Aris Does Data is a trading style for me, Aris Tsontzos. I’m an independent sole trader, and I’ve put together this policy to explain exactly how you I use your information when you interact with me.
What information I collect from you
When you interact with me I could collect the following bits of information from you:
- Your name
- Your contact details, including:
- Your e-mail address
- Your phone number
- Your work or home address (depending on whether or not you operate your business from your home)
- Details pertaining to your organisation and the help you need
How I use that information, and why I need it
As you’d expect, I need your name and contact details to be able to get in touch with you, and to invoice you in the event that I carry out work for you. I also take down details pertaining to your organisation and your data protection situation so that I can determine how to best help you out.
Where that information is stored and how it’s kept secure
To help me run a business, I make use of various IT solutions to keep track of things and to help me communicate with you and with the outside world.
Most of my work is done on my laptop, and either stored on the hard drive within or in the cloud. I use G Suite (a Google product) for my business e-mails, and Google Drive and Microsoft’s OneDrive for some document creation and storage. I also use WordPress software to maintain my website and the contact form there, and I rely on Namecheap for hosting, which owns the servers where all of my website stuff is stored. My website is also secured with SSL encryption, so you can rest assured all of the information you submit there is confidential between me and you.
The cloud is a funny thing. We think of it as floating in space, but the reality is that all of that cloud-based information is stored on a physical server somewhere. As such, your information may be transferred outside the EEA. I have entered into legally-binding agreements with Google, Microsoft, WordPress and Namecheap, where they’ve each made guarantees to keep your information safe. I’ve linked to each of their privacy policies above, if you’d like to check out exactly how they keep your information safe.
I do also keep a single notebook where I scribble my ‘case notes’. This is always kept on my person when I take it with me on the road, and it’s stored securely under lock and key at Aris Does Data HQ (my flat) at other times, or when it needs to be archived, before it’s destroyed in accordance with the retention schedule set out below.
How long I hold your information for
In the name of handling your information responsibly, I’ve defined two separate data retention schedules, depending or whether or not we end up doing business.
If I’m lucky enough to end up doing business with you, I’ll hang on to your information for a period of 7 years in line with tax guidelines, before it’s disposed of or securely archived.
Let’s be real – it’s possible that it might not happen when it comes to us doing business. In the case that you get in touch with me and it doesn’t lead to you procuring my services, I’ll hang on to your information and details of your enquiry for one year, just in case you change your mind and decide to get back in touch.
Your rights when it comes to your information
Under the GDPR you are granted certain rights with regards to your information and how I can use it. These include:
- The right to access: You’ve got a right to see the information I hold about you. This is known as a subject access request. If you’d like to make a request, please e-mail me with the subject line ‘SUBJECT ACCESS REQUEST’. I’ll get back to you within one calendar month. While you’re entitled to a copy of your data for free, I reserve the right to charge a reasonable fee for repeated or unreasonable requests.
- The right to rectification: If for any reason you update your details, please let me know and I’ll be happy to update my records without delay. In the case that you inform me that any of the information I hold about you is outdated, I’ll stop using it until I update my records.
- The right to objection (opting out): If you would like me to stop processing your information in certain ways (if you’d rather I contacted you over the phone instead of e-mailing you), give me a shout.
- The right to erasure: If you would like me to jettison the sum of the information I hold about you, let me know and I’ll do my best to action this to the extent that I can, bearing in mind my legal and statutory obligations (tax law and the like). In the event that you do make an erasure request, I’ll get in touch to confirm exactly how I’ll go about this.
- These are not absolute rights and I can refuse a request where I have a very good reason (and only when I have a very good reason). When I do, I’ll inform you of this and my reasoning in making my decisions. I do hope we’ll be able to work it out between ourselves, but if you’re unsatisfied with my answer then you have the right to complain to the ICO about this.
Getting in touch with me
You can contact me day or night by e-mail if you’d like to have a chat about anything in this policy, or to exercise one of your data-related rights.
If you’re unhappy with the way I’ve handled your information, please let me know in the first instance by e-mail. I’m a reasonable guy and more than happy to have an open and honest discussion about why I do what I do.
In the event that you’re not happy with my response, you do have the right to complain to the ICO, and you can do this through their website.
This policy was last updated in May 2018. Its version number is v1.1.