WithoutFire | John Elliott's occasional thoughts on data protection

privacy notice

The whole point of a privacy notice is that you can understand what will happen to data relating to you when you engage with an organisation. I’ve tried to make my interactions as privacy respectful as possible but this site does use and embed third-party services which are described below.

In this privacy notice when I say “we” or “us” or “the website” I actually mean my UK-based limited company, WithoutFire Ltd (Reg. No. 9776269), which is legally the (data) controller. Unsurprisingly I’m the DPO for the company and you can find my contact details on the About page.

If you’re just browsing the website

The website collects no personal information about you, there’s no analytics, no need to register and no options to subscribe.

Sometimes posts will have embedded content such as a YouTube video and there's a Twitter widget on the side of each page. Your browser will load that third party content from YouTube or Twitter which will set cookies and try to track you. You can set adjust your privacy settings on those third party sites or better still install the EFF’s Privacy Badger extension for your browser.

We use Ghost Pro to host and manage the site which comes with two features.

  1. Content is distributed using the Cloudflare content distribution network. Cloudflare sets a single cookie - __cfduid which is identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personal data. More info.
  2. Ghost uses Disqus to provide the facility to comment on posts. If you comment on a post with Disqus then it too will collect information about you as described in the Disqus Privacy Policy.

If you contact me to discuss a business relationship or have a chat

We will process personal data consisting of your contact information - it is necessary and in our legitimate interests for us respond to your enquiry and to stay in touch with you. You can always ask us to delete your personal data and if we’ve not spoken for a few years it will be automatically purged.

We don’t really do direct marketing, but if we did if would be fully compliant with the PECR and we’d absolutely respect your right to opt-out of the processing of your personal data for this purpose.

If we establish a commercial relationship

We will often also process the personal data of other people in your organisation. In some cases this will be as a controller of the data, e.g. in respect of the contact information for people in your finance and procurement departments. Processing this data is necessary to maintain our commercial relationship with you and will generally be retained for six years to satisfy tax regulations and to defend against potential legal claims.

If you ask us to work with other colleagues in an organisation we may process their personal data in the course of providing our professional services to you. This processing occurs in the context of our relationship and we will usually be acting as a (data) processor acting on your instructions as defined in our written agreement in compliance of Article 28 of the GDPR.

Your rights

The GDPR gives you a number of rights over data relating to you that’s processed by us. We’re committed to respecting those rights so just ask if you want to exercise those rights.

WithoutFire Ltd is registered with the UK Information Commissioner’s Office and if you’re unhappy with the way we process your personal data then you have the right to complain to the ICO.