Privacy Notice

1. Introduction

The DPO Diary ("we", "us", "our") is committed to protecting your privacy. This privacy notice explains how we collect, use, disclose, and safeguard your personal data when you visit our website.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The DPO Diary is the data controller responsible for your personal data. If you have any questions about this privacy notice or our data practices, please contact us using the details provided in the "Contact Us" section below.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide to us:

• Contact information (name, email address) when you subscribe to our newsletter or contact us
• Any other information you choose to provide in correspondence with us

Information collected automatically:

• Technical data such as IP address, browser type and version, time zone setting, operating system
• Usage data such as pages visited, time spent on pages, and navigation paths
• Cookie data (see our Cookie Policy for more details)

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• To provide and maintain our website
• To send you our newsletter (if you have subscribed)
• To respond to your enquiries and correspondence
• To analyse website usage and improve our content
• To comply with legal obligations

5. Lawful Basis for Processing

We rely on the following lawful bases for processing your personal data:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., subscribing to our newsletter)
• Legitimate interests: Where processing is necessary for our legitimate interests (e.g., website analytics) and your interests and fundamental rights do not override those interests
• Legal obligation: Where we need to comply with a legal obligation

6. Data Sharing

We do not sell, trade, or rent your personal data to third parties. We may share your data with:

• Service providers who assist us in operating our website (e.g., hosting providers, email service providers)
• Professional advisers where necessary
• Law enforcement or regulatory bodies where required by law

Any third-party service providers are required to process your data in accordance with our instructions and applicable data protection laws.

7. International Transfers

We primarily store and process data within the UK and European Economic Area. Where we transfer personal data outside these areas, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Specific retention periods:

• Newsletter subscriptions: Until you unsubscribe
• Contact form enquiries: 2 years from last correspondence
• Website analytics data: 26 months

9. Your Rights

Under data protection law, you have the following rights:

• Right of access: You can request a copy of your personal data
• Right to rectification: You can request correction of inaccurate data
• Right to erasure: You can request deletion of your data in certain circumstances
• Right to restrict processing: You can request limitation of processing in certain circumstances
• Right to data portability: You can request transfer of your data to another controller
• Right to object: You can object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us using the details below. We will respond within one month.

10. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Notice

We may update this privacy notice from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this notice periodically.

13. Contact Us

If you have any questions about this privacy notice or wish to exercise your data protection rights, please contact us at:

Email: privacy@dpodiary.com

Or use our contact form.

14. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113