1. I (Clare Diston) do not and shall not under any circumstance sell or give your personal data to third parties, unless required to by a court order or judgement.
2. Consent to be contacted regarding normal business operations and offers of services may be presumed in the absence of express instructions to the contrary if you are an existing customer of Clare Diston or if you have voluntarily given your business card to a representative of Clare Diston. This is in accordance with the General Data Protection Regulation (2016)^[1] consideration (47) (p. 27) and Article 6 part 1. (f) (p. 119). My mailing list data are stored on a third-party server.
3. Consent to be contacted regarding new posts on the Clare Diston blog may be presumed in the absence of express instructions to the contrary if you have voluntarily subscribed to follow this blog. This is in accordance with the General Data Protection Regulation (2016)^[1] Article 6 part 1. (f) (p. 119). My mailing list data are stored on a third-party server.
4. Consent for either of the circumstances mentioned in (3) and (4) may be revoked by any subject at any time by expressing to Clare Diston a wish to be removed or unsubscribed from all communications either in writing or by electronic communication from a verifiable source.
5. Consent for me to retain any electronic, postal, telephone-based and live communications made to Clare Diston, and/or notes or other records of these, analogue or digital, in the legitimate interest of my ability to efficiently serve your needs as a customer whether in the present or in the future, will be presumed in the absence of express instructions to the contrary at or after the time that the communications occur.
6. Consent for me to retain such communications or records thereof may be revoked by any subject at any time by asserting in writing to Clare Diston the right to be forgotten. In such circumstances, I will make every effort to permanently destroy all such records within a period not exceeding sixty (60) working days.
7. If in the course of carrying out my services to you as a client I require access to log-in credentials including user names and passwords in order to gain entry to restricted-access areas of websites and other digital media applications on which you have assigned me to work, I shall exercise due care to protect these credentials from all third parties as well as from people who do not require access to them.
8. Individuals with whom I have had contact have the right to request a copy of the personal data that I hold about them. In such cases, they will be required first to prove their identity in order to protect the true individuals regarding whom such requests are made. The time taken to process such requests will subsequently be charged at my standard hourly rate.

This business has been registered with the UK’s Information Commissioner’s Office.

^[1] http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf

This page was last updated on 10th July, 2020. Updates to this policy may be posted here from time to time.