hi@georgepapatheodorou.com | 0744 70 700 13
Expand search form

Privacy Policy

WARNING: THIS PRIVACY POLICY AND ALL OTHER DOCUMENTATION ON OUR WEBSITE ARE PROTECTED AND MONITORED 24/7 BY SOPHISTICATED PLAGIARISM AND COPYRIGHT INFRINGEMENT DETECTION SOFTWARE, DOCUMENT TRACKING AND ALERTS, INCLUDING, WITHOUT LIMITATION, COPYSCAPE. WE ENFORCE OUR LEGAL RIGHTS AGAINST ANY UNAUTHORISED COPYING OR USE OF OUR WEBSITE DOCUMENTATION AND PROSECUTE ANY INFRINGEMENT TO THE MAXIMUM EXTENT PERMITTED BY LAW.

This Privacy Policy sets out how I, Georgios Papatheodorou (trading as George Papatheodorou), collect, store and use information about you when you use or interact with my website, https://georgepapatheodorou.com (my website) and where I otherwise obtain or collect information about you.

This Privacy Policy is effective from 7 May 2018.

For ease of reference, this Privacy Policy is divided in two sections: a summary privacy policy and the full privacy policy.

If you have any questions about this Privacy Policy, please contact me by sending an email to gpapatheodorou@gmail.com.

SUMMARY PRIVACY POLICY

This section summarises how I obtain, store and use information about you. It is intended to provide a very general overview only. It is not complete in and of itself and it must be read in conjunction with the corresponding full section of this Privacy Policy.

Data controller: Georgios Papatheodorou

How I collect or obtain information about you: when you provide it to me (e.g. by contacting me, perform the automated website audit, reply to my onboarding questionnaire, use the live chat or subscribe for my newsletter) and from your use of my website, using cookies.

Information I collect: name, contact details, IP address, information from cookies, information about your computer or device (e.g. device and browser type), information about how you use our website (e.g. which pages you have viewed, the time when you view them and what you clicked on, the geographical location from which you accessed our website (based on your IP address), company name or business name (if applicable), and VAT number (if applicable).

How I use your information: for administrative and business purposes (particularly to contact you and process subscriptions you set on my website), to improve my business and website, to advertise my services, to analyse your use of my website, and in connection with our legal rights and obligations.

Disclosure of your information to third parties: only to the extent necessary to run my business, to our service providers, to fulfil any contracts I enter into with you, and where required by law or to enforce our legal rights.

Do I sell your information to third parties (other than in the course of a business sale or purchase or similar event): No

How long I retain your information: for no longer than necessary, taking into account any legal obligations I have (e.g. to maintain records for tax purposes), any other legal basis I have for using your information (e.g. your consent, performance of a contract with you or my legitimate interests as a business) and certain additional factors described in the main section below entitled “How long I retain your information.”

How I secure your information: using appropriate technical and organisational measures such as storing your information on secure servers, encrypting transfers of data to or from our server using Secure Sockets Layer (SSL) technology, only granting access to your information where necessary.

Use of cookies: I use cookies on my website including essential, functional and analytical cookies. For more information, please visit my Cookies Policy.

Transfers of your information outside the European Economic Area: in certain circumstances we transfer your information outside of the European Economic Area, including to the United States of America. Where we do so, we will ensure appropriate safeguards are in place, including, for example, that the third parties we use who transfer your information outside the European Economic Area have self-certified themselves as compliant with the EU-U.S. Privacy Shield.

Your rights in relation to your information:

  • – to access your information and to receive information about its use
  • – to have your information corrected and/or completed
  • – to have your information deleted
  • – to restrict the use of your information
  • – to receive your information in a portable format
  • – to object to the use of your information
  • – to withdraw your consent to the use of your information
  • – to complain to a supervisory authority

Sensitive personal information: I do not knowingly or intentionally collect what is commonly referred to as “sensitive personal information”. Please do not submit sensitive personal information about you to me. For more information, please see the main section below entitled “Sensitive Personal Information”.

FULL PRIVACY POLICY

My details

The data controller in respect of my website is Georgios Papatheodorou.

You can contact the data controller by writing to Georgios Papatheodorou, 172 Pall Mall, Leigh-on-Sea – Essex, SS9 1RB or sending an email to gpapatheodorou@gmail.com.

If you have any questions about this Privacy Policy, please contact the data controller.

Information I collect when you visit my website

I collect and use information from website visitors in accordance with this section and the section entitled “Disclosure and additional uses of your information”.

I use a third party server / hosting company to host my website called Online.net, the privacy policy of which is available here. My website server automatically logs the IP address you use to access my website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to my website (e.g. the website or URL (link) which referred you to my website), and your browser version and operating system.

My server is located in France.

Use of website server log information for IT security purposes

My third party hosting provider stores server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks and other cyber attacks, by detecting unusual or suspicious activity.

Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our website server provider to make any attempt to identify you from the information collected via server logs.

Legal basis for processing: compliance with a legal obligation to which we are subject (Article 6(1)(c) of the General Data Protection Regulation).
Legal obligation: I have a legal obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of our processing of information about individuals. Recording access to our website using server log files is such a measure.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interests: we have a legitimate interest in using your information for the purposes of ensuring network and information security.

Use of website server log information to analyse website use and improve my website

I use the information collected by our website server logs to analyse how my website users interact with my website and its features. For example, we analyse the number of visits and unique visitors we receive, the time and date of the visit, the location of the visit and the operating system and browser used.

I use the information gathered from the analysis of this information to improve my website. For example, I use the information gathered to change the information, content and structure of my website and individual pages based according to what users are engaging most with and the duration of time spent on particular pages on my website.

Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest: improving my website for my website users and getting to know my website users’ preferences so my website can better meet their needs and desires.

Cookies are data files which are sent from a website to a browser to record information about users for various purposes.

I use cookies, including essential, functional and analytical cookies. For further information on how we use cookies, please see my cookies policy.

You can reject some or all of the cookies I use on or via my website by changing your browser settings, but doing so can impair your ability to use my website or some or all of its features. For further information about cookies, including how to change your browser settings and other ways in which you can reject cookies, please visit www.allaboutcookies.org or see my cookies policy.

Information I collect when you contact me

I collect and use information from individuals who contact me in accordance with this section and the section entitled “Disclosure and additional uses of your information”.

When you send an email to the email address displayed on my website I collect your email address and any other information you provide in that email (such as your name, telephone number and the information contained in any signature block in your email).

Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to me providing you with services or taking steps at your request prior to providing you with my services (for example, providing you with information about such services), I will process your information in order to do so).
Transfer and storage of your information: I use a third party email provider (Google / Gmail) to store emails you send me.

When you contact me using my contact form, I collect the following information: your name, email address and any information you include in the message field.

If you do not provide the mandatory information required by my contact form, you will not be able to submit the contact form and I will not receive your enquiry.

Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)
Legitimate interest(s): responding to enquiries and messages I receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to me providing you with services or taking steps at your request prior to providing you with my services (for example, providing you with information about such services), I will process your information in order to do so).
Transfer and storage of your information: Messages you send me via my contact form will be stored on my web server in France.

When you contact me using my onbarding questionnaire, I collect the following information: your name, business name (if applicable), email address, phone, billing address, info regarding the service enquired and any information you include in the message field.

If you do not provide the mandatory information required by my onboarding quistionnaire, you will not be able to submit the form and I will not receive your enquiry.

Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)
Legitimate interest(s): responding to enquiries and messages I receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to me providing you with services or taking steps at your request prior to providing you with my services (for example, providing you with information about such services), I will process your information in order to do so).
Transfer and storage of your information: Messages you send me via my onboarding questionnaire form will be stored on my web server in France.

When you contact me by phone, I collect your phone number and any information provide to me during your conversation with me. I do not record phone calls.

Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)
Legitimate interest(s): responding to enquiries and messages I receive and keeping records of correspondence.
Transfer and storage of your information: Information about your call, such as your phone number and the date and time of your call, is processed by 3 – their privacy policy can be found here.

If you contact me by post, I will collect any information you provide to me in any postal communications you send me.

Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)
Legitimate interest(s): responding to enquiries and messages I receive and keeping records of correspondence.
Transfer and storage of your information: information you send me by post is stored in the United Kingdom.

Information I collect when you interact with my website

When you sign up for my e-newsletter to receive information, news and offers about my services on my website or play Spin to Win, I only collect your email address.

Legal basis for processing: your consent (Article 6(1)(a) of the General Data Protection Regulation).
Consent: you give your consent to me sending you my e-newsletter by signing up to receive it using the steps described above.
Transfer and storage of your information: I use a third party service to send out our e-newsletter and administer our mailing list, called MailChimp. You can access their privacy policy here.

Information you submit to subscribe for my newsletter will be stored outside the European Economic Area on MailChimp’s servers in the United States of America. For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled “Transfers of your information outside the European Economic Area”.

Information I collect when you subscribe to any of the available paid plans

When you subscribe to my paid service plans on my website, I will collect the following mandatory information: name, email address, phone number, billing address, company name (if applicable), VAT number (if applicable).

If you do not provide this information, I will not be able to invoice you for the service you subscribed on my website or enter into a contract with me.

Legal basis for processing: necessary to perform a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: I need the mandatory information collected to establish who the contract is with and to contact you to fulfil my obligations under the contract, including sending you invoices and order confirmations.
Legal basis for processing: compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).
Legal obligation: I have a legal obligation to issue you with an invoice for the services you purchased from me.
Legal basis for processing: I collect this personal data in our legitimate interests of more easily and effectively contacting you in relation to your subscription (Article 6(1)(f) of the General Data Protection Regulation).

By subscribing to any of the paid plans on my website you will need to make payment for services you have ordered. In order to process your payment I use PayPal. Your payment will be processed by this payment provider.

Legal basis for processing: necessary to perform a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: to fulfil your contractual obligation to pay for the services you have ordered from me.
Third party payment processor: the third party payment processor I use (PayPal) collects, use and process your information, including payment information, in accordance with their privacy policies. You can access their privacy policy here.
Transfer and storage of your information: PayPal may transfer information relating to your transaction and the processing of your transaction outside the European Economic Area. Where they do so, they will put appropriate safeguards in place.

For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled “Transfers of your information outside the European Economic Area”.

How I collect or obtain information about you from third parties

Generally, I do not receive information about you from third parties. The third parties from which I receive information about you will generally include other businesses and clients I work with from time to time who may recommend my services to you. These could be businesses in any industry, sector, sub-sector or location.

It is also possible that third parties with whom I have had no prior contact may provide me with information about you.

Information I obtain from third parties will generally be your name and contact details, but will include any additional information about you which they provide to me.

Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where a third party has passed on information about you to me (such as your name and email address) in order for me to provide services to you, I will process your information in order to take steps at your request to enter into a contract with you and perform a contract with you (as the case may be).
Legal basis for processing: consent (Article 6(1)(a) of the General Data Protection Regulation).
Consent: where you have asked that a third party to share information about you with me and the purpose of sharing that information is not related to the performance of a contract or services by me to you, I will process your information on the basis of your consent, which you give by asking the third party in question to pass your information on to me.
Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interests: where a third party has shared information about you with me and you have not consented to the sharing of that information, I will have a legitimate interest in processing that information in certain circumstances.

For example, I would have a legitimate interest in processing your information to perform my obligations under a sub-contract with the third party, where the third party has the main contract with you. My legitimate interest is the performance of my obligations under our sub-contract.

Similarly, third parties may pass on information about you to me if you have infringed or potentially infringed any of my legal rights. In this case, I will have a legitimate interest in processing that information to investigate and pursue any such potential infringement.

Where I receive information about you in error: If I receive information about you from a third party in error and/or I do not have a legal basis for processing that information, I will delete your information.

In certain circumstances (for example, to verify the information I hold about you or obtain missing information I require to provide you with a service) I will obtain information about you from certain publicly accessible sources, both EU and non-EU, such as Companies House, online customer databases, business directories, media publications, social media, and websites (including your own website if you have one). I may do this, for example, if I have insufficient information to be able to contact you or to better understand your business.

Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where you have entered into a contract or requested that I enter into a contract with you, in certain circumstances, I will obtain information about you from public sources in order to enable me to understand your business and provide services to you to a sufficient standard.

For example, I would obtain and/or verify your email address from your website or from a directory where you ask me to send you information by email but I do not possess the information or I need to confirm that I have recorded your email address correctly.
Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interests: in certain circumstances, I will have a legitimate interest in obtaining information about you from public and private sources. For example, if you have infringed or I suspect that you have infringed any of my legal rights, I will have a legitimate interest in obtaining and processing information about you from such sources in order to investigate and pursue any suspected or potential infringement.

Disclosure and additional uses of your information

Indicating possible criminal acts or threats to public security to a competent authority

If I suspect that criminal or potential criminal conduct has been occurred, I will in certain circumstances need to contact an appropriate authority, such as the police. This could be the case, for instance, if I suspect that a fraud or a cyber crime has been committed or if I receive threats or malicious communications towards me or third parties.

I will generally only need to process your information for this purpose if you were involved or affected by such an incident in some way.

Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interests: preventing crime or suspected criminal activity (such as fraud).

.

In connection with the enforcement or potential enforcement my legal rights

I will use your information in connection with the enforcement or potential enforcement of my legal rights, including sharing information with debt collection agencies if you do not pay amounts owed to me when you are contractually obliged to do so. My legal rights may be contractual (where I have entered into a contract with you) or non-contractual (such as legal rights that I have under copyright law or tort law).

Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest: enforcing my legal rights and taking steps to enforce my legal rights.

.

In connection with a legal or potential legal dispute or proceedings

I may need to use your information if I am involved in a dispute with you or a third party for example, either to resolve the dispute or as part of any mediation, arbitration or court resolution or similar process.

Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): resolving disputes and potential disputes.

.

For ongoing compliance with laws, regulations and other legal requirements

I will use and process your information in order to comply with legal obligations to which I am subject. For example, I may need to disclose your information pursuant to a court order or subpoena if I receive one or to the National Crime Agency in connection with suspected or potential money laundering matters.

Legal basis for processing: compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).
Legal obligation(s): 
legal obligations to disclose information which are part of the laws of England and Wales or if they have been integrated into the United Kingdom’s legal framework (for example in the form of an international agreement which the United Kingdom has signed).
Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest: where the legal obligations are part of the laws of another country and have not been integrated into the United Kingdom’s legal framework, I have a legitimate interest in complying with these obligations.

I disclose your information to other third parties in specific circumstances, as set out below.

.

Providing information to Google Inc.

Google collects information through our use of Google Analytics on my website. Google uses this information, including IP addresses and information from cookies, for a number of purposes, such as improving its Google Analytics service. Information is shared with Google on an aggregated and anonymised basis. To find out more about what information Google collects, how it uses this information and how to control the information sent to Google, please see the partners page of Google’s privacy policy

Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): meeting my contractual obligations to Google under my Google Analytics Terms of Service and allowing the Google Analytics to work on our website

You can opt out of Google Analytics by installing the browser add-on here.

.

Sharing your information with a prospective or actual purchaser or seller in the context of a business or asset sale or acquisition by me, a merger or similar business combination event, whether actual or potential

Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): 
sharing your information with a prospective purchaser, seller or similar person in order to allow such a transaction to take place.

.

Sharing your information with third parties, which are either related to or associated with the running of my business, where it is necessary for me to do so. These third parties include my accountants, advisors, affiliates, business partners, independent contractors, and insurers

Further information on each of these third parties is set out below.

Legal basis for processing: my legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest: running and managing my business efficiently.

Accountant

I share information with my accountant for tax purposes. For example, I share invoices I issue and receive with my accountant for the purpose of completing tax returns and my end of year accounts.

My accountant is located in the United Kingdom.

 

How long I retain your information

This section sets out how long I retain your information. I have set out specific retention periods where possible. Where that has not been possible, I have set out the criteria I use to determine the retention period.

Order information: when you place an order for services, I retain that information for a minimum period of six years following the end of the financial year in which you placed your order, in accordance with our legal obligation to keep records for tax purposes under paragraph 6, Schedule 11 of the Value Added Tax Act 1994.

Correspondence and enquiries: when you make an enquiry or contact me by email, via my contact or onboarding questionnaire form, I will retain your information for as long as it takes to respond to and resolve your enquiry, and for 12 further months, after which point I will delete your information.

Mailing list: I retain the information you used to sign up for our newsletter for as long as you remain subscribed (i.e. you do not unsubscribe) or if I decide to cancel my newsletter service, whichever occurs first.

In any other circumstances, I will retain your information for no longer than necessary, taking into account the following:

– the purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform my obligations under a contract with you or to contact you in the future);

– whether I have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulation);

– whether I have any legal basis to continue to process your information (such as your consent);

– how valuable your information is (both now and in the future);

– any relevant agreed industry practices on how long information should be retained;

– the levels of risk, cost and liability involved with me continuing to hold the information;

– how hard it is to ensure that the information can be kept up to date and accurate; and

– any relevant surrounding circumstances (such as the nature and status of my relationship with you).

How I secure your information

I take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:

– only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;

– using secure servers to store your information;

– verifying the identity of any individual who requests access to information prior to granting them access to information; and

– using Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt any payment transactions you make on or via my website.

Transmission of information over the internet is not entirely secure, and if you submit any information to me over the internet (whether by email, via my website or any other means), you do so entirely at your own risk.

I cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to me by such means.

Transfers of your information outside the European Economic Area

Information you submit to me by email is transferred outside the EEA and stored on Google Inc servers.

Country of storage: United States of America. This country is not subject to an adequacy decision by the European Commission.

Safeguard(s) used: Google Inc has self-certified its compliance with the EU-U.S. Privacy Shield which is available here. The EU-U.S. Privacy Shield is an approved certification mechanism under Article 42 of the General Data Protection Regulation, which is permitted under Article 46(2)(f) of the General Data Protection Regulation. You can access the European Commission decision on the adequacy of the EU-U.S. Privacy Shield here.

Information you submit via my contact or onboarding questionnaire form is stored on my server in France but is also forwarded to my email address and transferred outside the European Economic Area. For more information, please see “Email” immediately above.

Information you submit to me when you sign up for my newsletter (your email address) is transferred outside the EEA and stored on my third party mailing list provider’s servers. Our third party mailing list provider is MailChimp. You can access their privacy policy here.

Country of storage: United States of America. This country is not subject to an adequacy decision by the European Commission.

Safeguard(s) used: MailChimp has self-certified its compliance with the EU-U.S. Privacy Shield which is available here. The EU-U.S. Privacy Shield is an approved certification mechanism under Article 42 of the General Data Protection Regulation, which is permitted under Article 46(2)(f) of the General Data Protection Regulation. You can access the European Commission decision on the adequacy of the EU-U.S. Privacy Shield here.

When you pay for subscription services on my site, information about your order and the processing of your order may be transferred outside the European Economic Area. In details:

 

PayPal

PayPal may transfer information they process about your order outside the EEA. Where they do so, they will ensure appropriate safeguards are in place.

You can access PayPal’s privacy policy here.

Information collected by Google Analytics (your IP address and actions you take in relation to my website) is transferred outside the EEA and stored on Google’s servers. You can access Google’s privacy policy here.

Country of storage: United States of America. This country is not subject to an adequacy decision by the European Commission.

Safeguard(s) used: Google Inc has self-certified its compliance with the EU-U.S. Privacy Shield which is available here. The EU-U.S. Privacy Shield is an approved certification mechanism under Article 42 of the General Data Protection Regulation, which is permitted under Article 46(2)(f) of the General Data Protection Regulation. You can access the European Commission decision on the adequacy of the EU-U.S. Privacy Shield here.

Your rights in relation to your information

Subject to certain limitations on certain rights, you have the following rights in relation to your information, which you can exercise by writing to Georgios Papatheodorou, 172 Pall Mall, Leigh-on-Sea, Essex – SS9 1RB or sending an email to gpapatheodorou@gmail.com:

– to request access to your information and information related to my use and processing of your information;

– to request the correction or deletion of your information;

– to request that I restrict my use of your information;

– to receive information which you have provided to me in a structured, commonly used and machine-readable format (e.g. a CSV file) and the right to have that information transferred to another data controller (including a third party data controller);

– to object to the processing of your information for certain purposes (for further information, see the section below entitled “Your right to object to the processing of your information”; and

– to withdraw your consent to my use of your information at any time where I rely on your consent to use or process that information. Please note that if you withdraw your consent, this will not affect the lawfulness of my use and processing of your information on the basis of your consent before the point in time when you withdraw your consent.

In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation.

For the purposes of the UK, the supervisory authority is the Information Commissioner’s Office (ICO), the contact details of which are available here.

The above rights are provided in summary form only and certain limitations apply to many of these rights. For further information about your rights in relation to your information, including any limitations which apply, please visit the following pages on the ICO’s website:

Guide To The General Data Protection Regulation

Is My Information Being Handled Correctly

You can also find out further information about your rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 and 34 of the General Data Protection Regulation, which is available here.

Where you request access to your information, I am required by law to use all reasonable measures to verify your identity before doing so.

These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or general unauthorised access to your information.


How I verify your identity

Where I possess appropriate information about you on file, I will attempt to verify your identity using that information.

If it is not possible to identity you from such information, or if I have insufficient information about you, I may require original or certified copies of certain documentation in order to be able to verify your identity before I am able to provide you with access to your information.

I will be able to confirm the precise information I require to verify your identity in your specific circumstances if and when you make such a request.

Your right to object to the processing of your information

You have the following rights in relation to your information, which you may exercise by writing to Georgios Papatheodorou, 172 Pall Mall, Leigh-on-Sea, Essex – SS9 1RB or sending an email to gpapatheodorou@gmail.com:

– to object to me using or processing your information where I use or process it in order to carry out a task in the public interest or for my legitimate interests; and

– to object to me using or processing your information for direct marketing purposes.

You may also exercise your right to object to me using or processing your information for direct marketing purposes by:

– clicking the unsubscribe link contained at the bottom of any marketing email I send to you and following the instructions which appear in your browser following your clicking on that link;

– sending an email to gpapatheodorou@gmail.com, asking that I stop sending you marketing communications.

For more information on how to object to my use of information collected from cookies and similar technologies, please see the section entitled “How to accept or reject cookies” in my cookies policy.

Sensitive personal information

“Sensitive personal information” is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.

We do not knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to me.

If, however, you inadvertently or intentionally transmit sensitive personal information to me, you will be considered to have explicitly consented to me processing that sensitive personal information under Article 9(2)(a) of the General Data Protection Regulation. I will use and process your sensitive personal information for the purposes of deleting it.

Changes to my Privacy Policy

Where I make minor changes to my Privacy Policy, I will update our Privacy Policy with a new effective date stated at the beginning of it. My processing of your information will be governed by the practices set out in that new version of the Privacy Policy from its effective date onwards.

Where I make major changes to my Privacy Policy or intend to use your information for a new purpose or a different purpose than the purposes for which I originally collected it, I will notify you by email (where possible) or by posting a notice on my website.

I will provide you with the information about the change in question and the purpose and any other relevant information before I use your information for that new purpose.

Wherever required, I will obtain your prior consent before using your information for a purpose that is different from the purposes for which I originally collected it.

Additional information

Because I care about the safety and privacy of children online, I comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying regulations protect the privacy of children using the internet. I do not knowingly contact or collect information from persons under the age of 18. The website is not intended to solicit information of any kind from persons under the age of 18.

It is possible that I could receive information pertaining to persons under the age of 18 by the fraud or deception of a third party. If I am notified of this, as soon as I verify the information, I will, where required by law to do so, immediately obtain the appropriate parental consent to use that information or, if I am unable to obtain such parental consent, I will delete the information from my servers. If you would like to notify me of my receipt of information about persons under the age of 18, please do so by sending an email to gpapatheodorou@gmail.com.

“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on a “Do Not Track” signal in their browser, the browser sends a message to websites requesting that they do not track the user. For information about “Do Not Track”, please visit here.

At this time, I do not respond to “Do Not Track” browser settings or signals. In addition, I use other cookies to track visitors to the website. Those tools may be used by me and by third parties to collect information about you and your internet activity, even if you have turned on the “Do Not Track” signal. For information on how to block and opt out from tracking technologies used on my website, see my cookies policy.

This Privacy Policy is based on a General Data Protection Regulation (Regulation (EU) 2016/769) (GDPR) compliant template provided by GDPR Privacy Policy. For further information, please visit here.

The copyright in this Privacy Policy is either owned by, or licensed to, me and is protected by copyright laws around the world and copyright protection software. All intellectual property rights in this document are reserved.

Where I display the GDPR Privacy Policy logo on my website, this is used to indicate that I have adopted a privacy policy template provided by GDPR Privacy Policy as the basis for this Privacy Policy.