment, the comment and its metadata are retained by WordPress indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

I will keep your data for as long as our working relationship last

By UK tax law I am required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.

Other Technical Bits

The following providers, who I currently use to gather, store, share or process data, are compliant with GDPR (either being based in the EU, or through the EU-US Privacy Shield): DropBox, PayPal, Twitter, Facebook (including Instagram), LinkedIn

My website uses HTTPS/SSL security

My computer is protected by a security software 

My data is backed up regularly on encrypted external storage.

What are your rights?

You can contact me any time under for any of the following reasons regarding your personal data:

  • Request access or a copy of your personal data I hold
  • Request correction of your personal data or let me know of any changes, as it is important the data I hold is up-to-date and accurate
  • Request me to delete your personal data.
  • Object to processing of your personal data.
  • Right to withdraw consent.
  • Or if you have any questions about how I collect and process your data

Please keep in mind that you can always complain about the way I process and collect data to the Information Commissioner’s Office ( I would always like to resolve any issues directly, so please do contact me in the first instance, if you have complains.