- Effective date 1 May 2018.
- Last updated 16th April 2021.
- When we say ‘we’, ‘us’ or 'I' it means David Petherick, because that’s who I am, and I own and run the sites.
The type of personal information I collect
- I collect certain personal information about visitors and users of my sites.
- The most common types of information I collect includes things like: names, email addresses, IP addresses, other contact details such as phone numbers, survey responses, blogs, payment information, support queries, blog comments, and web analytics data.
How I collect personal information
- I collect personal information directly when you provide it to me, automatically as you navigate through the site, or through other parties when you use services associated with the sites.
- I collect your personal information when you provide it to me when you complete an enquiry form or buy services from me, subscribe to a newsletter, email list, submit feedback, enter a contest, fill out a survey, or send me a communication.
Personal information I collect about you from others
- Although I generally collect personal information directly from you, on occasion, we also collect certain categories of personal information about you from other sources. In particular:
- financial and/or transaction details from payment providers in order to process a transaction;
- third party service providers (like Google, LinkedIn, etc.), which may provide information about you when you link, connect, or login to your account with the third party provider and they send me information such as your registration and profile from that service. The information varies and is controlled by that service provider or as authorised by you via your privacy settings at that service provider; and
- other third party sources/ and or partners, whereby I receive additional information about you (to the extent permitted by applicable law), such as demographic data or fraud detection information, and combine it with information I have about you.
How I use personal information
- I will use your personal information:
- To fulfil a contract, or take steps linked to a contract: in particular, in facilitating and processing transactions that take place on the site, like where you purchase a service from me.
- Where this is necessary for purposes which are in my, or third parties, legitimate interests. These interests include:
- operating the site;
- providing you with services described on the site;
- verifying your identity when you sign in to any of my sites;
- responding to support requests, and helping facilitate the resolution of any disputes;
- updating you with operational news and information about our sites and services e.g. to notify you about changes to our sites, website disruptions or security updates;
- carrying out technical analysis to determine how to improve the sites and services we provide;
- monitoring activity on the sites, e.g. to identify potential fraudulent activity and to ensure compliance with the user terms that apply to the sites;
- managing my relationship with you, e.g. by responding to your comments or queries submitted to us on the Sites or asking for your feedback or whether you want to participate in a survey;
- managing our legal and operational affairs (including, managing risks relating to content and fraud matters);
- training staff about how to best serve our user community;
- improving our products and services; and
- providing general administrative and performance functions and activities.
- Where you give me consent:
- providing you with marketing information about products and services which I feel may interest you; and
- For purposes which are required by law.
- For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation.
When I disclose your personal information
- I may disclose your personal information to the following recipients:
- companies or organisations that I am a director or officer of;
- manufacturers or providers of any items or services made available to you, so they can facilitate delivery and support, who may be located in any of the countries my products and services are available in;
- subcontractors and service providers who assist me in connection with the ways I use personal information (as set out above), in particular: website hosting providers which are located in the US and UK; technical and customer support services which are located in Scotland and the UK; marketing and analytics services which are located in the US, UK and Canada; security and fraud prevention services which are located in the US and UK; and payment processing services which are located in the US and UK;
- my professional advisers (lawyers, accountants, financial advisers etc.) who are located in Scotland;
- regulators and government authorities in connection with my compliance procedures and obligations;
- a purchaser or prospective purchaser of all or part of my assets or my business, and their professional advisers, in connection with the purchase;
- a third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
- a third party, in order to enforce or defend my rights, or to address financial or reputational risks;
- a rights holder in relation to an allegation of intellectual property infringement or any other infringement; and
- other recipients where we are authorised or required by law to do so.
Where we transfer and/or store your personal information
- My office is based in Scotland, which is currently part of the United Kingdom, so your data will be processed in the UK. Some of the recipients I have described in section 10 above, and to whom I may disclose your personal information, are based outside the UK in places like the US. We do this on the basis of your consent to this policy. In order to protect your information, I take care where possible to work with subcontractors and service providers who I believe maintain an acceptable standard of data security compliance.
How we keep your personal information secure
- We store personal information on secure servers that are managed by us and our service providers, and occasionally hard copy files that are kept in a secure location in Scotland. Personal information that we store or transmit is protected by security and access controls, including username and password authentication, two-factor authentication, and data encryption where appropriate.
How you can access your personal information
- You can access and amend some of the personal information that I collect about you by logging in to your account as part of our contact and booking mechanism provided by vCita. You also have the right to make a request to access other personal information I hold about you and to request corrections of any errors in that data. To make an access or correction request, contact our privacy champion using the contact details at the end of this policy.
Marketing Choices regarding your personal information
- Where I have your consent to do so (e.g. if you have subscribed to one of our newsletters or have indicated that you are interested in receiving offers or information from us), I send you marketing communications by email or other methods about products and services that I feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
- You also have choices about cookies, as described below. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies some parts of our Sites may not work properly in your case.
Cookies and web analytics
- When you visit our Sites, there’s certain information that’s recorded which is generally anonymous information and does not reveal your identity. If you’re logged into your account some of this information could be associated with your account. We’re talking about the following kinds of details:
- your IP address or proxy server IP address’;
- the domain name you requested;
- the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
- the date and time of your visit to the website;
- the length of your session;
- the pages which you have accessed;
- the number of times you access our site within any month;
- the file URL you look at and information relating to it;
- the website which referred you to our Sites; and
- the operating system which your computer uses.
- I reserve the right to use third party advertising companies to serve ads based on prior visits to our Sites. For example, if you visit our Sites, you may later see an advert for our products and services when you visit a different Site.
Information about children
- Our Sites are not suitable for children under the age of 14 years, so if you are under 14 we ask that you do not use our Sites or give us your personal information (if you are a young tech wiz, please direct your nearest responsible adult to use the sites for you!). If you are from 16 to 18 years, you can browse the sites but you’ll need the supervision of a parent or guardian to subscribe to our newsletters. It’s the responsibility of parents or guardians to monitor their children’s use of our sites.
Information you make public or give to others
How long I keep your personal information
When we need to update this policy
- We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.
- When we do change the policy, a copy of the latest version of this policy will always be available on this page.
How you can contact us
- If you have any questions about our privacy practices or the way in which we have been managing your personal information, please contact our privacy champion in writing at Privacy Champion, Spot on Search, c/o David Petherick, 3 Craigcrook Terrace, Edinburgh EH4 3QN or send an email to david[at]petherick[dot]org
If you’re a user or visitor in the European Economic Area these rights also apply to you:
- For the purposes of applicable EU data protection law (including the General Data Protection Regulation 2016/679 (the “GDPR”), we are a ‘data controller’ of your personal information.
How you can access your personal information
- You are also entitled to ask us to port your personal information (i.e. to transfer in a structured, commonly used and machine-readable format, to you), to erase it, or restrict its processing. You also have rights to object to some processing that is based on our legitimate interests, such as profiling that we perform for the purposes of direct marketing, and, where we have asked for your consent to process your data, to withdraw this consent as more fully described below.
- These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your personal information. In some instances, this means that we may retain some data even if you withdraw your consent.
- Where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In all other cases, provision of requested personal information is optional.
- If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.
- Effective date 1 May 2018.
- Last updated 16 April 2021.