Privacy Policy (UK)

The Privacy Policy was last updated on 7 September 2021 and applies to citizens of the United Kingdom. The ‘we’ and ‘our’ referenced herein and across all legal documentation (Cookie Policy, Privacy Policy, Privacy Statement & Disclaimer) refer to the Webmaster (site owner) of the website, Aman Singh Bhogal. The ‘you’, your’ and ‘visitor’ referenced herein refer to the visitor of the website. Information and guidance provided in this policy is designed to work alongside and in conjunction with the Privacy Statement (UK).

1. Who we are


Our website address is: https://www.amansinghbhogal.com.

2. What personal data we collect and why we collect it


Comments

Visitors cannot leave comments on the website, therefore no data in relation to comment posting is collected or stored.

Media

Visitors cannot upload images or any other form of media on to the website. Media on the website is copyrighted by respective laws (please see the Terms & Conditions and Disclaimer.) Media owned by the Webmaster may not be downloaded, distributed, utilised, re-produced etc. without the sole, written permission of the Webmaster. Visitors to the website may download and extract any location data from images on the website using any service appropriate and publically-available.

Contact forms

The contact forms used on the website collect the following personal data:

  • First Name (required)
  • Last Name (required)
  • Phone Number (optional)
  • Email Address (required)
  • Message (required)

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information is: your consent. You are able to remove your consent at any time. You can do this by referring to the instructions provided in Section 5. This data is only collected when the visitor, you, agrees to the submission of your data for this purpose. Agreement to the submission is in the form of the ‘opt-in’ GDPR checkbox, which is unchecked by default. This is a required field; the data will not be processed and transmitted unless this requirement is met (ie. when the box is checked, confirming the visitor’s explicit consent to the processing and submission of their personal data in the form.) If this consent isn’t given, the form will not be submitted, and the data entered will not be processed.

This information is collected in order for the Webmaster to respond to the queries which are communicated via the form(s) – The ‘First Name’ and ‘Last Name’ are for identification purposes, the ‘Phone Number’ and ‘Email Address’ are methods for which the Webmaster can follow-up with queries made by the visitor, and the ‘Message’ contains the query and reason why the visitor is contacting the Webmaster. The ‘Email Address’ is also collected to help for screening purposes to ensure the entry is not spam. The Akismet service utilised for the form anti-spam protection also use this to help screening. Information about this service can be found below.

The forms are developed and maintained by Kali Forms; you may view their Privacy Policy and Terms of Service which are hyperlinked. These forms do not store the data entered into their fields. When a visitor enters their personal data into the form fields and submits it, the data is immediately sent in the form of an auto-generated template email via a Custom SMTP service, which uses Google’s Gmail SMTP Server, to the ‘recipient’ email account (in this case, the Webmaster’s.) The ‘sender’ of the form (ie. the visitor entering data into the form and subsequently submitting it) also receive an auto-generated template email through the same Custom SMTP service to their inbox confirming the details they have entered into the form and that their submission has been acknowledged. This data is not stored in the website’s databases, nor can it be accessed, shared, manipulated or otherwise collected from as a result. The forms also do not collect visitor IP addresses.

records of consent

When a visitor opens the website via their browser, the Complianz service, which is used to generate the legal documentation for the site, as well as its related services and cookie banner, collects records of consent and generates reports from these in order to show the efforts made to comply with privacy legislation and consent management. The following information is therefore recorded in order to generate these records:

  • User ID (automatically generated by Complianz to help identify specific records)
  • Date and time of consent
  • Consent (whether it is a ‘Do Not Track,’ for example)
  • IP address of the device
  • Region (currently, the ‘UK’ region is configured, as this is the target visitor audience the website is aimed at.)
  • Consent type

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information is: we have a legal obligation. Information about why Proof of Consent conforms to this under GDPR can be found here. The consent records are stored on the site and can be downloaded by the Webmaster as Proof’s of Consent in PDF format, which contain the following information:

  • Cookie Policy
  • Cookie consent settings
  • Contact details of the Webmaster

Further information regarding these can be found with the links provided above.

Cookies

The website uses plugins to help deliver services and for functions, maintenance and user experience. In order for them to do this, they generate cookies which are stored/placed on the visitor’s browser and device. The information regarding these cookies, the plugins to which they correspond to, as well as their specific function(s) and retention periods can be found in the Cookie Policy. If the visitor has consented to all the cookies (by clicking ‘ACCEPT ALL’) in the cookie banner, there is an option in this document to revoke consent from those which they have ‘opted-in’ to. If the visitor’s browser has ‘Do Not Track’ set (which prevents websites from collecting information relating to the browser activity/activities), this will be respected and the Complianz plugin, which generates the legal documentations and cookie banner, will automatically block this behaviour. Subsequently, the cookie banner will not appear, as this request will be respected. More information about this can be found here.

user accounts

Visitors cannot create an account with the website, therefore temporary cookies will only be set for those administrative accounts or those visitors who visit the login page, either unintentionally or with intention (outside the restrictions of the website, which does not have a link for visitor’s.) The reference herein to ‘intentional access’ is outside the realms of what is considered ‘acceptable use.’ Administrative accounts are only made available to specific parties, and are not publicly available. Attempts by a visitor to gain access to the administrative side of the website will result in them being barred from accessing and using the site. For administrators with access to the site, upon login, a temporary cookie to determine if your browser accepts cookies will be set. This cookie contains no personal data and is discarded when you close your browser. Administrators with further queries regarding log-in service cookies may consult the Webmaster who will elaborate on this further.

website content

Visitors cannot edit, post or publish content, therefore cookies relating to this will not be saved in their browser.

Embedded content from other websites

The pages/posts across this website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

Social sharing widgets

The pages/posts across this website have a social sharing widget placed at the bottom of them. This is created using Ultimate Addons For Gutenberg by Brainstorm Force®. You may find information about how data is collected via their Privacy Policy, found here and their Terms of Service, found here. As a result, the widget made available to share the respective page/post may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content (if you have an account and are logged in to that website.) Details about these individual services and cookies utilised as well as their retention periods can be found in the Cookie Policy.

AKISMET

Akismet may collect information about visitors who comment on this site, which uses the Akismet anti-spam service. The information collected depends on how the Webmaster sets up Akismet for the site, but typically includes the commentor’s IP address, user agent, referrer, and site URL (along with other information directly provided by the visitor: their first name and last name, email address, mobile number (if supplied) and the message itself). A notice regarding this is placed underneath each form, with a link which directs the visitor to Akismet’s privacy notice, found here.

Analytics

No analytics are present on the website.

3. Who we share your data with


The data entered in the contact forms may be shared with Google as it passes through the Gmail servers. Information about this can be found here.

The records of consent are not shared with Complianz.

4. How long we retain your data


Data stored by the cookies used on this site have their own respective retention periods, which you may find on the Cookie Policy.

CONTACT FORM SUBMISSIONS

Data submitted from the contact form and processed as an auto-generated email will be retained indefinitely on the Webmaster’s email account or until a request is made for an email to be destroyed. The reason for this is archival; the Webmaster will aim to follow-up on all the queries submitted using the form(s) and can keep track of threads of communication which stem from the form submission. The email will be destroyed using the Gmail standard feature:

  1. The ‘conversation’ email is deleted. This moves it to the ‘Bin.’
  2. The Webmaster will then access the ‘Bin’ and select ‘Delete forever’ for the email

RECORDS OF CONSENT

Records of consent will be kept for a period of 2 years from the date of their initial generation or until a request is made for record of consent(s) to be deleted. When such a request is made, the record is deleted from the system. There is no standard recovery feature for this; once the data has been deleted, it cannot be restored by conventional means.

5. What rights you have over your data


You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. The process of requesting access to your data and the deletion of your data varies depending on the method of how it was obtained. Please see below for further details.

CONTACT FORM SUBMISSIONS

You have the right to have your contact form submission deleted from the email account of the Webmaster. To action this, please do the following:

  1. Send an email to the Webmaster with the subject line: “Request To Delete Form Submission Data”
  2. In the body of the email, add the information about the form submission in question, including the data which was entered in the form
  3. From this supplied information, the Webmaster will then attempt to locate the email in question and erase it from his account (using the process highlighted in Section 4 above)
  4. After, the Webmaster will respond back to the request email confirming that this action has been taken

The Webmaster will aim to action this within 48 hours of the request email being received.

You also have the right to the portability of your data. To action this, please do the following:

  1. Send an email to the Webmaster with the subject line: “Request To Obtain Personal Data For Portability Purposes”
  2. In the body of the email, add the information about the form submission in question, including the data which was entered in the form
  3. From this supplied information, the Webmaster will then attempt to locate the email in question and transmit this data to you in a machine-readable format.

For further information regarding this, please click here.

You do not have the right to object to this consent given, however you may have the right to withdraw your consent. This will be treated as the same as the erasure of your data, and therefore will echo the procedure outlined about. Please note the differences with the steps required for this request, however:

  • Send an email to the Webmaster with the subject line: “Request To Withdraw The Consent Of Data”
  • In the body of the email, add the information about the form submission in question, including the data which was entered in the form
  • From this supplied information, the Webmaster will then attempt to locate the email in question and erase it from his account (using the process highlighted in Section 4 above)
  • After, the Webmaster will respond back to the request email confirming that this action has been taken

For further information regarding this, please click here.

RECORDS OF CONSENT

You have the right to view your information stored in the records of consent. Please note that in this instance, the Webmaster is only obligated to show the process of consent management. This is referred to as the ‘proof of consent’ when dealing with the legal obligation.

In order to do request your record of consent data, you may contact the Webmaster via email with the subject title: “Request To View Record Of Consent.” The Webmaster will then:

  1. Request the UserID, which is stored in the specific browser used to visit the website.
  2. Locate the UserID found in the menu item records of consent.
  3. Download the proof of consent, containing a snapshot of the Webmaster’s settings and cookie consent management (at the time of your last consent choice.)
  4. Append this to an email whereby the Webmaster will summarise the other information regarding consent, IP range, consent type, timestamp, and choices.
  5. Direct you to https://complianz.io/consent/, which is the explanation of the process.
  6. If you want to be removed, the Webmaster will delete the UserID. Your local storage cookie will be void, and settings will be reset.

Further information about these, and how to access your UserID can be found here. The Webmaster will aim to action this within 48 hours of the request email being received.

Further information about your rights regarding data can be found in our Privacy Statement.

6. Where we send your data


The only data sent is the visitor’s contact information collected from the Kali Forms contact forms present throughout the website. This data is sent directly to:

  • The webmaster’s inbox, in the form of an automatically-generated HTML email which contains the visitor’s first name, last name, phone number (should they choose to add this), email address and message
  • The visitor’s inbox, also in the form of an automatically-generated HTML email which contains your first name, last name, phone number (should you have chosen to add this), email address and message, as well as a line confirming that the submission has been received and will be responded to shortly.

The email address supplied by the visitor will be the same one the Webmaster will respond to, in accordance with Section 2.

7. Additional information


How we protect your data

The website is secured by the following measures, which help to protect the data transmitted through the website:

  • Forced HTTPS redirection
  • Header-Strict-Transport-Security
  • X-XSS-Protection
  • X-Frame-Options
  • X-Content-Type-Options
  • Referrer-Policy
  • Permissions-Policy (replaces Feature-Policy)
  • Expect-CT
  • Directory Indexes Disabled
  • HTTP Trace Method Disabled
  • Restricted .htaccess access
  • Disabled XMLRPC Access
  • Let’s Encrypt 256-bit SSL Certificate Implementation
  • TLS v1.2 and 1v.3 Encryption
  • Disabled Direct PHP File Access
  • 2FA configured on Webmaster’s account

Form submission data is sent over Google’s SMTP TLS-encrypted channel to the webmaster’s email address, which is a Gmail account protected by its own security measures (please see below.)

What data breach procedures we have in place

The data breach procedures echo those of the security measures listed above. Since the information is stored on Google’s SMTP Servers, the Webmaster does not have access to these or their physical components. Access to the Webmaster’s Gmail account is restricted by strong passwords and 2FA measures.

The Webmaster also has the ability to generate Data Leak reports (using the Complianz service) should such an incident occur and the administrative accounts for the website are compromised. The Webmaster will ideally be notified immediately of this and will aim to act within 48 hours to notify the entity (‘visitor’) whose data has been compromised of the event and the information which has been subsequently compromised. Further information about this can be found here.

What third parties we receive data from

To the Webmaster’s knowledge, no third-party data is received.

8. Contact information


If you have any queries then you may get in contact with the Webmaster at the following email address: amansinghbhogal1@gmail.com. The Webmaster will endeavour to respond within 48 hours of the receipt of your email.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk