Privacy policy.
In this Privacy Policy, I would like to inform you about the nature, scope, and purpose of Personal data we (that is me and the third parties acting on my behalf) process when you use my website and services.
Personal data in this sense is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
However, we reserve the right to put this data to additional uses to the extent permitted or required by law or necessary to support legal or criminal investigations. In this case, we will inform you again about this further data processing to the extent required by law and obtain your consent.
Person responsible
The person responsible for processing pursuant to the UK`s Data Protection Act (“DPA”) and the General Data Protection Regulation (“GDPR”) is:
The YNAB Coach
Chelsea Alventosa
Bristol, UK
E-Mail: chelsea@theynabcoach.co.uk
Collection of general data and information
Each time you visit my website, a number of general data and information is transmitted - even if you use my website for purely informational purposes. I only collect the general data and information that your browser transmits to my website’s server. This data and information are collected are technically necessary for the display my website to you and that serve the stability, security and danger or threat prevention in the event of attacks on my website, such as:
IP address
date and time of an access to the website
type and version of browser used
operating system used and its interface
the website from which an accessing system arrives at my website (so-called referrer)
sub-websites that are accessed via an accessing system on my website,
Internet service provider of the accessing system.
This data is deleted after the storage is no longer necessary for error analysis or danger or threat prevention. The legal basis for this data processing is my legitimate interest (Art. 6 (1) f) GDPR). When analysing these general data and information, I do not draw any conclusions about you as a data subject.
Contact options via the website
Contacting me is made possible by e-mail, contact form and social media. If you contact me, your transmitted personal data will be automatically stored for the purpose of processing the request or contacting you.
Data processing for the purpose of contacting me is carried out on the basis of your voluntarily given consent (Art. 6 (1) a) GDPR) or, in the case of a (pre-)contractual relationship with me, the initiation of a contractual service (Art. 6 (1) b) GDPR). I delete the data accruing in this context after the storage is no longer necessary for the processing of your request or restrict the processing if there are legal retention obligations.
Working with me and my services
When requesting my services, it is necessary, among other things, to provide your name, e-mail address and postal address and, if applicable, your payment data, and other details. I process and store the personal data provided when you request my services solely for the purpose of providing you with the ordered service. Accordingly, the data is processed on the basis of our contractual relationship (Art. 6 (1) b) GDPR) as well as to fulfil my legal obligations (Art. 6 (1) c) GDPR).
Online Meetings
I use Zoom to conduct online meetings and various types of data are processed when using an online platform for meetings. The scope of the data depends on the information you provide before or during participation in an online meeting. The legal basis for this is my legitimate interest in effective customer communication (Art. 6 (1) f) GDPR) and, insofar as it concerns an enquiry to enter into or fulfil a contract, also Art. 6 (1) b) GDPR. You can revoke your consent at any time. For this purpose, an informal e-mail is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.
Use of cookies
I use so-called cookies on my website. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. The legal basis for the use of cookies is your consent (Art. 6 (1) a) GDPR) as well as my legitimate interest (Art. 6 (1) f) GDPR). For more information on cookies, please refer to my Cookie Policy.
Hosting
To provide my website, I use the services of Squarespace Inc, of 225 Varick Street 12th Floor New York, NY 10014 United States who process the above-mentioned data and all data to be processed in connection with the operation of my website (log files) on my behalf. The legal basis for the data processing is my legitimate interest in providing an appealing website (Art. 6 (1) f) GDPR).
Disclosure of data to third parties
I will only share your personal data with third parties if:
you have given your express consent to do so (Art. 6 (1) a) GDPR),
the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (Art. 6 (1) f) GDPR),
in the event that there is a legal obligation for disclosure (Art. 6 (1) c) GDPR), as well as
this is legally permissible and necessary for the processing of contractual relationships with you (Art. 6 (1) b) GDPR).
General technical organisational measures
I have taken a variety of security measures to protect personal data to an appropriate extent and adequately. All information held by me is protected by physical, technical, and procedural measures that limit access to the information to specifically authorised persons and in accordance with the DPA, the GDPR and this Privacy Policy.
My website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only those who need the information to perform a specific job are granted access to personally information.
Duration of storage
I store your personal data for as long as necessary to achieve the respective storage purpose. Afterwards, your data will be deleted, unless I am obliged to store it for a longer period of time (Art. 6 (1) c) GDPR) due to tax, commercial or other legal storage or documentation obligations, or you have agreed to a storage beyond this period (Art. 6 (1) a) GDPR).
Rights of the data subject
With regard to your personal data, you have the following rights:
Right to information about the personal data concerned (Art. 15(1) GDPR).
Right to rectification of inaccurate personal data (Art. 16 GDPR).
Right to erasure (right to be forgotten) of personal data (Art. 17 GDPR).
Right to restriction of processing (Art. 18 GDPR).
Right to data portability (Art. 20 GDPR).
Right to object to processing (Art. 21 GDPR).
Right to object at any time to the processing of your personal data for the purposes of advertising and data analysis (Article 21 (3) GDPR).
Right not to be subject to automated decisions, including profiling, (Art. 22 GDPR).
Right to withdraw consent (Art. 7 (3) GDPR) if you have given us consent to process your data.
If you wish to assert one of the above rights, you can contact me using chelsea@theynabcoack.co.uk at any time.
According to the DPA and GDPR, you are entitled to file a complaint with your local Supervisory Authority or the Supervisory Authority responsible for me. The Information Commissioner’s Office (ICO) is the relevant data protection supervisory authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). I would, however, appreciate the chance to deal with your concerns before you approach any Supervisory Authority.
Links to others
My website contains so-called hyperlinks to websites of other providers. When you activate these hyperlinks, you will be redirected from my website directly to the website of the other provider. You will recognise this by the change of URL, among other things. I cannot accept any responsibility for the confidential handling of your data on these third-party websites, as I have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these websites.
Social Media
I’m present in various "social media" platforms in order to communicate with my customers, interested parties and users registered there and to be able to inform them about my offers there. I would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating). The processing of users' personal data is based on my legitimate interests in providing users with effective information and communicating with users (Art. 6 (1) f) GDPR).
Accuracy
It is important that the data I hold about you is accurate and current, therefore please keep me informed of any changes to your personal data.
Updating your information
If you believe that the information, I hold about you is inaccurate or that I am no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting me. For your protection and the protection of all of users, I may ask you to provide proof of identity before I can answer your requests.
Keep in mind, I may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, I may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow me to provide my service to you anymore.
Data Breaches/Notification
Databases or data sets that include personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, I will notify all affected individuals whose personal data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Personal data and children
My services are aimed at people aged 18 and over. I will not knowingly collect, use, or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Change in privacy policy
Due to the further development of my website or due to changes in legal and regulatory requirements, I reserve the right to change this privacy policy at any time with effect for the future. A current version is available on the website. Please check regularly!