[Last updated: 25 February 2023]

1. Introduction

1.1    We are committed to safeguarding the privacy of our website visitors and service users.

1.2    In this policy, “we”, “us” and “our” refer to www.grahamwilliamson.com For more information about us, see Section 10.

2. Credit

2.1    This document was created using a template from SEQ Legal (https://seqlegal.com).

3. How we use your personal data

3.1    In this Section 3 we have set out:

(a)    the general categories of personal data that we may process;

(b)    in the case of personal data that we did not obtain directly from you (if any), the source and specific categories of that data;

(c)    the purposes for which we may process personal data; and

(d)    the legal bases of the processing.

3.2    We may process data about the ways you access our website (“access data”). The access data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the access data is our server log files. This anonymised access data may be processed for the purposes of analysing the use of our website, detecting and preventing fraud and unauthorised system access, and ensuring the security of our systems. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services and providing security.

3.3    We may process data about your use of our website (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. This data is anonymised, so that we have no way of linking this usage data to any identifiable person. The source of the usage data is Burst Statistics. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests. You can read the Burst Statistics privacy policy here.

3.4    We may process information that you submit for publication on our website or through our services (“publication data”). The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.

3.5    We may process information that you post as comments on blog posts on our website (“comments data”). When you leave comments on the site we collect the data shown in the comments form, and your IP address and browser user agent string to help spam detection through our anti-spam software Akismet. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Aksimet and Gravatar services privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture, if available, is visible to the public in the context of your comment. The publication data may be processed for the purposes of enabling publication of comments and administering our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.

3.6    We may process information contained in or relating to any communication that you send to us (“correspondence data”). When you send a message through our online ‘Contact’ page we collect the data shown in the contact form, and your IP address and browser user agent string to help spam detection through our anti-spam software reCAPTCHA (by Google) and Akismet (by Automattic). Google’s privacy policy is available here: https://policies.google.com/privacy; Automattic’s privacy policy is available here: https://automattic.com/privacy/. You can read about how Google uses personal data here. The correspondence data may be processed by us for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users or to fulfil a contractual obligation.

3.7    We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

3.9    We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

3.10  In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

3.11  Please do not supply any other person’s personal data to us, unless we prompt you to do so.

3.12  If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

4. Providing your personal data to others

4.1    We do not sell your personal data. We share information about you in the limited circumstances set out in this Section 4 and with appropriate safeguards on your privacy.

4.2    We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

4.3    In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

4.4    We may share information that has been aggregated or reasonably de‑identified, so that the information could not reasonably be used to identify you. For example, we may publish aggregate statistics about the use of our website or services.

4.5    Our hosting provider is Siteground Hosting Ltd, UK. The company has access to our server access logs and error logs which are compiled using anonymised data for the purposes of analysing the use of our website, detecting and preventing fraud and unauthorised system access, and ensuring the security of our systems. Their privacy policy is available here: https://www.siteground.co.uk/privacy.htm.

5. International transfers of your personal data

5.1    We may transfer your personal data from the European Economic Area (EEA) to the UK and process that personal data in the UK for the purposes set out in this policy]during any period with respect to which the UK is not treated as a third country under EU data protection law or benefits from an adequacy decision under EU data protection law; and we may transfer your personal data from the UK to the EEA and process that personal data in the EEA for the purposes set out in this policy during any period with respect to which EEA states are not treated as third countries under UK data protection law or benefit from adequacy regulations under UK data protection law.

5.2    You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

6. Retaining and deleting personal data

6.1    Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6.2    We will retain your personal data as follows:

(a)    anonymised access data will be retained for a minimum period of 24 hours following your access of our website, and for a maximum period of 31 days following your access of our website. Raw server log files containing anonymised access data may only contain a few hours’ worth of data because they are discarded once they have been processed. As we have enabled automatic archiving, the raw log data is archived before it is discarded. The previous month’s archived logs are automatically deleted at the end of each month;

(b)    anonymised usage data will be retained indefinitely following your consent to use Burst Statistics to track your use of our website. If you withdraw consent to use Burst Statistics to track your use of our website no further anonymised data will be collected;

(c)    publication data and comments data will be retained indefinitely;

6.3    In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:

(a)    the period of retention of correspondence data will be determined based on the length of time it takes to satisfactorily answer or otherwise deal with your enquiry or reason for correspondence.

6.4    Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

7. Your rights

7.1    In this Section 7, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

7.2    Your principal rights under data protection law are:

(a)    the right to access;

(b)    the right to rectification;

(c)    the right to erasure;

(d)    the right to restrict processing;

(e)    the right to object to processing;

(f)    the right to data portability;

(g)    the right to complain to a supervisory authority; and

(h)    the right to withdraw consent.

7.3    If you have posted comments on this website, you can request that we send you an exported file of the personal data we hold about you, including any data you have provided to us. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. Please make your request using the Contact Form.

7.4   In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims. Please make your request using the Contact Form.

7.5    You may exercise any of your rights in relation to your personal data by written notice to us using the Contact Form.

8. Amendments

8.1    We may update this policy from time to time by publishing a new version on our website.

8.2    You should check this Privacy Policy page occasionally to ensure you agree with any changes to this policy.

9. Cookies

9.1    Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.

9.2    You can use your internet browser to delete cookies automatically or manually. You can also specify that certain cookies may not be placed. Another option is to change the settings of your internet browser so that you receive a message each time a cookie is placed. For more information about these options, please refer to the instructions in the Help section of your browser. Please note that our website may not work properly if all cookies are disabled. If you do delete the cookies in your browser, they will be placed again after your consent when you visit our websites again.

10. Our details

10.1  This website is owned and operated by Graham Williamson.

10.2  You can contact us:

(a)    by post, using the postal address 3 Crawley Dene, Powburn, Northumberland NE66 4HA England;

(b)    using our website Contact Form