Privacy Policy

Effective Date: 17 October 2005

Last Updated:17 October 2005

1. Introduction and Scope

This Privacy Policy explains how Keith Winter (“we,” “us,” or “our”) collects, uses, and discloses your personal data when you visit, use our services, or make a purchase from www.keithwinter.com(the “Site”).

We are the Data Controller of your personal data. We are committed to protecting the privacy of European users and comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

2. Contact Details

If you have any questions about this Privacy Policy or our data practices, please contact us at:

  • Legal/Business Name: Keith Winter
  • Email Address: privacy@keithwinter.com

3. Personal Data We Collect

We collect two main categories of information:

Category of DataSpecific Data Points (Examples)How it is Collected
Identity & Contact Data (Directly Identifiable)Name, Email address, Telephone number, Shipping/Billing address, Account Login credentials (username, encrypted password).Collected when you use Contact Forms, Sign-up for an account, or complete an Order/Transaction.
Technical & Usage Data (Non-Personally Identifiable/Indirectly Identifiable)IP address, Browser type and version, Operating System, Device information, Pages viewed, Time spent on page, Referral source.Collected automatically via Cookies, Server Log Files, and Analytics Tools (e.g., Google Analytics).
Transaction DataDetails about products/services purchased, Order details, Payment history (excluding full credit card numbers, which are processed by third parties).Collected during the order and checkout process.

4. How and Why We Use Your Personal Data (Purpose and Legal Basis)

Under GDPR, we must have a lawful basis for processing your personal data.

Purpose of Processing (Why we use the data)Legal Basis under GDPR (The Lawful Reason)Data Categories Used
To Process Orders/TransactionsPerformance of a Contract. We need this data to fulfill our obligations to deliver products/services to you.Identity & Contact Data, Transaction Data
To Enable User Accounts and LoginsPerformance of a Contract. To provide you with account services, order history, and maintain your login session.Identity & Contact Data
To Respond to Inquiries/Customer SupportLegitimate Interest. It is necessary for us to respond to your direct communications and run our business efficiently.Identity & Contact Data
To Send Marketing/Promotional EmailsConsent. Only when you have given clear, affirmative, and unambiguous consent (opted-in).Identity & Contact Data (Email)
To Improve the Website (Analytics)Legitimate Interest (or Consent if required by a Cookie Consent tool). Our interest in monitoring and improving our website performance and user experience.Technical & Usage Data
For Advertising/TargetingConsent. Required for the use of advertising cookies/trackers (e.g., Google Ads) to show you personalized advertisements.Technical & Usage Data

5. Disclosure of Your Personal Data (Third-Party Recipients)

We may share your personal data with the following categories of recipients:

  • Service Providers (Processors): We use third parties to operate our business, such as:
    • Payment Processors: Companies like Stripe or PayPal who handle your payment information securely. We only share the minimum data necessary for transaction validation.
    • Shipping & Fulfillment Partners: Companies that fulfill your orders and deliver your goods.
    • Hosting Providers: Companies that store the data and host the website.
    • Email Marketing Providers (e.g., Mailchimp): To send you newsletters and promotional content, only with your consent.
  • Analytics Providers (e.g., Google Analytics): To analyze traffic and usage patterns. We have implemented IP anonymisation where possible.
  • Advertisers: If you use targeted ads, we share data (usually non-identifiable or pseudonymised data collected via cookies) with ad networks to measure campaign effectiveness and deliver relevant ads, based on your consent.
  • Legal/Regulatory: If required by law, court order, or governmental regulation.

6. International Data Transfers

If we transfer your personal data outside of the European Economic Area (EEA), we ensure that the same level of protection is afforded to it by implementing at least one of the following safeguards:

  • Adequacy Decisions: The transfer is to a country deemed to provide an adequate level of protection by the European Commission.
  • Standard Contractual Clauses (SCCs): We use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

7. Data Security and Retention

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example:

  • Transaction Data is kept for the duration required by tax law (e.g., 5-7 years).
  • Marketing Consent data is kept until you withdraw your consent (unsubscribe).

8. Your GDPR Data Protection Rights

Under GDPR, you have extensive rights regarding your personal data:

  1. The Right to be Informed: To be informed about how your data is processed (which is the purpose of this policy).
  2. The Right of Access (Art. 15): To request a copy of the personal data we hold about you.
  3. The Right to Rectification (Art. 16): To request that we correct any information you believe is inaccurate or incomplete.
  4. The Right to Erasure / ‘Right to be Forgotten’ (Art. 17): To request that we erase your personal data, under certain conditions.
  5. The Right to Restrict Processing (Art. 18): To request that we restrict the processing of your personal data, under certain conditions.
  6. The Right to Object to Processing (Art. 21): To object to our processing of your personal data, particularly where we rely on “Legitimate Interest” or for direct marketing.
  7. The Right to Data Portability (Art. 20): To request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
  8. The Right to Withdraw Consent (Art. 7): If we are relying on your consent to process your personal data, you have the right to withdraw that consent at any time. This does not affect the lawfulness of any processing carried out before you withdraw your consent.

To exercise any of these rights, please contact us using the contact details in Section 2. We will respond to your request within one month.

9. The Right to Lodge a Complaint

If you have a complaint about how we handle your data, you have the right to lodge a complaint with a supervisory authority in your country of residence within the European Economic Area (EEA).

10. Cookie Policy

This Site uses cookies. Cookies are small data files placed on your device to help us collect Technical and Usage Data.

  • Essential Cookies: Required for the website to function (e.g., maintaining your shopping cart).
  • Analytics Cookies: Used to track visitor behaviour to improve our site (e.g., Google Analytics).
  • Advertising Cookies: Used to build a profile of your interests to show you relevant advertisements.

We use a Consent Management Platform (CMP) (a cookie banner) to obtain your explicit consent for all non-essential cookies (Analytics and Advertising cookies) before they are placed on your device.

You can change or withdraw your consent at any time by clicking on the Cookie Settings link, usually found in the footer of the Site.