Privacy policy

Because I store and process people’s personal data, I have obligations under data protection legislation in the UK where I and my customers are based.

If you have a question or request relating to my storage and processing of your personal data, you can contact me on:

• 07837 751985
• martin@martinedwards.co.uk

Summary

The Data Protection Act and UK GDPR are about how people’s personal data is collected, processed and stored. They require that the data be collected and processed only for well-defined purposes, handled securely, kept up to date, and retained no longer than necessary.

I collect and process personal data for various purposes, and store it in various places, as detailed in this policy.

I use the word ‘customer’ to mean any person who has contacted me in relation to the services I offer.

Address book

For each customer, I store basic contact details like their name, address, email address and phone number.

• I obtain some of these details implicitly. For example, if a new customer phones me, their number will most likely show up on my phone and I’ll save it from there.
• I obtain some details explicitly. For example, I might ask a customer for their address in order to visit them.
• I obtain some details from public sources, usually to fill gaps or verify other information. For example, if a customer gives me just the first line of their address, I might use an online service to find the postcode.

I call the sum of this information my ‘address book’, and its main purpose is the legitimate interest of serving customers in a more personal way. For example, when a customer phones me I can greet them by name, or when they require a visit I can look up their address rather than ask for it each time. It also enables me to provide proper invoices.

I keep my address book in Google Workspace. It is private to me, and protected by two-factor authentication. I sync it to my computer and back it up to an external drive, both of which are encrypted. It is also synced to my mobile phone; which is encrypted, can be erased remotely if lost, and is set to erase automatically after 10 incorrect passcode attempts.

Each year, I compare my address book to my financial records for the year just ended and the two before it; and delete from the address book any customers who don’t appear in those financial records. In other words, I delete the personal data of customers I haven’t served for three years.

Customers can contact me to request that I update or delete their data in my address book, or to request a copy of this data.

Updates or deletions may take months or even years to propagate to backups, although these are kept only in a single place, offline. Any customer with a particular need can request that I expedite the complete deletion of their data, and I will do my best to accommodate this.

Email messages

I retain email messages on a legitimate interest basis for two main reasons. First, I can maintain context for subsequent messages – in other words, ‘threads’ or ‘conversations’ – as is expected in email. Second, I can refer back to historic information that may help me serve customers better in future.

I keep email messages in Google Workspace, sync them to my phone, archive them to my computer, and back them up to an external drive — as detailed in the address book section above. Customers can contact me to request a copy of my historic email exchanges with them, or to have them deleted.

Each year I delete all email messages older than three years. Backup copies will remain beyond this time, as detailed in the address book section above.

Other electronic messages: SMS, WhatsApp and similar

I retain messages sent and received via SMS, iMessage, WhatsApp, Signal and similar platforms on a legitimate interest basis for the same reasons as email messages, detailed above.

Some of these messages are synced between multiple devices, which are protected as described in the address book section above. Customers can contact me to request a copy of my recent electronic conversations with them, or to have them deleted.

I delete these messages periodically, on an automatic basis where possible. In practice, none should persist for more than a few months. They are not backed up anywhere. This makes these channels preferable to email for the exchange of more sensitive information.

Mailing list

I operate a mailing list to communicate occasional tips and significant IT news. Customers join this list by giving their explicit consent. I periodically ‘refresh’ this consent by reminding customers of their membership and asking them to remain opted in.

I record customers’ membership of the list by adding their entries in my address book (see above) to a group.

A customer can update their email address or withdraw their consent (be removed from the list) by contacting me.

Financial records

I have a legal obligation to keep financial records, including for self-assessment and payment of income tax. These records include customers’ names, along with the products or services purchased from me and amounts paid.

I keep my financial records in Google Workspace, and back them up to my computer and external drive — all of which are protected as described in the address book section above.

HMRC requires that I keep financial records for at least five years. After this time, I anonymise customer data in them. This anonymisation may take several months to propagate to backup copies.

Invoicing systems

In addition to bank transfer, cash and cheque, customers can choose to pay me by debit card, credit card or PayPal. I use SumUp to send invoices and accept payments by card, and PayPal to send invoices and accept payments both by card and directly via PayPal. With both companies, I keep necessary information about customers and their purchases – much the same as in my address book and financial records (see above) – and any personal and financial information entered by customers when settling SumUp and PayPal invoices will be processed and stored by these companies.

• SumUp Privacy Policy
• PayPal Privacy Statement

‘Coffee’ contributions

The explanatory articles and how-to guides on my website include links to my page on Buy Me a Coffee, via which anyone can buy me one or more ‘coffees’ as a show of appreciation (it’s not really coffee, just a small financial contribution). Personal information entered during this process will be processed and stored by both Buy Me a Coffee and Stripe.

• Buy Me a Coffee Privacy Policy
• Stripe Privacy Policy

Feedback

I welcome feedback to help me improve this privacy policy and the clarity with which it is explained here. I can be contacted on 07837 751985 or martin@martinedwards.co.uk.