We respect the EU’s General Data Protection Regulations (GDPR) and this policy explains how we collect and treat any information you give us. You won’t find any complicated legal terms or long passages of unreadable text. We’ve no desire to trick you into agreeing to something you might later regret.
Our policy covers
- Why we value your privacy
- How we collect information
- What information we hold
- Where we store your information
- What we use your information for
- Who’s responsible for your information at our company
- Who has access to information about you
- The steps we take to keep your information private
- How to complain
- Changes to the policy
Why we value your privacy:
We value your privacy as much as we do our own, so we’re committed to keeping your personal and business information safe. We ask for only the bare minimum from our customers. We’ll never use your personal information for any reason other than why you gave it, and we’ll never give anyone access to it unless we’re forced to by law.
Purpose and lawful basis
We only process your personal data when we have a purpose and a lawful basis for doing so. Under the GDPR Article 6-1, the lawful bases we rely on are:
- Your consent
- We have a contractual obligation (contract)
- We have a legal obligation
- We have a legitimate interest
How We Collect Information:
- We ask for contact information including your name, email address, and phone number, on our website so that we can reply to your enquiry.
- We ask for your email address when you sign up for one of our newsletters.
- We ask for your account and contact information when you hire or buy something from us.
Occasionally, we might receive your contact information from one of our partners. If we do, we protect it in exactly the same way as if you give it to us directly. We do not sell your information to third-party resources. We use your data solely for the purposes of:
- Newsletter signups where customers opt-in to provide limited data to receive updates from Jamstack.consulting
- Form Submissions for potential business inquiries where customers provide limited information to establish meeting with Jamstack.consulting
- Email Marketing in which we only reach out for legitimate interests and have policies in place to delete data within a 30-day period in the case on no or negative response.
- Subscription signups where a customer opts-in to our subscription based pricing for our services.
What Information We Store:
When you contact us by email or through our website, we store your name and email address in ConvertKit.
If you sign up for a newsletter, we store your email address in ConvertKit, which is the marketing platform we prefer.
If you do business with us, we store your business name and bank details and keep records of the invoices we send you and the payments you make. All purchases are processed by Stripe, our e-commerce platform and we never have access to your credit card information.
If we obtain data through third-party resources such as Instantly.ai for Email Marketing, we delete any data stored on their tool after 30 days from last contact or 30 days from 'opt-out' response. We do not create backups or save this data to any other resources. Unless a business relationship forms, your data will not be stored.
Protecting Your Data:
We will use technical and organizational measures to safeguard your Data, for example:
- Where we store your information in third-party services, we restrict access only to people who need it.
- We store passwords in 1Password, an encrypted password manager, and use a different, randomly generated password for each service, and never use the same password twice.
- The computers we use are all encrypted and protected by a passcode or fingerprint access. These computers ask for authentication whenever they’re started or after 15 minutes of inactivity.
- Our mobile devices are also protected by a fingerprint or facial recognition.
- We store your data on secure servers.
We have created and implemented a dedicated IT security policy for technical and organizational measures and a routine for managing data breaches. Suppose we experience a personal data breach, i.e. a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, and it poses a medium to high risk for the people affected. In that case, we will notify the national data authority within 72 hours. If the risk is deemed high for the people affected, we will inform them directly, if possible.
If you suspect any misuse or loss or unauthorized access to your Data, please let us know immediately by contacting us via this e-mail address: email@example.com.
Who Has Access to Information About You:
When we store information in our own systems, only the people who need it have access. Our management team have access to everything you’ve provided, but individual employees have access to only what they need to do their job.
Levi Robertson, our CTO, is responsible for the security of your information. You can contact them by email at firstname.lastname@example.org or by phone on +34 671 911 250 if you have concerns about the information we store.
Who We Share Data With:
To run our business efficiently and securely, we sometimes will have to share your personal data with other (trusted) parties such as:
- Data processors: providers of various services that process your personal data on our behalf
- Public authorities: when we are obliged to report to them
We use the following data processors:
- Email: Fastmail
- Calender Meetings: Calendly
- Payments: Stripe
- Hosting: Vercel
- Analytics: Fathom
- Newsletter and Form Submissions: ConvertKit
- Password Management: 1Password
- Email Marketing: Instantly.ai
We require that all such recipients secure data in accordance with good information security and as per the requirements of this Privacy notice. If you'd like to know more about our processing and with whom we share your personal data, please get in touch with us by email at email@example.com.
You have the following rights in relation to your Data
- Right to access - the right to request
- copies of the information we hold about you at any time, or
- that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is "manifestly unfounded or excessive." Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.
- Right to correct - the right to have your Data rectified if it is inaccurate or incomplete.
- Right to erase - the right to request that we delete or remove your Data from our systems.
- Right to restrict our use of your Data - the right to "block" us from using your Data or limit the way in which we can use it.
- Right to data portability - the right to request that we move, copy or transfer your Data.
- Right to object - the right to object to our use of your Data including where we use it for our legitimate interests.
- Right to complain - Also, if you're unhappy about how we process your data, you have a right to complain to a national data authority. We hope, however, that you will contact us first so that we can try to resolve the matter for you in a satisfactory way.
To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your Data, please contact us via this e-mail address: firstname.lastname@example.org
Changes to the Policy:
If we change the contents of this policy, those changes will become effective the moment we publish them on our website.