1.0 Our User Privacy and Data Protection Ethos
We have some core beliefs surrounding the data we hold, collect, and process. These are:
- The privacy and protection of the data we hold is fundamentally important
- We have a duty of care to the people whose personal data we have
- We should only collect and process the data we need – nothing more
- We will not sell, rent, distribute, or make the data we hold public
2.0 Relevant Legislation
This website, and our internal data policies, are intended to comply with the following pieces of legislation:
By complying with the above legislation, we and this website should also comply with the data protection and privacy requirements of many other countries and territories. However, if you are unsure if the site is compliant with your own country’s requirements, please contact our data protection officer, for whom details can be found below.
3.0 Personal Information: What We Collect and Why
This website collects and uses personal information for the following reasons:
3.1 Site Visitation Tracking
Like many other websites, this site uses Google Analytics (GA) to track users’ interactions with it. We use this data to understand how our site is being used, for example:
- The number of people using it
- The pages users visit
- The journey users take through the site
- Where users enter the site
- Where users come from
- Where users exit
- The demographics of our users
GA records data such as geographical location, device, internet browsers, and operating system. It does not personally identify you to us.
GA also records your device’s IP address which could be used to personally identify you. It does not grant us access to this.
We consider Google to be a third party data processor (see section 6.0 below).
Disabling cookies in your browser will stop GA from being able to track your journey and details on this website.
3.2 Contact Forms and Email Links
If you contact us using the contact form on our website, or an email link, none of the data that you supply will be stored by this website or passed to/be processed by any of the third party data processors defined in section 6.0.
The data you provide (including your email address if you use an email link) will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP).
We use Gmail as part of GSuite to receive, store and send emails for our domain markjohnstone.co. GSuite can accept insecure and secure email messages. We request that you send your emails securely by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted on Google servers and we access this securely (over SSL) through our desktop browsers and Gmail applications on our mobile devices. Further details about GSuite and how it processes/stores data can be found below.
3.3 Subscription Forms
If you choose to provide your email address and/or any other details to us via the subscription form available, your data will be stored by our email marketing system, Mailchimp. You can unsubscribe at any time by either contacting us or using the details in one of our emails sent via Mailchimp.
Information about how Mailchimp complies with GDPR is available here.
3.4 Facebook Pixel
We use the Facebook pixel to track visitor activity on our website. This helps us to analyse and measure the effectiveness of our advertising and ensure our advertising is shown to the right people.
Information about how Facebook Pixel complies with GDPR is available here.
4.0 Our Third Party Data Processors
We use some third parties to process personal data on our behalf. We only do this where it would be impractical to do otherwise. We have chosen these third parties carefully, look for them to be compliant with the legislation set out in section 2.0. This includes where they are not based within the EU.
The third parties are as follows:
- Google (including GSuite [Gmail, Drive, Sheets, Docs, Meet, Calendar, etc], Google Analytics, and Google Webmaster Tools)
- Mailchimp (email marketing)
- Facebook Pixel (tracking and monitoring advertising)
5.0 Data Breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities as required by law.
6.0 Data Retention
We pride ourselves on only storing the data we need. With that in mind, we conduct a biannual data review of the information we hold and delete anything we no longer need, or which we have held for at least 12 months without usage. This takes place on or around the following dates:
- 1st May
- 1st November
If we encounter data at any other point we believe we no longer need, this is deleted.
We will only hold personal data for a longer period in order to fulfil our contractual or legal obligations.
7.0 Data Erasure Requests & Data Subject Access Requests
In order to make a data erasure request, or data subject access request please contact our Data Protection Officer whose details are listed below.
8.0 Data Controller
Our website’s data controller is:
Mark Johnstone Ltd. which is a UK Private Limited company, with company number 10023698.
The data controller’s registered office is:
Mark Johnstone Ltd.
Pury Hill Business Park
9.0 Data Protection Officer
The data protection officer is:
Founder, Mark Johnstone Ltd.
Email: [email protected]
1.0 Change Log
- 03/12/2020: Email marketing system changed from ActiveCampaign to Mailchimp