Privacy Policy

Last updated: 25.01.24

Hello! You’ve found the Privacy Policy for Rebecca Broad Communications. This sets out how I treat the information you give me. It also includes fun and intriguing facts (this is subjective) about data protection.

I wrote it myself! This is, as the ICO says, “a good way to show people that you care about their information.”

The terms “I” and “my” refer to Rebecca Broad (the owner of this website).

The terms “you” and “your” relate to viewers of this website, as well as prospects, clients, and contractors of my business.

I respect the UK and EU General Data Protection Regulations (GDPR). I also value privacy highly.

Therefore, I:

1. collect and process the minimum information I need from you in order to undertake my work
2. store your personal and business information safely and securely
3. only share information with your express permission, in accordance with the Policy below, or because I am forced to by law

If I change this Privacy Policy, the changes become effective at the point of publication, and I will update the date above.

Which personal information I collect and hold (plus how and why)

If you browse my website

I do not collect personal information if you browse my website. I use privacy-first analytics. This means I don’t track your activity, and I don’t set cookies. Websites I link to may undertake these activities and you should read their Privacy Policy.

If you fill out my contact form

I collect your name, email, and enquiry details if you fill out my contact form. This is so I can respond, and contact you in the future with details about my services. This information is held in my website, email provider, file storage, and project management system.

If someone gives me your information with your prior expressed consent

If someone else gives me your information – for example, your email address because you asked them to refer you to a lovely social media manager – I treat it as if you had filled out my contact form.

I will delete any data provided to me which I believe to be:

• unnecessary to our further communication
• collected unethically or unlawfully

I do not buy personal or business information.

If you contract me

I collect your business name and address if you contract me as a freelancer. This is so I can generate invoices. This information is stored in my banking and bookkeeping software.

I may need to collect additional information depending on the service I provide to you (for example, your social media login information if you want me to log in to your social media accounts, though I encourage you to share these encrypted and will help you to do so).

All the information about how I collect and hold this information will be in your Contract Terms (a document I write for you).

If I contract you

I collect your name, email, address, bank sort code, and bank account number if I contract you for a service. This is so I can pay you and meet my legal requirements. This information is held in the same places as above – in my website, email provider, file storage, project management system, and banking and bookkeeping software.

If you pay me or I pay you

I keep records of the invoices I send you, the payments you make against them, any invoices you send me, and any payments I make against them, in my email provider and banking and bookkeeping software.

Lawful bases for processing your personal information

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases I rely on for processing your personal information are:

a) Consent. You have given me your permission to use your personal information for a specific purpose. You can remove your consent at any time by contacting me.

b) Contract. I require your personal information to provide information about my services, and to provide such services.

c) Legal obligation. I may process and share your information when I have to by law.

d) Vital interests. I may process or share your information when it is necessary to protect someone’s life.

How I share personal information

I may share your personal information with the following third parties, but on a need-to-know basis for specified purposes only:

• Internal third parties (e.g. freelancers engaged by myself to work on an agreed project)
• Service providers (e.g. website management support)
• Professional advisers (e.g. solicitors based in the UK)
• Government bodies that require reporting of activities (e.g. HM Revenue & Customs)

I require anyone with whom I share your data to:

• respect its security
• treat it in accordance with the law
• adhere to similar standards of privacy protection

How I store your personal information safely

I only keep your personal information for as long as necessary to fulfil the purposes I collected it for (including any legal, accounting, or reporting reasons). I will then securely delete it. If I anonymise your data for research, business, or statistical purposes, I may store and process it indefinitely.

I take several steps to keep your personal information safe.

Provider choice

I choose providers who display a commitment to security. For example: privacy-first analytics; a highly trusted bank; a contractor with a clear and up-to-date Privacy Policy. I also prioritise services that provide multi-factor authentication.

Software protection

I enable multi-factor authentication when offered. I use an encrypted password manager, with a vault protected by biometric recognition. The password software also means I can create strong, randomly generated passwords. I accept encrypted password sharing, meaning I never actually see the shared password.

Hardware protection

My phone and computer auto-lock after five minutes of inactivity. They are protected and unlocked by facial and fingerprint recognition.

How to exercise your data protection rights or complain

Please email me via bex (at) rebeccabroad .com if you:

• have concerns, complaints, or questions about my use of your personal information
• need further information, such as contact details I have omitted from this page due to personal security concerns
• wish to exercise your right to access, rectify, erase, restrict processing, object to processing, or data portability
  • this is free (and I will respond within one month) unless your request is unfounded, repetitive, or excessive
  • read more about your rights under certain circumstances

You can also complain to the Information Commissioner’s Office on 0303 123 1113, https://ico.org.uk/global/contact-us/, or in writing to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

Worth sending me an email first to see if we can sort it out between us, though.

As I hope you can tell, I treat your personal information and data security with respect.

I welcome any suggested changes to this Privacy Policy in line with best practices. Yay privacy!