PRIVACY POLICY
What we collect, why, and what you can ask us to do.
A plain-English account of every piece of personal data we touch, the legal basis for touching it, the third parties involved, and the rights you can exercise.
1. Who is the data controller
The data controller for this site is Horizon Workflow Limited, a private limited company registered in England and Wales (company number 15898019), whose registered office is at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.
You can reach the data controller by emailing hello@mikefraser.me.
2. ICO registration
Horizon Workflow Limited is registered with the UK Information Commissioner's Office under the Data Protection (Charges and Information) Regulations 2018. Registration reference: ZC144748. The entry on the public register is at ico.org.uk/ESDWebPages/Entry/ZC144748.
3. What personal data we collect
We collect the minimum personal data needed to run the site and to deliver the services described on it.
- Email address, and where provided, first name and company. When you submit a form on the site (contact form, fit-call enquiry, or a lead-magnet download), this information is used to respond to you and, for the newsletter and lead magnets, is passed to our email service provider, Kit. The full list of fields on any given form is visible on the form itself.
- Anonymised analytics data. When you visit any page on the site, Google Analytics 4 records the page viewed, the approximate country (derived from your IP, which is anonymised at collection), the device and browser type, and the referring source. IP addresses are not stored.
- Theme preference. If you toggle the site to dark mode, your choice is stored in your browser's localStorage. This is local to your device and never sent to us.
No payments are taken on this site. Digital toolkits are sold separately at boardreadyit.com, which handles purchase data under its own privacy policy.
4. Why we collect it (legal basis under UK GDPR)
| Data | Purpose | Legal basis |
|---|---|---|
| Email and name (form submission) | To respond to your enquiry, or to send the requested lead magnet or newsletter | Consent (you opt in by submitting the form; you can withdraw at any time) |
| Analytics data | To understand how the site is used and improve it | Legitimate interest in operating the site effectively |
5. Third parties who process data for us
We use the following processors. Each is bound by a data-processing agreement and by Standard Contractual Clauses where international transfers are involved.
- Kit (Kit.com Inc.), United States. Email service provider. Hosts the subscriber list, sends newsletter and lead-magnet emails, and stores tags reflecting the form you signed up through. Standard Contractual Clauses in place for the international transfer.
- Formspree (Formspree, Inc.), United States. Form delivery for the contact and fit-call forms. Receives the fields you submit and forwards them to us by email. Standard Contractual Clauses apply.
- Google Analytics 4 (Google LLC), United States. Site analytics. Configured with IP anonymisation. Subject to Standard Contractual Clauses and to the EU-US and UK-US Data Privacy Frameworks.
- GitHub Pages (GitHub Inc.), United States. Static hosting for the site itself. GitHub processes server logs (IP, timestamp, user-agent) for security purposes. Standard Contractual Clauses apply.
6. Cookies and local storage
On your first visit, a banner asks whether you accept analytics. Google Analytics is loaded only if you accept. If you decline, no analytics cookies are set. There are no advertising cookies, no third-party tracking pixels, and no cross-site tracking in either case.
- Google Analytics 4 cookies (
_ga,_ga_YMWVQ2X1VC). Set only after you accept analytics in the consent banner. Used to distinguish unique visitors and sessions. Retention: 14 months. Configured with IP anonymisation. - Consent choice (
mf-consent). Stored inlocalStorageso the banner does not reappear on every visit. Never transmitted off-device. To change your decision, clear site data for mikefraser.me in your browser. - Theme preference. Stored in
localStorage, never transmitted off-device.
7. How long we keep your data
- Email subscribers. Held in Kit until you unsubscribe. On unsubscribe, removed within 30 days.
- Enquiry correspondence. Contact and fit-call enquiries are kept while needed to deal with them, and then deleted within 12 months unless they relate to an ongoing engagement.
- Analytics. 14 months in GA4 (the default user-data retention setting). Aggregated reports are kept indefinitely.
8. Your rights under UK GDPR
You have the right to:
- Access the personal data we hold about you
- Have inaccurate data corrected
- Have your data erased ("right to be forgotten"), subject to our legal record-keeping obligations
- Restrict processing of your data
- Receive your data in a portable format
- Object to processing based on legitimate interest
- Withdraw consent at any time, where consent is the legal basis
To exercise any of these rights, email hello@mikefraser.me. We will respond within one month and confirm what action we have taken.
9. Complaints
If you are unhappy with how we have handled your personal data, you have the right to complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint. We would prefer the chance to put things right first, so please contact us before escalating if you can.
10. Changes to this policy
We may update this policy from time to time. The current version is always at this URL. Material changes will be flagged in the next regular newsletter, and the "Last updated" date below will change.