Thank you for considering sharing your personal information with me!
WHO I AM
I, George Jerijian (‘me‘ or ‘my‘ being interpreted accordingly) am a sole trader with a principal place of business at 7 Carlyle Mansions, 52 Cheyne Walk, London SW3 5LS, UK. I help retiring entrepreneurs find their passion, purpose, and potential for the next chapter in their lives by mentoring, speaking and writing (‘the Services’). I am responsible for the information you submit to me via my website georgejerjian.com and to my email address [email protected]. I am the ‘controller’ of this information for the purposes of the EU General Data Protection Regulation (‘GDPR’) and the UK Data Protection Act 2018. My registration number with the UK Information Commissioner’s Office is ZA540850.
I process personal information in accordance with this policy so please read it carefully! Personal information is defined in the GDPR as any information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
If you need to contact me about your personal information or the processing carried out with it, please use my email address.
SCOPE & ACKNOWLEDGEMENT
This Policy applies to any personal information you submit to me via georgejerjian.com or when you communicate with me at [email protected] or through other direct channels (‘directly obtained information’) and also to any other information about you that comes my way during my business development efforts (‘indirectly obtained information’).
By submitting any personal information to me, you acknowledge that you have read this policy and that I expect you to help me maintain your information accurate and up-to-date. I endeavour to bring this policy to your attention every time I obtain information directly from you. In all other circumstances I will bring this policy to your attention the first time I reach out to you.
I would not ask you for any information related to your health, religious/political/philosophical beliefs or racial background or any other sensitive matters, so please do not submit such information to me.
|I process the following personal information:||For the following purposes:||On the following legal ground(s):|
|Indirectly obtained information: any publicly available information relating to you, such as your name, contact details, etc.||(1) Business development and marketing.
|(1): This is necessary for the purposes of the legitimate interests I pursue, namely my pursuit of new business opportunities and marketing of my Services (Article 6(1)(f) GDPR).|
|Directly obtained information: any information you submit to me via georgejerjian.com or send to me at [email protected], including your name, contact details, any answers to pre-formulated questions in web forms and any queries sent by email.||(1) E-newsletter subscriptions;
(2) Enquiries and bookings;
|(1.1): If you actively request a subscription (ie solicited marketing) I would need your details to deliver this Service (Article 6(1)(b) GDPR);
(1.2): If you decide to opt-in to receive a subscription in the course of inquiring about or using another Service, then I would need to seek your permission (Article 6(1)(a) GDPR);
(2): If you wish to make an enquiry or a booking with respect to my Services, then I would need your details to process your request (Article 6(1)(b) GDPR);
(3): If you are pleased with my Services and you would like to share your satisfaction, then I would be delighted to receive a recommendation from you that I can publish on georgejerjian.com. For that I would need your permission (Article 6(1)(a) GDPR).
|Any information you generate whilst you browse georgejerjian.com or whilst you read my e-newsletter. This information is generated with the help of cookies and similar technologies and may include: browser type and version; operating system; the website from which your reach my website; sub-websites; date and time of access to my site; your IP address; your ISP; and any other similar data and information that may be used in the event of attacks on my information technology systems.||(1) The correct and efficient delivery of website content;
(2) ensuring the viability of information technology systems and website technology;
(3) analysis of the website and the e-newsletter’s performance and engagement;
(4) optimisation of the website content
including its advertisement on search engines;
(5) delivery (via third parties) of targeted advertising tailored to your interest.
|(1) to (2): Such technologies are considered ‘essential’ and I process your information derived from them in pursuit of my legitimate interests (Article 6(1)(f) GDPR), namely, ensuring the efficient, functional and safe delivery of georgejerjian.com and the e-newsletter.
(3) to (5): For such processing I need to have your permission (Article 6(1)(a)GDPR).
Please, exercise your choice with respect to ‘non-essential’ cookies via the cookie pop-up on georgejerjian.com
For the technical details of the cookies in use, please see my Cookies Policy.
PERSONAL INFORMATION SHARING
|Recipient type:||For the following purposes:||On the following legal grounds:|
|Suppliers||I may disclose your personal information to the suppliers and vendors who help me provide the Services and run my business in accordance with my instructions and under a written contract. The list of recipients includes:
(1) My IT solutions providers, including but not limited to IT consultants, web hosting providers, email delivery services, customer relationship management systems, etc.
(2) Providers of tracking and analytics technology across the Services by way of third party integrations on georgejerjian.com and in the e-newsletter.
(1): In most circumstances I would need to share your personal information with these parties in order to be able to deliver my Services (Article 6(1)(b) GDPR). In limited circumstances I may need to do this operation in pursuit of my legitimate interests (Article 6(1)(f) GDPR), namely, the proper administration of my business, and when allowed, the promotion of my business. When the law requires it, I will seek your permission to share your information for the purposes of marketing or advertising (Article 6(1)(a) GDPR).
(2): In most circumstances I would need your permission (Article 6(1)(a)GDPR) to do this, unless any of the exemptions for ‘essential cookies’ apply in which case the information is processed in pursuit of my legitimate interests (Article 6(1)(f) GDPR), namely, ensuring the correct, functional and safe delivery of georgejerjian.com and the e-newsletter.
For the technical details of the third-party solutions integrated on georgejerjian.com and the e-newsletter, including the names of all parties involved, please see my Cookies Policy.
|Advisors||I may disclose your personal information to my professional advisors that are usually regulated by a competent authority (solicitors, accountants, etc.) where that proves necessary.||This is necessary for the purposes of the legitimate interests that I pursue (Article 6(1)(f) GDPR), namely the proper administration of my business.|
|Authorities||I may disclose your personal information to the court service or regulators or law enforcement agencies in connection with proceedings or investigations where I am compelled to do so.||I would do this if I need to comply with a legal obligation (Article 6(1)(f) GDPR) or in when in pursuit of my legitimate interests (Article 6(1)(f) GDPR), namely the protection of my business.|
TRANSFERS OF PERSONAL INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA (‘EEA‘)
The very nature of Internet communications means that at least some of the personal information processed by myself and the parties I share it with will be processed outside the EEA which is an area composed of countries offering a high standard of personal information protection under the GDPR and which imposes certain restrictions on outbound transfers to non-EEA territories, unless they are deemed to provide adequate legal protection for personal information under the GDPR.
Some of my suppliers may be located outside the EEA. For example, my hosting provider hosts georgejerjian.com in the USA. It achieves compliance with data protection law by way of its EU-US Privacy Shield self-certification. On the other hand, my IT consultants are based Canada which is considered an adequate jurisdiction for data protection purposes. Other suppliers I use achieve such compliance by way of controller to processor standard contractual clauses approved by the European Commission. Where no ‘appropriate safeguard’ for international transfers of personal information are available, I will seek your explicit consent for your information to be transferred, unless there are other derogations provided under the GDPR that allow me to transfer your information outside the EEA.
Please contact me if you would wish to have further details of the specific safeguards applied to the export of your personal information outside the EEA (where applicable).
YOUR RIGHTS UNDER EUROPEAN DATA PROTECTION LAW
I am committed to fulfilling the statutory data protection rights of my customers. If you send me a request regarding your rights under data protection law, I will respond within one month from the day of receipt and, where possible, address your request within such time. Where necessary, this period may be extended by up to a further three months in complex cases. Please use [email protected] to exercise the following rights in respect of the personal information I process about you:
|to be informed;||to access (such information);||to rectification (of inaccurate information);|
|to erasure;||to restrict processing (in certain cases);||to object to profiling;|
|to data portability (in certain cases);||to complain to the Information Commissioner’s Office;||to withdraw consent (if I have collected your personal information on this basis).|
Detailed information on the full content of your rights (and any conditions that may apply) is provided by the United Kingdom’s Information Commissioner’s Office and is available on their website: https://ico.org.uk/your-data-matters/.
Whenever I use my legitimate interests (Article 6(1)(f) GDPR) as justification for the processing of your personal information, I apply a three-stage test to ensure that my interests are not overridden by your interests and rights under data protection law.
I do not engage in profiling which is capable of producing legal or other significant effects on you.
I do not apply machine learning or artificial intelligence in the course of processing or as a type of processing of your personal information.
You are under no statutory or contractual obligation to provide any personal information to me, although this may affect the Services or information that I am able to provide to you.
No data transmission over the Internet can be absolutely guaranteed to be secure from intrusion. Nevertheless, I maintain physical, electronic and procedural safeguards to protect personal information in accordance with data protection legislation requirements. As a controller, I am under an obligation to implement appropriate and commercially reasonable technical and organisational measures to ensure a level of security appropriate to the risk for your rights and freedoms. I also seek to make sure that my suppliers implement similar measures when they are given access to your personal information.
DATA RETENTION PERIOD
I shall retain your personal information until you request me to no longer hold it, unless I am required to keep it by law. If your personal information becomes irrelevant for the purpose for which it was originally collected then I will securely dispose of it. Outdated personal information may also be periodically and safely disposed of in accordance with my internal data retention procedures. To determine the appropriate retention period for personal information, I consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure, the purposes for which I process personal information and whether I can achieve those purposes through other means, and the applicable legal requirements.
Please note that the foregoing does not apply to any personal information that has been irreversibly anonymised, meaning data rendered anonymous in such a manner that you are no longer identifiable from such data. Under the applicable law, such data is not deemed ‘personal’ and may be indefinitely.
If you opt-out of receiving direct marketing communications from me, I will hold on to your details in order to make sure that you are not contacted in future.
I reserve the right to amend this Policy from time to time. Any material changes I make in the future will be notified to you via email or any other means I deem fit.
DATE OF LAST AMENDMENT
17 September 2019