Privacy Policy

1. Introduction and Scope of the Policy

Welcome to our website. We respect your privacy and are committed to protecting it. This Privacy Policy explains how viktorsaghy.co.uk (“we” or “us”) collects, uses, shares, and protects the personal data of individuals (“you”) who use our website (the “Site”). It applies to all visitors and users of the Site and related services, regardless of where they are located. We present this information in a clear and plain language format, in accordance with applicable laws (Writing a GDPR Privacy Policy and Notice that Meets GDPR Requirements | Secureframe), including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

This policy outlines what personal information we collect from you, why we collect it, whether and how we share or sell it, and how you can exercise your privacy rights – all presented in an accessible way (CCPA Privacy Policy Requirements, Examples & Template - Termly). Please read it carefully to understand our practices. By using our Site, you acknowledge that you have read and understood this Privacy Policy.

Scope: This Privacy Policy covers personal data (also called “personal information”) collected through our Site and any services that link to this policy. It does not apply to third-party websites or services that we do not control. If you follow links to external sites, please review their privacy policies separately. If you have any questions about this policy or our data practices, please contact us using the information provided in Section 8 below.

2. Types of Personal Data Collected

For purposes of this policy, “personal data” means any information that identifies, relates to, or can reasonably be linked to an individual. It can include obvious things like your name or email address as well as online identifiers such as an IP address or a cookie ID (Personally identifiable information: PII, non-PII & personal data). We collect various types of personal data, including:

  • Contact Information: e.g. your name, email address, telephone number, or postal address. You might provide these when you register on the Site, subscribe to a newsletter, fill out a form, or communicate with us.

  • Account Credentials: If our Site allows account creation, we collect login details like username and password (stored securely in hashed or encrypted form).

  • Usage Data: Information about how you use our Site. This includes your IP address, browser type, device identifiers, pages and content viewed, dates/times of visits, and referring webpage.

  • Cookies and Tracking Information: Data collected via cookies and similar technologies. Cookies are small text files stored on your device that help us recognize you and remember your preferences. They, along with tools like web beacons and analytics scripts, collect information about your interactions with our Site (such as which pages you visited and any preferences you set).

  • Other Information You Provide: Any other personal data you choose to give us. For example, if you participate in a survey, enter information into a comment box, or contact customer support, we will collect whatever information you choose to share.

We do not intentionally collect sensitive personal data (such as government ID numbers, financial information, health or biometric data, or information about racial or ethnic origin) unless it is necessary and you have explicitly provided it or consented. If we ever need to handle sensitive data, we will do so in accordance with applicable laws and obtain your consent where required.

3. How Data Is Collected

We collect personal data about you in a few different ways:

  • Directly from You: Most of the personal data we collect comes directly from you. You provide data when you interact with our Site, for example by creating an account, filling out forms (such as a registration or contact form), subscribing to content, posting comments, or communicating with us via email or chat. This information is given voluntarily by you.

  • Automatically through Technology: When you use our Site, we automatically collect certain information about your device and usage of the Site. We use cookies, server logs, and third-party analytics tools to gather data such as your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of access ("What Information Do We Collect" Clause in a Privacy Policy - TermsFeed). For instance, our servers log your IP address and browsing actions to help us secure the Site and understand traffic patterns. We may also use analytics services (like Google Analytics) that utilize cookies or similar technologies to collect usage data and report on how visitors use our Site. (You can find more details in our Cookie Policy, and you typically have options to disable or control cookies through your browser settings.)

  • From Third Parties: In some cases, we receive personal data about you from third-party sources. For example, if you choose to sign in via a social network or an identity provider (such as Google or Facebook login), that service will send us certain information (like your name and email) as authorized by you under their terms. We might also receive marketing or demographic information about users from business partners or referrals, or if you interact with our social media pages, those platforms might share information with us under their privacy policies. We only obtain information from third parties where those third parties have the legal right to share your data with us.

We use these collection methods to ensure we gather the information necessary to operate our services, maintain the Site, and improve user experience. In all cases, we strive to limit the personal data we collect to only what is relevant and required for the purposes described in the next section.

4. Purpose of Data Collection and Legal Basis

We only collect and process your personal data for specific purposes and when we have a lawful basis to do so under applicable law (for example, when you have given consent or when processing is necessary for our legitimate interests or to perform a contract with you) (CCPA Privacy Policy Requirements, Examples & Template - Termly). The purposes for which we use personal data, along with the legal basis under GDPR, include:

  • To Provide and Maintain our Services: We use your information to operate the Site and our services, to create and manage your user account, to allow you to log in, and to provide you with the features and functionalities of our Site. This also includes processing orders or transactions you request, responding to your inquiries, and providing customer support. Legal basis: This processing is necessary to perform the contract we have with you (for example, our Terms of Service when you use the Site). It may also be in our legitimate interest to ensure our services are delivered effectively.

  • To Communicate with You: We may use your contact information to send service-related communications. For instance, we might email you to verify your account, notify you of changes or updates to services, respond to support requests, or inform you about security or privacy updates. Legal basis: It is our legitimate interest to communicate with our users about important service information or your requests. In certain cases, where required by law or not strictly service-related, we will rely on your consent for communications (for example, if sending promotional messages – see below).

  • For Marketing and Newsletter Purposes: If you subscribe to our newsletter or opt in to receive promotional materials, we will use your email or other contact details to send you updates, newsletters, offers, or other marketing communications about our products or services. You can opt out of these messages at any time by clicking the “unsubscribe” link in the email or contacting us. Legal basis: Consent – we will only send you marketing emails if you have given us permission. (If you opt in, you have the right to withdraw consent later; see Section 7 on your rights.)

  • To Personalize and Improve Our Site: We analyze how users interact with our Site to improve our content and layout, develop new features, and enhance the overall user experience. This may involve using cookies and analytics data to understand usage patterns and user preferences. We might also personalize the Site content for you, such as remembering your language preference or showing content relevant to your interests. Legal basis: Our legitimate interest in improving our services and running a successful website. Where required by law (for example, for certain analytics or personalization cookies in some jurisdictions), we will rely on your consent before collecting data for these purposes.

  • For Legal Compliance and Security: We process personal data as needed to comply with our legal obligations and to protect the rights and safety of our users, us, and others. For example, we may keep records of transactions for tax and accounting laws, use your information to verify your identity and prevent fraudulent activities, or disclose information to law enforcement in response to valid legal requests. We also use data to enforce our Terms of Use and to ensure the security of our systems (e.g. detecting and addressing security incidents). Legal basis: Compliance with laws and regulations to which we are subject (such as financial reporting laws or lawful requests by public authorities). Additionally, protecting our website and users is within our legitimate interests, and in some cases may be necessary to protect vital interests (in rare emergency situations).

We will not use your personal data for purposes that are incompatible with those described above without informing you and obtaining your consent when necessary. If we ever need to process your data for a new purpose that isn’t covered by this Policy, we will provide you with a new notice explaining that use and, if required, seek your consent.

5. How Data is Stored and Protected

We take the security of your personal data seriously and implement appropriate technical and organizational measures to safeguard it from unauthorized access, alteration, disclosure, or destruction (Personally identifiable information: PII, non-PII & personal data). These measures include, for example:

  • Encryption: We use encryption protocols (such as HTTPS/TLS) to protect data transmitted between your browser and our Site. Sensitive information (like passwords or any payment details) is stored in encrypted form.

  • Access Controls: Personal data is accessible only to those people who need it to perform their job duties (for example, our customer support and technical staff) or to service providers who help us run our operations (described in Section 6). Access to data is protected by authentication and authorization controls, and those who handle personal data are bound by confidentiality obligations.

  • Security Practices: We maintain up-to-date security practices to protect data. This includes using firewalls and security software to prevent unauthorized access, regularly updating our software and systems to address vulnerabilities, and monitoring our systems for possible attacks or intrusions. We also train our staff on privacy and security best practices.

Despite our efforts, please note that no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the unlikely event of a data breach that affects your personal data, we will follow all applicable laws to notify you and authorities of the breach.

Data Retention: We retain personal data only for as long as necessary to fulfill the purposes described in this Policy or as required by law (Privacy policy | OpenAI). In practice, this means we keep your information for as long as you have an account with us or as long as needed to provide you with services. After you close your account or stop using our Site, we may still retain some of your data for a period of time, but only as long as we have a valid reason to keep it. For example, we might retain certain information for recordkeeping, to enforce our agreements, to resolve disputes, or to comply with legal obligations (such as financial reporting or audit requirements). When your personal data is no longer needed for these purposes, we will delete it or anonymize it so that you can no longer be identified.

International Data Transfers: Your personal data may be stored or processed on servers located in countries other than your own. For instance, if our web servers or cloud storage providers are in another country, your data will be transferred to that jurisdiction. We understand that different countries may have different data protection laws, so whenever we transfer personal data across borders, we take steps to ensure it remains protected. If you are located in the European Economic Area (EEA) or United Kingdom, and your data is transferred to a country that does not have an adequacy decision from the EU, we will use appropriate safeguards as required by the GDPR – such as Standard Contractual Clauses – to ensure your data privacy rights are respected. By using our Site or providing us with your information, you understand that your personal data may be transferred to and processed in countries outside of your home country.

6. Sharing of Data with Third Parties and Service Providers

We treat your personal data with care and do not sell your information to third parties for monetary compensation. In other words, we do not exchange your personal data with unrelated companies for their own marketing or profit. We also have not sold or shared personal information in the past 12 months. That said, we do share certain information with third parties under specific circumstances, as outlined below:

  • Service Providers (Processors): We share personal data with trusted third-party companies who perform services on our behalf. These include, for example, website hosting providers, cloud storage services, email delivery services, analytics providers, customer support tools, payment processors (if applicable), and other IT or business service vendors. We only share the information that is necessary for them to carry out their functions, and they are contractually obligated to use the data only for that purpose and to protect it. (Under the CCPA, these service providers are considered “service providers” receiving information for business purposes, not “third parties” who sell the data.)

  • Business Transfers: If we are involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, personal data may be transferred to a successor or affiliated organization as part of that deal. If such a transfer occurs, the acquiring party will either continue to honor the terms of this Privacy Policy or notify you of any changes. We will ensure any successor understands that they must handle your personal data in accordance with applicable privacy laws.

  • Legal Compliance and Protection: We may disclose your personal data to courts, law enforcement, governmental authorities, or other authorized third parties if required to do so by law or if we believe such action is necessary to: (a) comply with a legal obligation (like a subpoena, warrant, or court order); (b) enforce our Terms of Use or other agreements; (c) detect or prevent fraud, security, or technical issues; or (d) protect the rights, property, or safety of our users, the public, or our company. We will only disclose the minimum amount of information necessary and will object to overly broad requests when appropriate.

  • With Your Consent: In situations other than those above, if we need to share your information with a third party, we will do so only with your explicit consent. For example, if you opt-in to a co-branded promotion or request that we share your details with a partner (say, for that partner to provide you with information or an offer), we will honor your request. You have the right to revoke such consent at any time.

In all cases of sharing, we require third parties to respect the security of your personal data and to handle it in accordance with applicable laws and instructions. We do not allow our service providers to use your personal data for their own marketing or other purposes not related to the service they are providing to us.

We also want to clarify our stance under the CCPA: we do not sell personal information. If in the future we ever decide to sell personal data (as defined by the CCPA, which could include sharing for certain types of targeted advertising), we will update this Privacy Policy accordingly and provide a clear “Do Not Sell My Personal Information” link or mechanism on our Site, so you can opt out of such uses. We will also provide any required notices to you about the change and ensure we have any required consent.

7. Users’ Rights under GDPR and CCPA

We respect your rights to control your personal information. Depending on where you live and which privacy laws apply to you, you have various rights regarding the personal data we hold about you. The two primary laws we comply with – GDPR (for users in the European Economic Area, UK, etc.) and CCPA (for California residents) – grant the following rights:

Rights under the GDPR (EU/EEA): If you are located in the European Union, United Kingdom, or another country with similar data protection laws, you have the following rights under the GDPR (Respect individuals’ rights | European Data Protection Board):

  • Right of Access: You can request confirmation of whether we are processing your personal data, and if so, request a copy of that personal data. We will also provide supplementary information about the processing (such as the purposes, the categories of data, the categories of recipients, etc.) in line with legal requirements.

  • Right to Rectification: If you believe that any personal data we hold about you is incorrect or incomplete, you have the right to request that we correct or update it. We will rectify inaccurate information as quickly as possible.

  • Right to Erasure (“Right to be Forgotten”): You can ask us to delete your personal data, and we will do so unless we have a lawful reason to keep it. This right is not absolute – sometimes we may need to retain information (for example, to comply with a legal obligation or to establish/exercise a legal claim). But if there’s no legitimate need for us to keep your data, we will delete it upon your request.

  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances – for instance, if you contest the accuracy of the data, or you object to our processing and we are evaluating your request. When processing is restricted, we can still store your information but will not use it for other purposes until the restriction is lifted.

  • Right to Object: You may object to our processing of your personal data when we base it on legitimate interests, including any profiling based on those interests. If you object, we will re-evaluate our reasons for processing your data. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your rights or if the data is needed for legal claims. Importantly, you have an absolute right to object to the use of your personal data for direct marketing purposes at any time – if you object, we will cease using your data for marketing.

  • Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format (for example, a CSV file), and you have the right to have that data transmitted to another data controller, where technically feasible. This right applies when the processing is based on your consent or a contract and is carried out by automated means.

  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you are entitled to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing of your personal data under other lawful bases (if applicable). For example, you can opt out of our marketing emails by withdrawing your consent – we will then stop sending you further marketing messages.

  • Right to Lodge a Complaint: If you believe that we have infringed your data protection rights, you have the right to file a complaint with a Data Protection Authority (DPA) or Supervisory Authority in the EU/EEA country where you live or work, or where the alleged infringement took place. We would appreciate the chance to address your concerns directly first, so we encourage you to contact us with any complaint, but you always have the right to contact the authorities.

Rights under the CCPA (California Residents): If you are a California resident, the CCPA (as amended by the CPRA) provides you with several key rights regarding your personal information (California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General) (California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General):

  • Right to Know (Access): You have the right to request that we disclose the personal information we have collected about you. This includes the specific pieces of information, as well as additional details like the categories of personal information collected, the categories of sources of that information, the business or commercial purposes for collecting (or selling, if applicable) the information, and the categories of third parties with whom we have shared your personal information. This “right to know” allows you to obtain both a report of the specific personal information and the categories of information and sources. You can make a access request for information collected in the past 12 months.

  • Right to Delete: You have the right to request that we delete personal information we have collected from you. Once we receive and verify your deletion request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. For example, we may deny a deletion request if retaining the information is necessary to complete a transaction you requested, to detect security incidents, to comply with a legal obligation, or other reasons permitted by the CCPA. If we must deny your request in part, we will do so only to the extent allowed by law and will inform you of the reason.

  • Right to Correct: You have the right to request that we correct any inaccurate personal information we maintain about you. If you identify information that is incorrect, please let us know and, upon verification, we will correct it as required.

  • Right to Opt-Out of Sale/Sharing: You have the right to direct us not to sell or share your personal information to third parties. “Sale” under CCPA is broadly defined to include sharing of personal information for valuable consideration (which may include certain types of targeted advertising). As noted above, we do not sell your data in the traditional sense. If we ever engage in practices that the CCPA considers a “sale” or “sharing” of personal information, you can opt out at any time. We will honor user opt-out preferences, including any Global Privacy Control (GPC) signals sent by your browser as a valid request to opt-out of the sale of personal information, as required by CCPA regulations.

  • Right to Limit Use of Sensitive Personal Information: The CPRA (California Privacy Rights Act) amendment gives you the right to limit how we use or disclose your sensitive personal information (such as precise geolocation, racial or ethnic origin, health information, etc.) if we collect such data. Specifically, you can direct us to use your sensitive information only for providing the services or goods requested by you and for certain limited business purposes, and not to use or disclose it for other purposes like additional profiling or advertising. (Note: We generally do not collect sensitive personal information unless necessary, as stated above, but this right is available to you.)

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means that if you choose to exercise your privacy rights (such as requesting deletion or opting out of sale), we will not deny you our services, charge you a different price, or provide you a lower quality of service just because you exercised your rights. The CCPA allows businesses to offer certain financial incentives (e.g., discounts or rewards programs) in exchange for personal information, but if we ever choose to offer such programs, they will be optional and based on your informed opt-in consent, and we will provide all required details per the law.

Please note: These rights are not absolute. Each right is subject to certain legal conditions and exceptions. For example, if a request is manifestly unfounded or excessive (e.g., repetitive), we may charge a reasonable fee or refuse to act on it, as allowed by law. However, we will explain our decision in such cases. In all cases, we are committed to responding to legitimate requests and will not retaliate or punish you for exercising your rights.

8. How Users Can Exercise Their Rights or Contact Us

We have established simple ways for you to ask questions, express concerns, or exercise your rights regarding your personal data. If you would like to access, correct, or delete your data, or if you want to opt out of certain data uses, you can contact us in any of the following ways:

  • Email: The easiest way to reach us is by emailing privacy@[ourwebsite].com (replace [ourwebsite] with our actual domain name). Please include your name and the specific request or question you have. For example, you can say, “I am requesting access to my personal data,” or “Please delete the account associated with [your email address].” Using the subject line “Privacy Request” can help ensure it gets to the right team.

  • Online Form: If we provide an online request form on our Site (for example, a “Data Request” form on our Privacy page), you can submit your request through that form. It will ask you to provide necessary information to process your request and will be sent directly to our privacy team.

  • Postal Mail: You may also send us a written request via mail. Our mailing address is provided on our Contact page (or here: [Mailing Address of Company]). Please attention your letter to “[Website Name] – Privacy Request.” In your letter, include your name, contact information, and the nature of your request.

Verification of Requests: When you make a request to exercise your rights, we need to verify that you are who you say you are, to protect your privacy. We may ask you to provide additional information to verify your identity – for example, confirming control of the email address associated with your account or answering a few questions about your interactions with our Site. We will only use the information provided in a verification request to confirm your identity or authority. In some cases, we might refuse a request if we cannot verify that the person making the request is the person about whom we collected personal information (or someone authorized to act on their behalf). If you are a California resident making a CCPA request, you may authorize an agent to make the request on your behalf. We will require the agent to provide proof that you gave them signed permission to submit the request, and we may still ask you to verify your identity directly.

Response Timeframe: We will respond to your privacy requests as soon as we reasonably can. Under GDPR, we strive to respond within one month of receiving a request (and we can extend that by an additional two months if necessary, but we will inform you if an extension is needed). Under CCPA, we generally will respond to requests within 45 days (and if needed, may take an additional 45 days, in which case we will let you know). In all cases, we will inform you of the outcome of your request or let you know if we need more information from you to fulfill it. There is no charge for making a reasonable request: we will not charge you a fee for exercising your rights unless your request is excessive, repetitive, or manifestly unfounded, in which case we are permitted by law to charge a small fee or refuse the request.

Contact for Privacy Questions or Complaints: If you have any questions about this Privacy Policy or about our privacy practices, you are welcome to contact us. The best way is via the email address above. You can also reach out to our Data Protection Officer (if one is appointed) or the privacy team at the same email. We will do our best to address any issue or concern you have about our handling of your personal data. Your feedback is important to us, and we’re happy to assist you with any queries (Writing a GDPR Privacy Policy and Notice that Meets GDPR Requirements | Secureframe).

9. Policy Updates and Changes

We may update or change this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will post the updated policy on this page and update the “Effective Date” at the bottom. If the changes are significant, we will provide a more prominent notice of the update – for example, by posting a notice on our homepage or notifying registered users via email – so that you are aware of any important changes in advance.

Any changes to this Privacy Policy will become effective when posted unless stated otherwise. In some cases, if required by law, we may seek your explicit consent to significant changes. For example, if we were to propose using your personal data for a new purpose not originally disclosed, we would either ask for your consent or provide you with an opportunity to opt out, as applicable. We encourage you to review this page periodically to stay informed about how we are protecting your information.

If you continue to use our Site after an updated Privacy Policy has been posted, it means you acknowledge the changes (subject to any additional steps that may be required by law). However, we will not reduce your rights under this Privacy Policy without your consent. For previous versions of this Privacy Policy, you may contact us to obtain a copy or visit our website archives if available.

10. Effective Date

This Privacy Policy is effective as of March 21, 2025.