GDPR Compliance Guide

Last Updated: January 7, 2026

This page explains how ianjbarwell.com complies with the General Data Protection Regulation (GDPR) and what rights you have regarding your personal data.

Your Rights Under GDPR

If you are in the European Economic Area (EEA) or UK, you have the following rights:

1. Right to Access

You can request a copy of all personal data we hold about you.

2. Right to Rectification

You can ask us to correct any inaccurate or incomplete personal data.

3. Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances.

4. Right to Restrict Processing

You can ask us to limit how we use your data.

5. Right to Data Portability

You can request your data in a structured, machine-readable format.

6. Right to Object

You can object to processing based on legitimate interests or direct marketing.

7. Right to Withdraw Consent

If we process your data based on consent, you can withdraw it at any time.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: ian@ianjbarwell.com

We will respond to your request within 30 days.

What Data We Collect

• Personal Information: Name, email address (when you subscribe or contact us)
• Usage Data: IP address, browser type, pages visited
• Cookies: See our Cookie Policy

Why We Collect Data

• To provide and improve our services
• To communicate with you about updates and products
• To analyse website performance
• To comply with legal obligations

Legal Basis for Processing

• Consent: When you subscribe to our email list
• Contract: When you purchase a product
• Legitimate Interests: Website analytics and improvement
• Legal Obligation: Tax and accounting requirements

How We Protect Your Data

• Secure hosting on GitHub Pages
• Encrypted data transmission (HTTPS)
• Limited access to personal data
• Regular security reviews

Data Retention

• Email subscribers: Until you unsubscribe
• Customer data: 7 years (for tax purposes)
• Analytics data: Up to 26 months

International Data Transfers

Your data may be transferred outside the EEA/UK. We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Privacy Shield certification (where applicable)

Third-Party Processors

We use the following third-party services that may process your data:

• GitHub Pages: Website hosting
• AWeber: Email marketing
• Google Analytics: Website analytics (if used)

All processors are GDPR-compliant and have appropriate data processing agreements in place.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay
• Take immediate steps to mitigate the breach

Children's Privacy

Our website is not intended for children under 16. We do not knowingly collect data from children.

Complaints

If you believe we have not handled your data properly, you have the right to lodge a complaint with:

• UK: Information Commissioner's Office (ICO) - https://ico.org.uk
• EU: Your local data protection authority

Related Documents

For more detailed information, please review:

• Privacy Policy - Full details on data collection and use
• Cookie Policy - Information about cookies and tracking
• Terms of Service - Website usage terms

Contact Information

For any GDPR-related questions or to exercise your rights:

Email: ian@ianjbarwell.com
Website: https://ianjbarwell.com