Privacy Policy

What is this Privacy Policy for?

This privacy policy is for this website,, and clients of Andrew Noakes. It sets out the different areas where user/client privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.

The Website

This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.

Email enquiries

If you send me an enquiry via email or via a form on my website, I’ll respond via email. My response will be limited to answering that enquiry; I won’t add you to my email list unless you ask me to or have otherwise consented to being added.

Email Newsletter

This website operates an email newsletter programme. Users can subscribe through an online process where they affirm their consent to receiving our emails.

We use Mailchimp to manage our email list and disseminate emails. As such, when users sign up for our email list, their data is transferred to Mailchimp for this purpose.

Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the General Data Protection Regulation.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. Users may also unsubscribe by emailing with ‘unsubscribe’ in the subject line.

Client information

Personal data of clients and manuscripts belonging to clients are kept confidential (except as below re. subcontractors) and are securely stored at all times. Some client data collected over the course of communications, signing of contracts, and other interactions with clients may be used for purposes that are essential for providing agreed services to clients or for complying with legal regulations, e.g. populating invoices with client contact information.

Some client data and manuscripts belonging to clients may be shared with subcontractors for the purpose of providing agreed services. This may include transfer of data to the United States. Standard contractual clauses are used to ensure compliance when transferring data to the United States in this context. Sub-contractors will only be used with the client’s consent.

Subject Access Request

Under the General Data Protection Regulation you may request a copy of personal information held about you by me. If you would like a copy of the information held on you please write to the business address at the bottom of this policy or email the email address.

Data storage and retention

Data may be stored and retained until such time as its retention is no longer necessary. After that, it will be deleted. All data is stored securely. All data is kept private except for when its transfer is necessary in line with the cases below.

Sharing/transferring your data

We may transfer your personal data onto the following third parties with the following justifications:

  • Google (legitimate interest in data storage of survey data and client data)
  • Mailchimp (legitimate interest in email list management)
  • Siteground (legitimate interest in maintaining website database, including form data storage)
  • Microsoft (legitimate interest in using email services)
  • Docusign (legitimate interest in contract signing)
  • Invoice Ninja (legitimate interest in invoicing; necessary to fulfil legal obligations)
  • Zapier (legitimate interest in connecting functions such as sales and invoicing)
  • Sub-contractors who assist us in performing a contract we have with you.
  • Legal/accountancy service providers (necessary to fulfil legal obligations regarding the preparation of our accounts and fulfilling tax obligations).
  • IT/technical support (legitimate interest in maintaining our services, including but not limited to our website and email services).
  • Facebook (legitimate interest in matching email subscriber data to Facebook users in order to create a Facebook ads suppression list. This means we can avoid advertising to existing email subscribers on Facebook when doing so would be superfluous).

Some of our partners and service providers are located outside the EU, and we may transfer your data to them if necessary. We use appropriate safeguards to protect your data when transferring it outside of the EU, such as EU-approved standard contractual clauses, Binding Corporate Rules, and protection under EU-approved certification mechanisms such as Privacy Shield.

Google, Docusign, Zapier, Microsoft, Invoice Ninja, Facebook, and Mailchimp are based in the United States and we therefore transfer your data to the United States. Google, Microsoft, Olark, Facebook, Invoice Ninja, Zapier, and Mailchimp operate within the EU-approved Privacy Shield data protection framework. Siteground is based in the EU and GDPR compliant. However, it may transfer data to its US entities. Such data transfers are covered by standard contractual clauses, making them GDPR compliant. Docusign has completed the approval process for Binding Corporate Rules, making them compliant with EU standards.

The right to object

You have the right to object to the processing of your data where the justification is our legitimate interest. In order to object, email explaining which form of processing you wish to object to.

External Links

Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website.

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Shortened Links in Social Media

This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example:

Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.


In the event that the sole trader company known as Andrew Noakes is merged with or taken over by another company, personal data related to clients, email subscribers, and users this website may be transferred to the relevant successor entities.

Identity and contact details

The data controller is Andrew Noakes, who is contactable by mail at Flat 7, 204 Ewell Road, Surbiton, KT6 6HL and email at