Policy wording © Sophie Kay 2021. This Policy, or any subset thereof, may not be copied or reproduced in any form without prior written permission from the copyright holder.
Your privacy is very important to us. Here at Khronicle® we have a few fundamental principles that we follow:
Khronicle® is the professional website of Dr. Sophie Kay, operating over the domain www.khronicle.co.uk. It is our policy to respect your privacy regarding any information we may collect while operating this site.
All our information is stored on a server at Tsohost, the website hosting company which we use. Tsohost is UK based and compliant with the General Data Protection Regulations (GDPR). Tsohost’s GDPR FAQ page is available on their website.
Our website address is https://www.khronicle.co.uk.
In accordance with the Data Protection (Charges and Information) Regulations 2018, Khronicle® is registered with the Information Commissioner’s Office (ICO) on the Data Protection Register.
For any privacy-specific concerns you may have, please contact Sophie Kay via email at sophie[AT]khronicle.co.uk. To use this email address, you’ll need to replace the [AT] characters with @ when you type the address into the ‘Send To’ field.
Khronicle® is a professional services site and is separate from Dr. Sophie Kay’s non-commercial personal blog, The Parchment Rustler. As separate entities, Khronicle® and The Parchment Rustler do not share your personal information with one another. For example, if you sign up to receive the Khronicle® newsletter, your personal details will not be used in any way for mailings from The Parchment Rustler.
There are four main aspects of Khronicle® which may involve the collection of user data: our client user account area, our newsletter subscription facility, Contact Us or Competition/Giveaway forms; and our site usage statistics.
For clients that choose to register for a user account on our website, we store the personal information they provide when they register for their user profile. This includes, but is not limited to, the client’s:
These details are essential for: uniquely identifying our clients; providing clear communication through the client’s preferred channel; maintaining a record of essential research details necessary to carry out our contracted work; and providing the client with a progress tracker which enables them to monitor the development of their contracted research.
With the exception of their username, purchase history and the client-supplied family history details, all users can see, edit, or delete their personal information at any time. Website administrators can also see and edit that information.
If you subscribe to our newsletter, you consent to receive email notifications of new editions of the Khronicle® newsletter whenever these are released (typically one mailing every 4-8 weeks). As a subscriber, your details will not be distributed elsewhere and will not be used for any purpose other than providing you with a copy of the newsletter. If you unsubscribe, your information will be deleted permanently and with immediate effect.
Should Khronicle® cease activity, all newsletter subscriber details will be deleted. Our Newsletter Subscribers facility creates the following tables in our database, some of which are amended whenever a new subscriber joins or leaves:
Form submissions on our website are used for the Contact Us facility and for occasional competitions or giveaways.
A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns.
Google Analytics’ official statement on cookies and identifiers states that “Users may disable Google Analytics cookies or delete any individual cookie. In addition, Google Analytics supports an optional browser add-on that - once installed and enabled - disables measurement by Google Analytics for any site a user visits. Google Analytics also collects Internet Protocol (IP) addresses to provide and protect the security of the service, and to give website owners a sense of which country, state, or city in the world their users come from.”
Raw access logs are collected by our web host, Tsohost and are used by AWStats for web statistics. These may include several types of non-personally-identifying data which web browsers and servers usually make available, such as the browser type, language preference, referring site, and the date and time of each visitor request.
Forms for contact requests and entry to competitions and giveaways may require the use of reCAPTCHA, which carries out its own analytics via Google services in order to confirm that a user is human and not an automated bot. Details of the Analytics and Terms for reCAPTCHA are provided in the What personal data we collect and why we collect it section above.
The Khronicle® website also uses the Google Analytics service to evaluate website traffic, understand how and when our users interact with our content, and understand how to develop our site in the future. A summary of Google Analytics’ data policies and procedures is available on the Google website here.
We do not share your data with any third parties other than carefully selected providers essential to the day-to-day functioning of Khronicle®.
Our newsletter subscription service is handled through an internal script on Khronicle’s Tsohost servers and does not involve any third-party providers.
Continued functioning of Khronicle® depends upon a small number of third-party services which process your personal data:
Information held in opt-in client user accounts is retained on our servers for client use in the event of repeat custom, until the client requests account deletion. Persons holding a user account reserve the right to delete their user account at any time. As the service provider of the client user accounts on our website, we also reserve the right to withdraw or suspend the complementary user account service, or suspend an individual account, at any point we deem necessary or appropriate.
Information submitted through our Contact Us form may be retained for up to two calendar years from the date of submission. After this time, the query and associated contact details will be deleted from our systems. Retaining this information allows us to provide continuity of communication to persons who return to commission research with us some time after making their initial query.
If you choose to enter a competition or giveaway, we will store your personal information for as long as is necessary to conclude the competition or giveaway process. After this time, your submitted information will be deleted from our systems.
If you have a Khronicle® user account, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Details of our UK-based web hosting, and the providers of our third party services, can be found in the introduction to this Policy and the above sections entitled “What personal data we collect and why we collect it” and “whom we share your data with”.
Here at Khronicle®, we operate a data minimisation policy. This means that we take the minimum personal data from you required to operate our service, and that we minimise the sharing of that data with third-party organisations in order to reduce the risks of breaches occurring.
We regularly review the Khronicle® site to ensure that any patches or security fixes are applied as soon as possible. Our in-house operatives undertake regular refresher training in data management and the General Data Protection Regulations (GDPR) and we review our procedures on a regular basis to ensure we continue to meet current standards as requirements evolve. Our website is hosted in the UK by Tsohost. They operate their own data centres, have built in a secure network infrastructure and do not rely on third-party solutions. Tsohost’s data centres are staffed 24 hours a day every day of the year, with ultra-strict access control, extensive CCTV coverage, and online firewall protection.
Should a data breach ever occur at Khronicle®, we would notify any affected subscribers or clients by email as soon as possible, and within 72 hours of becoming aware of the breach. This approach complies with current GDPR requirements.
Following any breach, we would undertake a critical analysis to determine how such a breach had occurred and take appropriate steps to reduce the chances of it recurring.