data controller
01 // Who I amdata controller

Controller details

For the purposes of UK data protection law, the data controller for this website and related business communications is:

Name

Jamie Forrester

Contact email

hello@jamieforrester.com

Business address

Edinburgh, Scotland, UK

Scope of this policy

This policy applies to information collected through this website, direct email contact, enquiry handling, pre-engagement discussions, and the administration and delivery of professional services.

what data is collected
02 // What data I collectidentity and materials

Identity data and engagement materials

  • Name and contact details — name, email address, phone number, and company details
  • Information included in enquiry emails, briefs, attachments, or documents you choose to send
  • Operational information relevant to a potential or active engagement, including project context, constraints, and communications history
  • Technical website information that may be generated through standard server operation, such as basic logs, if processed by infrastructure providers

Client materials

In the course of this work, you may send structural materials such as workflows, contracts, notes, screenshots, internal documents, or other operational records. While these materials are often corporate in nature, they may contain personal data. They are handled only to the extent necessary to assess, scope, administer, or deliver the work. Client materials are not uploaded to public or third-party tools that store or reuse content beyond the relevant engagement.

Special category data

You should avoid sending special category personal data (for example, health information or criminal records) unless it is strictly relevant to the work. If such information is included in materials you provide, it will be handled only to the extent reasonably necessary for the relevant purpose.

how data is used
03 // How I use datapurposes

Why personal data is used

  • To respond to enquiries and communicate with prospective clients
  • To assess whether a matter is a fit for the services offered
  • To scope, administer, and deliver professional engagements
  • To maintain records relating to enquiries, proposals, agreements, invoices, and delivery
  • To comply with legal, regulatory, accounting, or tax obligations
  • To protect the security and integrity of the website and business communications
lawful bases
04 // Lawful basesuk gdpr basis per purpose

Legal basis for processing — mapped by purpose

Each processing purpose is linked to a specific lawful basis. The mapping is as follows:

Responding to enquiriesLegitimate interestsThe legitimate interest is operating a professional practice and responding to people who contact it directly.
Assessing fit and scoping workLegitimate interests / Steps before contractProcessing is necessary to evaluate a potential engagement before any formal agreement is made.
Delivering active engagementsContract performanceProcessing is necessary to perform the agreed services once an engagement is confirmed.
Invoicing and accounting recordsLegal obligationProcessing is required to meet tax, accounting, and related legal obligations.
Security and integrity of communicationsLegitimate interestsThe legitimate interest is protecting the website and business communications from unauthorised access or misuse.
Consent-based purposesConsentWhere consent is the basis, this will be made clear at the point of collection and may be withdrawn at any time.

Right to object. Where processing is based on legitimate interests, you have the right to object at any time. To exercise this right, contact hello@jamieforrester.com. Processing will stop unless there are compelling legitimate grounds that override your interests.

sharing and processors
05 // Sharing and processorswho receives data

Who personal data may be shared with

Personal data is not sold. It is shared only where reasonably necessary to run the website and business, or where legally required.

  • Encrypted cloud email infrastructure — used for all business correspondence
  • Encrypted cloud storage — used for secure document handling and delivery
  • Professional invoicing and accounting tools — used to issue invoices and maintain financial records
  • Web hosting and DNS infrastructure — used to operate the website
  • Professional advisers — accountants, lawyers, or insurers where necessary
  • Authorities or regulators — where disclosure is legally required

Processors

Third-party providers used to support the website or business may process data on my behalf. Where such providers are used, they are selected on the basis that they are appropriate for professional business use and provide reasonable security standards. They are not authorised to use personal data for their own purposes beyond what is necessary to provide the relevant service.

international transfers
06 // International transferscross-border processing

Transfer of data outside the UK

Some of the third-party providers used to operate this website and business are based outside the UK, or may process data on infrastructure located outside the UK. This includes providers of cloud email, storage, font delivery, and hosting services.

Where personal data is transferred outside the UK, this is done on the basis of one or more of the following transfer mechanisms:

  • An adequacy decision by the UK government in respect of the recipient country
  • Standard contractual clauses or equivalent appropriate safeguards approved under UK law
  • The transfer being necessary for the performance of a contract or the implementation of pre-contractual measures

Fonts and website infrastructure

This website uses Google Fonts, which may result in your browser making a request to Google's servers. Google's privacy policy governs any data processed in that context. No engagement-related personal data is transmitted via font loading.

If you have questions about the safeguards applied to any specific transfer, contact hello@jamieforrester.com.

retention
07 // Retentionhow long data is kept

How long personal data is kept

Personal data is retained only for as long as reasonably necessary for the purpose it was collected, including record-keeping, legal, tax, and dispute-management needs. Records are not kept indefinitely — where there is no ongoing business or legal need, they are periodically reviewed and deleted.

Unsuccessful enquiries

Retained for up to 12 months after the last communication, then deleted unless there is an active follow-up reason.

Pre-client and scoping discussions

Retained for up to 24 months after the last communication, or until the matter is clearly concluded.

Active client records

Retained for up to 6 years after completion of the engagement, to cover potential legal, tax, or dispute needs.

Financial records

Retained for at least 6 years as required under applicable UK accounting and tax rules.

security
08 // Securityprotection measures

How personal data is protected

  • Use of encrypted, professional-grade email and cloud storage infrastructure
  • Access controls and password protection for all business accounts
  • Two-factor authentication where available
  • Data minimisation wherever possible

Client materials and confidentiality

The analysis is not outsourced. Client materials are handled only as necessary to assess, scope, administer, or deliver the work. They are not uploaded to public tools that store or reuse content, using secured infrastructure appropriate to a sole professional practice.

AI tools and client data

Client materials and engagement data are not sent to public generative AI tools, not used to train AI models, and not shared for model training purposes. Where AI-assisted tools are used in the practice, client data is not submitted as input. They are used only for the purpose of the relevant enquiry or engagement.

No guarantee

No online system can guarantee absolute security. However, reasonable steps are taken to protect personal data against unauthorised access, misuse, loss, or disclosure.

your rights
09 // Your rightsindividual rights

Your data protection rights

Depending on the circumstances and the lawful basis relied on, you may have the right to:

  • Request access to your personal data
  • Request correction of inaccurate or incomplete data
  • Request erasure of data in certain circumstances
  • Request restriction of processing in certain circumstances
  • Object to processing where legitimate interests are relied on — this right applies to all legitimate-interests processing on this site and will be given full weight
  • Request data portability where the processing is automated and based on consent or contract performance
  • Withdraw consent where consent is the lawful basis

How to exercise rights

To exercise any of these rights, email hello@jamieforrester.com. Reasonable steps may be taken to verify identity before responding to a request. A response will be provided within one month of receipt.

cookies
10 // Cookieswebsite technologies

Cookies and similar technologies

This website does not set non-essential cookies.

If any strictly necessary cookies are used for basic site function, they may be used without additional consent where legally permitted. If analytics, advertising, or other non-essential cookies are introduced in future, this policy will be updated and appropriate consent mechanisms will be in place before those cookies are set.

complaints and updates
11 // Complaints and updatesfinal matters

Questions, complaints, and changes

Questions or concerns

If you have questions about this Privacy Policy or how personal data is handled, contact hello@jamieforrester.com in the first instance.

Complaints to the ICO

You may also complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. The ICO can be reached at ico.org.uk/make-a-complaint or by calling 0303 123 1113.

Policy updates

This policy may be updated from time to time to reflect legal, operational, or website changes. The most current version will always appear on this page with the date it was last revised.

EMAIL VIEW SERVICES