My site uses tools like Google Analytics to collect non-personally-identifying information like your browser type, language preference, referring site, and the date and time of your visit. I do that to better understand who is visiting and how I can make my site more useful.
Forms On My Site
I also collect personally-identifying information like your email address, your website URL and your Internet Protocol (IP) addresses when you submit a form. I don’t make this information available and if I don’t need the data, I don’t collect it on the form. I use your personally-identifying information like your email address to reach back to you and reply to your questions.
If you make a purchase on my site, you require me to gather personally-identifying information. But I limit how much and what type of information I gather depends on the nature of the interaction. If you buy an online course or ebook, I collect personal and financial information required to process your purchase and pass it to my payment gateway — Stripe (more details on their privacy policies can be found here). In each case, I only collect what I need to deliver what you’re requesting. And I don’t disclose that information in any ways other than how I articulate them here in this policy.
Making A Purchase From Outside The US?
For individuals in the European Economic Area (EEA), your data may be transferred outside the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data or to a third-party where we have approved transfer mechanisms to protect your personal data — i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). For further information, please contact me using the details set out in the “Contact me” section below.
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask me not to send you these at any time — by following the unsubscribe instructions contained in the marketing communication, or send your request to the email below, in the “Contact me” section.
Depending on your country you may have the right or choice to:
- Access your personal data, update it, restrict or object to its processing, or request its deletion (see below)
- Receive the personal data you provided to transmit it to another company
- Withdraw any consent provided
- Where applicable, lodge a complaint with your supervisory authority
The length of time I keep your personal data depends on what it is and whether I have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
I’ll retain your personal data for as long as we have a relationship with you and for a period of time afterward where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, I’ll delete or anonymize it.
You can exercise these rights at any time by sending me an email. See the “Contact me” section below.
If you’re not happy with how I am processing your personal data, please let me know by sending an email. I will review and investigate your complaint, and get back to you within a reasonable time frame.
Employees, Contractors, And Your Data
I only share your personal information in order to process certain purchases where I may be using an employee, contractor or partner to help me fulfill your requests. Each of these folks has agreed to not disclose it to others. I don’t rent or sell your personally-identifying information to anyone, including any partners I may be using (which are listed below).
My Partners And Your Data
- Google Analytics — Your browsing data, navigational paths, and time of visit are being captured but anonymized.
- ConvertKit — Your email is being captured when you proactively subscribe using forms on my site. You can change / unsubscribe via every email you get.
- Vimeo / YouTube — I enable embedded videos on my site. These sites may capture browser and IP data, but are never passed additional personally-identifying data (like your name/email) from me.
- Thinkific — My courses are delivered via Thinkific. In GDPR terms, they’re a processor. I pass your name and email to them (after your purchase) so that you can log in and view courses.
- Right Message — I use RightMessage to present contextual content based on your behavioral data (what pages you visit, etc) and integrates with ConvertKit to leverage your interests.
Protecting Your Data
I am doing everything I can and know of to reasonably protect against any unauthorized access or use of potentially personally-identifying and personally-identifying information.
If you have questions or want to talk about any of this, feel free to reach me by email at Chris [at]chrislema.com.
Last Updated: May 25th, 2018