This Privacy Policy tells you what you can expect me to do with your information.
I am Benjamin Holt, a United Kingdom-based sole trader, also trading as "Ben Holt" and "Holt." My contact details are available on the 'Contact' page of my website. I am registered with the United Kingdom's Information Commissioner's Office (I.C.O.) (registration reference: ZC042019).
Information I collect / use
I collect / use the following information to provide you with services:
names and contact details.
addresses.
occupation.
dates of birth.
financial data (including income & expenditure).
information relating to compliments and complaints.
photographs & video recordings.
recordings of meetings and decisions.
account access information.
website user information.
analytics information.
I collect / use the following information to comply with legal requirements:
names and contact details.
addresses.
records of consent.
photographs & video recordings.
I collect / use the following information to manage client accounts:
names and contact details.
addresses.
occupation.
transaction data (including details about payments to and from clients and details of products and services they have purchased).
I collect / use the following information for dealing with queries, complaints or claims:
names and contact details.
addresses.
video recordings (including in private areas).
photographs.
relevant information from previous investigations.
information relating to health & safety (including incident investigation details, reports and accident book records).
correspondence.
Lawful basis and data protection rights
This Privacy Policy tells you what to expect me to do with your information.
I am Benjamin Holt, a United Kingdom-based sole trader, domiciled at 46 Swinburne Rd., Abingdon-on-Thames, Oxfordshire, OX14 2HD, United Kingdom. I am contactable at benholt@mailbox.org. I also trade as “Holt.” I am registered with the Information Commissioner's Office (registration reference: ZC042019).
This privacy policy applies when I am the sole data controller. Other privacy policies apply when I am a joint data controller (e.g. if I have taken photos & videos of you for another organisation’s marketing). You will have been explicitly informed if this is the case: if you’d like to double-check, please feel free to contact me using my contact details provided at the start of this privacy policy.
Information I collect / use
I collect / use the following information to provide you with services:
names and contact details.
addresses.
occupation.
dates of birth.
financial data (including income & expenditure).
information relating to compliments and complaints.
photographs & video recordings.
recordings of meetings and decisions.
account access information.
website user information.
analytics information.
I collect / use the following information to comply with legal requirements:
names and contact details.
addresses.
records of consent.
photographs & video recordings.
I collect / use the following information to manage client accounts:
names and contact details.
addresses.
occupation.
transaction data (including details about payments to and from clients and details of products and services they have purchased).
I collect / use the following information for dealing with queries, complaints or claims:
names and contact details.
addresses.
video recordings (including in private areas).
photographs.
relevant information from previous investigations.
information relating to health & safety (including incident investigation details, reports and accident book records).
correspondence.
Lawful basis and data protection rights
You have certain rights with respect to your data. Learn more about these rights on the I.C.O.'s website.
My lawful bases for collecting or using information to provide you with services are:
consent. I have permission from you after I gave you all the relevant information. All of the your data protection rights may apply, except the right to object. To be clear, you have the right to withdraw your consent at any time.
contract. I have to collect or use the information so I can enter into or carry out a contract with you. All of your data protection rights may apply, except the right to object.
My lawful bases for collecting or using information to comply with legal requirements are:
the basis of legal obligation. I have to collect or use your information so I can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
My lawful bases for collecting or using information to manage client accounts are:
consent. I have permission from you after I gave you all the relevant information. All of the your data protection rights may apply, except the right to object. To be clear, you have the right to withdraw your consent at any time.
contract. I have to collect or use the information so I can enter into or carry out a contract with you. All of your data protection rights may apply, except the right to object.
My lawful bases for collecting or using information for dealing with queries, complaints or claims are:
consent. I have permission from you after I gave you all the relevant information. All of the your data protection rights may apply, except the right to object. To be clear, you have the right to withdraw your consent at any time.
contract. I have to collect or use the information so I can enter into or carry out a contract with you. All of your data protection rights may apply, except the right to object.
legitimate interests. I’m collecting or using your personal information because it benefits you, me or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.
I may receive unsolicited queries, complaints or claims from you. I am able to respond to these communications if I collect your contact details and contents of your communication. If I do not collect these details, you may not receive a resolution to your communication when you stated you would have liked one. I only rely my legitimate interests to process this data when a communication is initiated by you. Your information may face hazards (e.g. a data breach) which I try to mitigate (e.g. by securing your data) but these hazards are relatively unlikely to materialise and are, in my judgement, normally outweighed by your desire to receive a satisfactory response.
For more information on my use of legitimate interests as a lawful basis, please contact me using my contact details provided at the start of this Privacy Policy.
Where I get information from
I get information:
directly from you.
from publicly available sources.
from market research organisations.
from suppliers and service providers.
How long I keep information
I keep all information on file for the 6 years following our last engagement, in line with your consent or contractual agreement.
I keep all data related to unsolicited queries, complaints or claims only for as long as that query, complaint or claim is unresolved, unless I have a legal obligation to retain a record (for example, if a communication is health & safety-related, I may be obliged to record certain details in an accident log).
Who I share information with
I share information with the following entities:
Adobe Systems Software Ireland Limited (a creative software and signature collection provider).
Apple Distribution International Limited (a cloud services provider).
Bytedance Pte. Ltd. (a video editing software provider).
Heinlein Hosting GmbH (an email provider).
Meta Platforms, Inc. (a social networking site).
Microsoft Ireland Operations Limited (a cloud services provider).
Mistral AI (an artificial intelligence services provider).
Notion Labs, Inc. (a virtual workspace software provider).
TikTok Information Technologies UK Limited and TikTok Technology Limited (a social networking site).
I also share information with organisations I’m legally obliged to share information with.
I sometimes transfer information outside of the U.K. when it’s necessary to. When I do this, I comply with the U.K. G.D.P.R., making sure appropriate safeguards are in place. For further information, please contact me using my contact details provided at the start of this Privacy Policy.
Adobe Systems Software Ireland Limited is based in Ireland, a European Economic Area (E.E.A.) state with which the U.K. has adequacy regulations.
Bytedance Pte. Ltd. is based in Singapore. We may make restricted transfers to them when we edit media containing you. This will be in line with your explicit consent, given the risk of you losing the protection of U.K. data protection law.
Apple Distribution International Limited is based in Ireland, an E.E.A. state with which the U.K. has adequacy regulations.
Heinlein Hosting GmbH is based in Germany, a European Economic Area (E.E.A.) state with which the U.K. has adequacy regulations.
Meta Platforms, Inc. (a social networking site) is based in the United States of America (U.S.). and, given I have assessed the risks, I may make restricted transfers to them. Meta Platforms, Inc. may publish the photographs and videos we collect worldwide - this will be in line with your explicit consent, given the risk of you losing the protection of U.K. data protection law.
Legal text: I may transfer information to Meta Platforms, Inc. in accordance with Article 46 of the G.D.P.R., considering this organisation has adopted the U.K. Addendum to the E.U. Standard Contractual Clauses. In transferring data to Meta Platforms, Inc. under Article 46 of the G.D.P.R., I will have conducted a transfer risk assessment, incorporating the U.K.’s Department for Science, Innovation and Technology’s (D.S.I.T.’s) 9.2023 Analysis of the UK Extension to the EU-US Data Privacy Framework. This approach to this transfer risk assessment has been deemed “reasonable and proportionate” by the I.C.O..
Microsoft Ireland Operations Limited is based in Ireland, an E.E.A. state with which the U.K. has adequacy regulations.
Mistral AI is based in France, an E.E.A. state with which the U.K. has adequacy regulations.
Notion Labs, Inc. is based in the United States of America. This organisation is certified to the U.K. Extension to the European Union-U.S. Data Privacy Framework programme.
TikTok Technology Limited is based in Ireland, an E.E.A. state with which the U.K. has adequacy regulations. TikTok Information Technologies UK Limited and TikTok Technology Limited may publish the photographs and videos we collect worldwide - this will be in line with your explicit consent, given the risk of you losing the protection of U.K. data protection law.
Informing you of policy updates
This policy may be updated occasionally. I will inform you if I make any changes using the contact details I have on file. Updates will also be posted to this web page.
How to complain
If you have any concerns about my use of your data, you can make a complaint to me using my contact details provided at the start of this Privacy Policy.
If you remain unhappy with how I’ve used your data after raising a complaint with me, you can also complain to the I.C.O..
The I.C.O.’s address is: Information Comissioner’s Office, Wycliffe House, Water Ln., Wilmslow, Cheshire, SK9 5AF, U.K..
The I.C.O.’s helpline telephone number is: +44 (0) 303 123 1113.
The I.C.O.’s website is: ico.org.uk/make-a-complaint.
My lawful bases for collecting or using information to provide you with services are:
consent. I have permission from you after I gave you all the relevant information. All of the your data protection rights may apply, except the right to object. To be clear, you have the right to withdraw your consent at any time.
contract. I have to collect or use the information so I can enter into or carry out a contract with you. All of your data protection rights may apply, except the right to object.
My lawful bases for collecting or using information to comply with legal requirements are:
the basis of legal obligation. I have to collect or use your information so I can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
My lawful bases for collecting or using information to manage client accounts are:
consent. I have permission from you after I gave you all the relevant information. All of the your data protection rights may apply, except the right to object. To be clear, you have the right to withdraw your consent at any time.
contract. I have to collect or use the information so I can enter into or carry out a contract with you. All of your data protection rights may apply, except the right to object.
My lawful bases for collecting or using information for dealing with queries, complaints or claims are:
consent. I have permission from you after I gave you all the relevant information. All of the your data protection rights may apply, except the right to object. To be clear, you have the right to withdraw your consent at any time.
contract. I have to collect or use the information so I can enter into or carry out a contract with you. All of your data protection rights may apply, except the right to object.
legitimate interests. I’m collecting or using your personal information because it benefits you, me or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.
I may receive unsolicited queries, complaints or claims from you. I am able to respond to these communications if I collect your contact details and contents of your communication. If I do not collect these details, you may not receive a resolution to your communication when you stated you would have liked one. I only rely my legitimate interests to process this data when a communication is initiated by you. Your information may face hazards (e.g. a data breach) which I try to mitigate (e.g. by securing your data) but these hazards are relatively unlikely to materialise and are, in my judgement, normally outweighed by your desire to receive a satisfactory response.
For more information on my use of legitimate interests as a lawful basis, please contact me.
Where I get information from
I get information:
directly from you.
from publicly available sources.
from market research organisations.
from suppliers and service providers.
How long I keep information
When I have your consent or we have a contract, I will keep all the relevant information on file for the period stated in your consent or our contract.
I keep all data related to unsolicited queries, complaints or claims only for as long as that query, complaint or claim is unresolved, unless I have a legal obligation to retain a record (for example, if a communication is health & safety-related, I may be obliged to record certain details in an accident log).
Who I share information with
I share information with the following entities:
Adobe Systems Software Ireland Limited (a creative software and signature collection provider).
Apple Distribution International Limited (a cloud services provider).
Bytedance Pte. Ltd. (a video editing software provider).
Framer B.V. (a web hosting provider).
Heinlein Hosting GmbH (an email provider).
Meta Platforms, Inc. (a social networking site).
Microsoft Ireland Operations Limited (a cloud services provider).
Mistral AI (an artificial intelligence services provider).
Notion Labs, Inc. (a virtual workspace software provider).
TikTok Information Technologies UK Limited and TikTok Technology Limited (a social networking site).
I also share information with organisations I’m legally obliged to share information with.
I sometimes transfer information outside of the U.K. when it’s necessary to. When I do this, I comply with the U.K. G.D.P.R., making sure appropriate safeguards are in place. For further information, please contact me.
Adobe Systems Software Ireland Limited is based in Ireland, a European Economic Area (E.E.A.) state with which the U.K. has adequacy regulations.
Bytedance Pte. Ltd. is based in Singapore. We may make restricted transfers to them when we edit media containing you. This will be in line with your explicit consent, given the risk of you losing the protection of U.K. data protection law.
Apple Distribution International Limited is based in Ireland, an E.E.A. state with which the U.K. has adequacy regulations.
Framer B.V. is based in the Netherlands, a European Economic Area (E.E.A.) state with which the U.K. has adequacy regulations.
Heinlein Hosting GmbH is based in Germany, a European Economic Area (E.E.A.) state with which the U.K. has adequacy regulations.
Meta Platforms, Inc. (a social networking site) is based in the United States of America (U.S.). and, given I have assessed the risks, I may make restricted transfers to them. Meta Platforms, Inc. may publish the photographs and videos we collect worldwide - this will be in line with your explicit consent, given the risk of you losing the protection of U.K. data protection law.
Legal text: I may transfer information to Meta Platforms, Inc. in accordance with Article 46 of the G.D.P.R., considering this organisation has adopted the U.K. Addendum to the E.U. Standard Contractual Clauses. In transferring data to Meta Platforms, Inc. under Article 46 of the G.D.P.R., I will have conducted a transfer risk assessment, incorporating the U.K.’s Department for Science, Innovation and Technology’s (D.S.I.T.’s) 9.2023 Analysis of the UK Extension to the EU-US Data Privacy Framework. This approach to this transfer risk assessment has been deemed “reasonable and proportionate” by the I.C.O..
Microsoft Ireland Operations Limited is based in Ireland, an E.E.A. state with which the U.K. has adequacy regulations.
Mistral AI is based in France, an E.E.A. state with which the U.K. has adequacy regulations.
Notion Labs, Inc. is based in the United States of America. This organisation is certified to the U.K. Extension to the European Union-U.S. Data Privacy Framework programme.
TikTok Technology Limited is based in Ireland, an E.E.A. state with which the U.K. has adequacy regulations. TikTok Information Technologies UK Limited and TikTok Technology Limited may publish the photographs and videos we collect worldwide - this will be in line with your explicit consent, given the risk of you losing the protection of U.K. data protection law.
Informing you of policy updates
This policy may be updated occasionally. I will inform you if I make any changes using the contact details I have on file. Updates will also be posted to this web page.
How to complain
If you have any concerns about my use of your data, you can make a complaint to me by contacting me.
If you remain unhappy with how I’ve used your data after raising a complaint with me, you can also complain to the I.C.O..
The I.C.O.’s address is: Information Commissioner’s Office, Wycliffe House, Water Ln., Wilmslow, Cheshire, SK9 5AF, U.K..