Privacy Policy

Last updated: March 6, 2026.

1. Introduction

1.1 Welcome to euanhallifax.com (the “Site”). This Privacy Policy explains how the team at euanhallifax.com (“we,” “us,” “our,” or “the Controller”) collects, uses, discloses, stores, and protects your personal information when you visit or interact with the Site.

1.2 We are committed to protecting your privacy and handling your personal data responsibly and in compliance with applicable data protection laws. This includes the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the Data Protection Act 2018, and relevant US laws such as the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and similar state privacy laws (e.g., Virginia Consumer Data Protection Act, Colorado Privacy Act) where applicable. Note that, as a website with limited data processing for site functionality and analytics only, we may not meet the thresholds for certain US state laws (e.g., CCPA applies to businesses with over $25 million in revenue or processing personal information of 100,000+ California residents annually). However, we provide disclosures and rights consistent with these laws for transparency and to accommodate users from these jurisdictions.

1.3 This Privacy Policy describes our data practices. Where we rely on your consent for processing (e.g., newsletters), it will be obtained explicitly and separately (e.g., via checkboxes). By using the Site, you acknowledge that you have read and understood this Policy. If you do not agree with our practices, please do not use the Site or provide personal data.

1.4 We do not use artificial intelligence tools for data processing, and we only collect data necessary for Site functioning and anonymized analytics. No sensitive personal data (e.g., health, racial origin, or biometric data) is collected.

2. Information We Collect

2.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information (as defined under applicable laws like CCPA):

- Identifiers: Name, email address, phone number, postal address, IP address.

- Internet or Network Activity: Browser type, operating system, device type, pages visited, time spent on pages, referring/exit pages, clickstream data, interaction patterns.

- Other: Messages or comments you submit; any voluntary information provided.

We do not collect: Sensitive personal information, geolocation data, financial information, or inferences drawn from personal information.

2.2 Sources of Information

- Directly from You: Voluntarily submitted via contact forms, newsletter sign-ups, or comments.

- Automatically: Through your device or browser when visiting the Site (e.g., via cookies or similar technologies—see Section 7).

- From Third Parties: Limited referral data if you arrive via a link (e.g., URL from a social media site). We do not actively seek or receive personal data from other third parties.

2.3 If you choose not to provide certain information (e.g., email for a newsletter), you may not be able to use that feature. No personal data is statutorily or contractually required beyond what is necessary for basic Site access.

3. How We Use Your Information

3.1 Purposes

We use your personal data solely for the following business or commercial purposes:

(a) To operate, maintain, and improve the Site (e.g., loading pages, navigation);

(b) To respond to your inquiries, comments, or requests;

(c) To send administrative communications (e.g., confirmation emails);

(d) To send newsletters or marketing communications (only with your explicit consent);

(e) To analyze Site usage and performance in an anonymized manner;

(f) To detect, prevent, and address technical issues, fraud, or security threats;

(g) To comply with legal obligations or enforce our Terms and Conditions.

We do not use your data for automated decision-making, including profiling, that produces legal or similarly significant effects.

3.2 Legal Grounds (for UK/EU GDPR)

- Consent: For newsletters or non-essential cookies.

- Contract: To fulfill your requests (e.g., contact form responses).

- Legitimate Interests: For essential Site operations, security, and anonymized analytics (we have conducted a Legitimate Interests Assessment to ensure your rights are not overridden).

- Legal Obligation: When required by law.

3.3 We minimize data use to what is necessary and do not sell, share, or disclose personal information for cross-context behavioral advertising or targeted ads.

4. Sharing Your Information

4.1 We do not sell, share, trade, or rent your personal data to third parties for marketing, advertising, or any other purposes. In the past 12 months, we have not sold or shared personal information (as defined under CCPA/CPRA).

4.2 Disclosures

We may disclose your information to:

(a) Service Providers: Trusted third parties for Site operations (e.g., web hosting, analytics like Google Analytics, email delivery), under strict contracts requiring data protection and prohibiting independent use.

(b) Legal Authorities: When required by law, court order, subpoena, or to protect our rights, property, safety, or that of others.

(c) Business Transfers: In a merger, acquisition, or asset sale, where your data may be transferred (with notice where required).

4.3 Categories Disclosed in Past 12 Months (for CCPA/CPRA Purposes)

- Identifiers and Internet/Network Activity: To service providers for hosting/analytics.

No disclosures to other third parties.

5. Data Security

5.1 We implement appropriate technical and organizational measures to protect your personal data, including encryption (e.g., HTTPS), access controls, firewalls, and secure servers.

5.2 No transmission or storage is 100% secure, but we follow industry standards to minimize risks.

5.3 You are responsible for your account credentials (if any) and activities under your account.

6. Data Retention

6.1 We retain personal data only as long as necessary for the purposes above, or as required by law, then securely delete or anonymize it.

6.2 Retention Periods by Category:

- Identifiers (e.g., contact form data): Up to 12 months after submission, or until request fulfilled.

- Internet/Network Activity (e.g., analytics): Anonymized or deleted after 26 months (per provider settings).

- Newsletter Data: Until you unsubscribe or consent is withdrawn.

If data is no longer needed earlier, it is deleted promptly.

7. Cookies and Tracking Technologies

7.1 The Site uses cookies and similar technologies (e.g., pixels) for essential functionality and anonymized analytics.

7.2 Types:

- Essential: For security, navigation (no consent needed).

- Performance/Analytics: Anonymized usage data (e.g., Google Analytics).

- Functional: Remember preferences.

- Marketing: Not used.

7.3 We obtain explicit consent via a cookie banner for non-essential cookies. You can manage preferences in your browser or withdraw consent anytime. Rejecting may limit functionality.

7.4 For details, see our Cookie Policy (linked on the Site).

8. Your Rights

8.1 UK/EU GDPR Rights

You have rights to: access your data; rectify inaccuracies; erase data (“right to be forgotten”); restrict processing; data portability; object to processing (e.g., legitimate interests or marketing); withdraw consent; not be subject to automated decisions.

8.2 US Rights (e.g., CCPA/CPRA, if applicable)

California (and similar state) residents have rights to: know categories/sources/purposes of personal information collected/sold/shared; access specifics; delete; correct inaccuracies; opt-out of sales/sharing (though we do not sell/share); limit sensitive data use (not applicable); non-discrimination.

To opt-out of any potential sharing, use the “Do Not Sell or Share My Personal Information” link in the Site footer or contact us. We honor Global Privacy Control (GPC) signals.

8.3 Exercising Rights

Contact us (details in Section 12) with verification (e.g., email match). We respond within one month (UK/EU) or 45 days (US, extendable). No fee unless excessive. For agents (US), provide authorization.

8.4 Complaints: UK ICO (www.ico.org.uk); EU supervisory authorities; US state attorneys general or FTC (www.ftc.gov).

9. International Data Transfers

9.1 The Site is operated from the United Kingdom. Data from EU/US users may be transferred to/processed in the UK.

9.2 Transfers comply with UK/EU GDPR using safeguards like Standard Contractual Clauses, International Data Transfer Agreements, or adequacy decisions. For US, we ensure equivalent protections.

10. Children’s Privacy

10.1 The Site is not intended for individuals under 18 (exceeding COPPA's under-13 and GDPR's under-16/13 thresholds). We do not knowingly collect data from children.

10.2 If we learn of such collection without verifiable parental consent (where required), we delete it immediately.

11. Changes to This Privacy Policy

11.1 We may update this Policy, posting changes here with a new “Last updated” date. Material changes will be notified via email (if available) or Site notice.

11.2 Continued use after changes indicates acceptance. We review the Policy at least annually.

12. Contact Information

For questions, rights exercises, or concerns:

Controller: euanhallifax.com

Website Forms: https://euanhallifax.com

We aim to respond within 7 business days, though high volume may extend this.

End of Privacy Policy.