1. Who We Are.
First of all, I should really say “I”. I am Tony Collins Fogarty. I am a UK Sole Trader. I trade under my business name of TDF Media, and I use Tony Collins Fogarty as a trading style. I am based in Leeds, West Yorkshire, in the United Kingdom.
I am not in the business of selling, renting or trading email lists with other companies, individuals or businesses for marketing purposes. I’m in the business of building real working relationships with people in my sector. Like many other business professionals in the modern world, this means I use accounts software, and a CRM, in order to track what I’m doing, and to fulfil any legal and accounting obligations. With that in mind, there is lots of detailed information below on when and why I collect (limited) personal information, how I use it, the (extremely) limited conditions under which I may disclose it to others and how I keep it secure. I’ll happily discuss it at any time, but if, like me, you’re a detail geek, then read on.
2. Mailing Lists
This one is quite simple. I don’t. It’s a bit old fashioned, but I don’t currently create lists for the purposes of mass mailings. If I contact you, it means I have manually written an email from me to you. Not to 100 other people.
Assuming that someone persuades me in the future that sending the same email to 10,000 people is a good idea, I am committed to the GDPR principle that you will only be added to that list if you “opt in”. Should it ever get that far, I of course will always offer the option to “opt out” on every email message I send. Of course, you can send me an email at any time by emailing email@example.com
3. Sharing Information
In general terms, I don’t share your information. However, I have been reminded that I may need to share information (about clients only) with at least 2 organisations. Invoice and payment information may be shared with my accountant (Griffin Accountants in Penrith) and HMRC (the UK Tax service) who may request information and have a legal right to do so. Where a legal obligation exists, I reserve the right to share information in those circumstances. This only applies to clients, and in such circumstances, personally identifiable data will be extremely limited.
I have also adopted the policy of not sharing information with other peers in the industry, unless the person requesting is happy to be passed on. So, if you ask me to recommend another voice or other service, I will only pass your personally identifiable data information to them, rather than the other way around, unless the other party has explicitly stated they are happy for their information to be shared.
4. Access to your personally identifiable information
Under GDPR, you (the data subject) have the right to view, amend, or delete the personally identifiable information that I hold about you. You can email your request to me (the data administrator – Tony Collins Fogarty) at firstname.lastname@example.org. If your request comes from an email address or other source that is unknown to me, I may need to contact you via my stored information to establish you are the person to whom the data refers.
I would add for clarity, the vast majority of the information I keep on file is about business organisations. This is where my interest lies, in companies that might do business with me. GDPR regulations apply to the storage of “personally identifiable” data. Where I hold this data, it will be typically limited to your name, email address, social media handles, and maybe a personal mobile or DDI phone number. If you ask to be forgotten from my records, this is the information I will remove. The business record may remain (unless you are a sole trader), but you will not be listed or identified on it. If you are a sole trader, all information will be removed unless I have a legal obligation to keep it, for example tax records where you have been a client.
5. How I use your information
I take your privacy seriously. Clearly in professional business terms I may wish to interact with you with the aim of working together on a future project, or I may need to keep records of past business. To this end, I keep enough information to allow us to stay in contact, and to keep a record of past contact, and future potential. The information I keep is under constant review. I only keep data that is relevant to my business purposes. Additional unnecessary information will be deleted.
You will fall into one of two “data categories”:
– A lead or contact who might work together in the future.
In this category, I build a list of contacts (expressly for internal use) who might be legitimately interested or relevant to the services I offer. When I add any personally identifiable data to my business records, I log the date that personally identifiable data was added, source, how consent was given, and if not, on what other legal basis I am storing the data. If this information comes from you directly, I will seek consent at that point to hold your information. If the information comes from another source or the public domain, I will make contact with you within 30 days and seek permission to keep in touch. You have the right to have all personally identifiable data removed upon request. Please note if you have asked me to provide a quote (a price for work) to you, I will process any ‘formal’ quote through my accounts software, and information necessary to provide the quote will be kept in my accounts records. Where tax laws or accounting regulations demand, this information will stay on my files, until such time as it is no longer required.
I do not currently operate any kind of newsletter or mass marketing email list. Any online capture of your information through my website, may seek your permission for this should I begin one in the future. This will be expressly on an ‘opt-in’ basis, even if I have had past contact.
I may contact you on a one-to-one basis, where I think there is a legitimate relevance for our relationship. Where I do this, I will always give you the opportunity to request that I don’t contact you personally in the future, and that I remove personally identifiable data I hold.
– A current or past customer.
In this category, I need to keep additional information regarding past invoices, payments, receipts, along with your contact information and who I may have dealt with at the time. In order to fulfil my legal obligations, this information will be kept for a minimum of 7 years. This is to satisfy record keeping for HMRC (the UK Tax service). If you fall into this category, I am happy to remove you from any future marketing and remove any unnecessary data I hold. I would continue to hold any information legally necessary but would not contact you.
6. How I Secure Your Information
I treat the security of your personal information with the utmost importance. I take reasonable steps to protect your data from loss, unauthorised access, disclosure, alteration or destruction. This includes password protection at several stages on software, along with physical security at my premises and other measures to prevent access to your personally identifiable information.
To comply with GDPR regulations, in the event of a data breach, I am obliged to inform the ICO (Information Commissioner’s Office) with 72 hours of the breach.
7. Minors / Children
GDPR rightfully places extra safeguards on those dealing with minors or children. As I provide a business to business service, the simplest way for me to comply in this regard is to not enter into contact or business with anyone under the age of 16.
When I ask for consent to keep information and keep in touch with you in the future, I may ask you to declare that you are over the age of 16. This is purely to establish that additional safeguards required are unnecessary in my dealings with you.
8. Website Cookies – Google Analytics
When someone visits http://tonycollinsfogarty.com I use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. I do not make, and do not allow Google to make, any attempt to find out the identities of those visiting my website.
9. Links to other websites
On my website, I may link to other articles, sites or resources of interest to potential visitors. This does not constitute an endorsement of the link or site, or the content displayed. I accept no responsibility for the content of external sites, and you view them at your own risk.
Please note, where I publish a blog article on my site, there may be an opportunity for you to post a comment or response. In these circumstances, your name will be stored and publicly displayed with any comment you make. If you have made a comment, and would like it deleted, please contact me.
10. Financial information
The only financial information I store is information supplied to me in order to make payment on a supplier invoice or other product/service. This will be processed through my cloud-based accounts software (and held securely). Digital or hard copies of invoices are held securely in my office. This information is treated as private and confidential and not shown to any other parties (other than where I am legally obliged to supply to my accountant or HMRC).
11. Changes to this Privacy Notice.
Like many other organisations, as I feel my way forward with the new GDPR legislation, I may discover a need to update and change this policy. You can ask me at any time, and I will also clearly link to this notice on my website at http://tonycollinsfogarty.com/privacy.