Privacy Policy

Effective date: April 2024

In this digital age, safeguarding your privacy is of utmost importance. This Privacy Policy outlines our commitment to protecting personal data and provides you with choices regarding how your information is used. We encourage you to familiarize yourself with our practices and understand your rights. Additionally, this policy covers the handling of data that may be personal to you.

Policy Updates: We periodically review, update, and amend our policies to align with business needs and technological advancements. Please check back regularly for any new updates or changes. Your continued use of our services signifies your acceptance of any modifications to this Privacy Policy. As the data controller, we handle and process all data on behalf of our customers.

Discretionary Personal Data: While you have the option not to provide “discretionary” Personal Data, please note that doing so may limit our ability to offer you the full range of services or provide the best user experience.

Scope of this Privacy Policy: This Privacy Policy governs how Debbie Duthie collects, uses, and maintains your Personal Information on debbieduthie.com. It also outlines your legal rights concerning this information.

Agreement: By using the website or services, you confirm that you have read and understood this Privacy Policy and our Terms. The Agreement governs your use of debbieduthie.com, ensuring that we collect, use, and maintain information consistently.

What personal information do we collect from the people who visit our website?

when contacting our site or buying services s as suitable, you could be approached to type in your name, email, and, payment information, or different subtleties to assist you with your experience.

Financial Data: Financial data is related to your payment methods, such as credit card or bank transfer details. We collect financial data to allow you to purchase, or exchange services from our website. We store limited financial data. Most financial data is transferred to our payment processor, Google Pay, and you should review these processors' Privacy Policies to determine how they use, disclose, and protect your financial data.
Contact information.An Authorized User is required to provide some contact information (e.g., an email address) when making an account on the Services.

Automatically collected information about your use of our Services or tools,

This information is registered automatically with the visit by the own configuration or manual of each tool on the website

When you visit, connect with, or utilize our service, we may gather, record, or create specific specialized data about you. We do so either autonomously or with the assistance of third-gathering Service Providers, including using "cookies" and other following innovations.
We automatically collect certain information when you visit, use or navigate the Website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser, and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Website and other technical information. This information is primarily needed to maintain the security and operation of our Website and for our internal analytics and reporting purposes.

The information we collect includes:

Log and Usage Data. Log and usage data are service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Website, which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, settings, and information about your activity on the Website (such as the date/time stamps associated with your usage, pages, and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps') and hardware settings).

Device Data. We collect device data such as information about your computer, phone, tablet, or another device you use to access the Website. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

How do we use your details?

We process personal data to operate, improve, understand, and personalize our services. We use personal data for the following purposes:

To Deliver Targeted Advertising to Users:We use personal data to tailor advertising to individual user preferences and behaviors, enhancing relevance and effectiveness.
To Develop and Display Personalized and Relevant Advertising Content:Personal data helps us create advertising content that is specifically designed to match the interests and needs of our users.
To Determine the Effectiveness of Promotional Campaigns:We analyze user data to assess how well our marketing campaigns perform, allowing us to make necessary adjustments for better results.
To Support Marketing Activities:Personal data is utilized to streamline and enhance our marketing strategies, ensuring they are more aligned with user preferences.
To Identify Usage Trends:We track data to identify patterns and trends in user behavior, which helps in improving service offerings and user experience.
To Send Users Marketing and Promotional Communications:We use contact information to send updates, offers, and promotional materials that may be of interest to our users.
To Improve User Experience:Personal data guides us in customizing and optimizing the user experience, making our services more user-friendly and responsive.
To Diagnose Problems and Prevent Fraudulent Activities:We analyze personal data to identify and resolve technical issues or disruptions, and to detect and prevent any fraudulent or illegal activities.
To Engage and Retain Users:We leverage user data to engage effectively with our users and create strategies to retain their interest and loyalty over time.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.

As noted in the list above, we may communicate with you if you've provided us with the means to do so. For example, if you've given us your email address, we may send you promotional email offers or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us, which helps us improve our services. If you do not want to receive communications from us, please indicate your preference by emailing us at [email protected].

Behavioral Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

We use Facebook Pixel and Google Analytics to help us understand how our customers use the Site.

You can opt-out of targeted advertising by:

Facebook: https://www.facebook.com/settings/?tab=ads
Google: https://www.google.com/settings/ads/anonymous

How to opt-out

When you engage us for the Services or make inquiries about our Services, you will be requested to provide your consent to us to send promotional material to you. You may stop the delivery or “opt-out” of future promotional emails by following the specific instructions in the email you receive.

Do Not Track

Currently, various browsers — such as Microsoft Edge, Firefox, and Safari — offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Web sites visited by the user about the user's browser DNT preference setting. Debbie Duthie does not currently commit to responding to browsers' DNT signals concerning the Company's Web sites, in part because industry groups have adopted no common industry standard for DNT, technology companies, or regulators, including no consistent standard of interpreting user intent. Debbie Duthie takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.

How we use cookies

We may use cookies and other tracking technologies to collect and store information; We may use cookies and similar technologies (like web beacons and pixels) to access or store information. We use cookies and similar technologies for several purposes, depending on the context or service, including:

Recognize you if you sign in to use our offerings. This allows us to provide you with recommendations, display personalized content, and provide other customized features and services.
We are keeping track of your specified preferences. This allows us to honor your likes and dislikes, such as your language and configuration preferences.
Detecting and preventing fraudulent activity and improving security.
We are conducting research and diagnostics to improve our offerings.
Reporting allows us to measure and analyze the performance of our offerings.

First-party cookies

Strictly Necessary Cookies:These cookies are necessary for the website to function and cannot be switched off in our systems. They are often set in response to actions made by you, which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.
Functional cookies:These cookies enable the website to provide enhanced functionality and personalization. They may be set by third party providers whose services we have added to our pages or by us.
Performance cookies:These cookies allow us to count visits and traffic sources to measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site.
Targeting cookies: These cookies may be set through our site and used to build a profile of your interests and show you relevant adverts on other sites.

Google Analytics Cookies

We use Google Analytics to investigate the utilization of our site by users and visitors. Google Analytics assembles data about site use through cookies. The data assembled identifying our site is utilized to make reports about the utilization of our site.

You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website: Disable Google Analytics.

Name of cookie	Expiry period	Purpose	Company
_ga	Persistent - 2 years	Analytics	Google Analytics, Google LLC
_ga_JMDY11H0YJ	Persistent - 2 years	Analytics	Google Analytics, Google LLC
_gat	Persistent - 2 years	Analytics	Google Analytics, Google LLC
_gid	Persistent - 1 day	Analytics	Google Analytics, Google LLC
_sp_root_domain_test_* (x 1535)	Session cookie	Analytics	debbieduthie.com
gaVisitorTypeLong	Persistent - 2 years	Analytics	Google Analytics, Google LLC
gaVisitorTypeShort	Persistent - 30 minutes	Analytics	Google Analytics, Google LLC
Facebook Pixel _fpb,datr,dpr,fr,wd	Collects anonymous statistics regarding usage of the website. These are third-party cookies. While debbieduthie.com 's use of Facebook causes these cookies to be used, debbieduthie.com itself does not control the data within the cookies themselves. The names of the cookies listed are provided as examples. debbieduthie.com does not directly control the names of the cookies involved, and the actual names may differ. These cookies enable us to: Determine the effectiveness of certain marketing campaigns Collect additional anonymous statistics (see below) You can learn more about Facebook's Tracking Pixel here

What are your choices regarding cookies?

Cookie Preferences on the website: Our cookies allow you to take advantage of some essential and useful features. Blocking some types of cookies may impact your experience of our sites. You can change your cookie preferences at any time by clicking ‘Cookie Preferences in the footer of the website.

Browser settings: You can also manage browser cookies through your browser settings. The 'Help' feature on most browsers will tell you how to remove cookies from your device, prevent your browser from accepting new cookies, how the browser will notify you when you receive a new cookie, how disable cookies, and when cookies will expire. Check the support site for your browser to understand the privacy settings available to you. If you block or reject some of our cookies through your browser’s settings, you might not be able to use certain offerings that require you to sign in to an account, and some features and services may not work. You might also have to manually adjust your preferences or settings every time you visit our website.

California Consumer Rights

The California Consumer Privacy Act provides specific rights to those in California. Suppose you are a California-based consumer, as that term is defined under California law. In that case, this section shall apply in addition to all other applicable rights and information contained in this Statement.

You have the right to request that we provide you with what personal information we collect, use, and disclose.
You have the right to request that we delete the personal information we, or our service providers, store about you.
We will not discriminate or retaliate against you if you elect to exercise any rights under this section of our Privacy Statement.
You may request that we not sell your personal information. As noted above, we do not sell your personal information, and we only share your personal information with third parties, as described in this Statement.
You have the right to designate an authorized agent to request on your behalf. Please see the Identity Verification Requirement below for information on our process for verifying that we have received a legally valid request.
If you are a California consumer and have additional questions based on this section of our Privacy Statement or wish to submit a request to request that we not share your information with third parties, please contact us by email or through the contact us page.
See more at https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/

According to caloppa, we agree to the following:

Users can visit our site anonymously.
You'll be notified of any ONLINE PRIVACY POLICY changes via email

Nevada Resident Rights

If you are a resident of Nevada, you have the right to opt-out of selling certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us at [email protected] with the subject line "Nevada Do Not Sell Request" and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Data as sales are defined in Nevada Revised Statutes Chapter 603A.

Coppa (children online privacy protection action)

With regards to the assortment of private information from children under the age of 13 years, the Children's Online Privacy Protection Act (COPPA) puts parents in charge. The Federal Trade Commission, United States consumer safety firm, enforces the COPPA Guideline, which defines what providers of websites and online services should do to safeguard children's privacy and security online. For more details, Click Here or below link

https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule

GDPR-Customer data processing appendix:

Customer Data" means any personal data that Debbie Duthie processes on Customer's behalf via the Services, as more particularly described in this DPA.

"Data Protection Laws" means all data protection laws and regulations applicable to a party’s processing of Customer Data under the Agreement, including, where applicable, EU Data Protection Law and Non-EU Data Protection Laws.

GDPR-EU data protection law

“EU Data Protection Law” means all data protection laws and regulations applicable to Europe, including (i) Regulation 2016/679 of the European Parliament and the Council on the protection of natural persons concerning the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR“); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national implementations of (i) and (ii); and (iv) in respect of the United Kingdom (“UK“) any applicable national legislation that replaces or converts in domestic law the GDPR or any other law relating to data and privacy as a consequence of the UK leaving the European Union.

“Europe” means, for this DPA, the European Union, the European Economic Area and/or their member states, Switzerland, and the United Kingdom.

“Non-EU Data Protection Laws” means the California Consumer Privacy Act (“CCPA”); the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”); and the Brazilian General Data Protection Law (“LGPD “), Federal Law no. 13,709/2018.

“SCCs” means the standard contractual clauses for processors as approved by the European Commission or Swiss Federal Data Protection Authority (as applicable), which shall be applied only to transfers of Customer Data from the European Union.

“Sensitive Data” means (a) social security number, passport number, driver’s license number, or similar identifier (or any portion thereof); (b) credit or debit card number (other than the truncated (last four digits) of a credit or debit card); (c) employment, financial, genetic, biometric or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or sexual orientation; (e) account passwords; or (f) other information that falls within the definition of “special categories of data” under applicable Data Protection Laws.

“Services Data” means any data relating to the Customer’s use, support, and/or operation of the Services, including information relating to volumes, activity logs, frequencies, bounce rates, or other information regarding emails and other communications the Customer generates and sends using the Services.

Parties' roles: If EU Data Protection Law or the LGPD applies to either party's processing of Customer Data, the parties acknowledge and agree that concerning the processing of Customer Data, the Customer is the controller and is a processor acting on behalf of Customer, as further described in Annex A (Details of Data Processing) of this DPA.
Purpose limitation: Debbie Duthie shall process Customer Data only following Customer's documented lawful instructions as outlined in this DPA, as necessary to comply with applicable law, or as otherwise agreed in writing ("Permitted Purposes"). The parties agree that the agreement sets out the Customer's complete and final instructions to Debbie Duthie concerning the processing of Customer Data. Processing outside the scope of these instructions (if any) shall require a prior written agreement between the parties.
Prohibited data. The customer will not provide (or cause to be provided) any Sensitive Data to Debbie Duthie for processing under the Agreement, and Debbie Duthie will have no liability whatsoever for Sensitive Data, whether in connection with a Security Incident or otherwise. To avoid doubt, this DPA will not apply to Sensitive Data.
Customer compliance: Customer represents and warrants that (i) it has complied, and will continue to comply, with all applicable laws, including Data Protection Laws, in respect of its processing of Customer Data and any processing instructions it issues to Debbie Duthie; and (ii) it has provided, and will continue to provide, all notice and has obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for Debbie Duthie to process Customer Data for the purposes described in the agreement. Customer shall have sole responsibility for the accuracy, quality, and legality of Customer Data and how Customer acquired Customer data. Without prejudice to the generality of the preceding, Customer agrees that it shall be responsible for complying with all laws (including Data Protection Laws) applicable to any emails or other content created, sent, or managed through the service, including those relating to obtaining consents (where required) to send emails, the content of the emails and its email deployment practices.
The lawfulness of Customer's instructions: The customer will ensure that United Kingdom processing of the Customer Data by Customer's instructions will not cause Debbie Duthie to violate any applicable law, regulation, or rule, including, without limitation, Data Protection Laws. Debbie Duthie shall promptly notify Customer in writing unless prohibited from doing so under EU Data Protection Laws if it becomes aware or believes that any data processing instruction from Customer violates the GDPR or any UK implementation of the GDPR.

Contact Details

You can exercise any of the rights described above in the “What are your choices and how can you exercise them?” section above directly by sending an email to [email protected] or by mailing a non-registered letter with a document proving your identity to the below address:

Debbie Duthie
Email: [email protected]

Phone:
Address:

If you are submitting a request on behalf of another person, you must provide proof that you have been authorized by the individual to act on his or her behalf. In certain circumstances, we may ask the individual to verify his or her own identity directly with us. Please note that we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.

How long do we keep your information?

We keep your information for as long as necessary to fulfill the purpose outlined in this privacy policy unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy unless a longer retention period is required or permitted by law ( such as tax, accounting, or other legal requirements). No purpose in this notice will require us to keep your personal information for longer than the period of time in which users have an account with us.

When we have an ongoing legitimate business need to process your personal information, we will either delete or anonymize such information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Your Legal Rights

Under certain circumstances, you have rights under data protection laws to your data.

You may have the following rights: -

Request access to your data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide.
Request deletion of your data. This enables you to ask us to delete or remove personal data where there is no good reason to continue processing it. You also have the right to ask us to delete or remove your data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
Object to processing your data where we are relying on a legitimate interest (or those of a third party). Something about your situation makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object to processing your data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, overriding your rights and freedoms.
Request restriction of processing of your data. This enables you to ask us to suspend the processing of your data in the following scenarios:
1. If you want us to establish the data's accuracy.
2. Our use of the data is unlawful, but you do not want us to erase it.
3. You need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims.
4. You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your data to you or a third party. We will provide your data in a structured, commonly used, machine-readable format to you or a chosen third party. Note that this right only applies to automated information; you initially provided consent for us to use or use the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not provide certain services to you.

International Data Transfer

The personal information we process may be transmitted or transferred to countries other than where you reside. Those countries may have data protection laws that are different from the laws of your country.

The servers for our platform are in United Kingdom and Debbie Duthie, and third-party service providers operate in many countries around the world. When we collect your personal information, we may process it in any of those countries.

We have taken appropriate steps and put safeguards in place to help ensure that your personal information remains protected by this Privacy Statement. For example, any data transfers between our group companies are governed by our intragroup agreements, which incorporate strict data transfer terms (including the European Commission's Standard Contractual Clauses for transfers from the EEA) and require all group companies to protect the personal information they process in accordance with applicable data protection law.

We also require that third-party service providers to whom a data transfer is made have appropriate safeguards in place to protect your personal information in compliance with applicable data protection law. The measures used will depend on the service provider, and our agreements with them may include European Commission-approved Standard Contractual Clauses, the service provider's certification under the EU-U.S. and/or Swiss-U.S. Privacy Shield certification, or reliance on the service provider's Binding Corporate Rules, as defined by the European Commission.

How do we protect your details?

We have implemented industry-accepted administrative, physical, and technology-based security measures to protect against the loss, misuse, unauthorized access, and alteration of personal information in our systems. We ensure that any employee, contractor, corporation, organization, or vendor who has access to personal information in our systems are subject to legal and professional obligations to safeguard that personal information.
We do not use vulnerability scanning and/or scanning to PCI specifications.
We use regular Malware Scanning.
Your personal information is only accessible by a limited number of individuals who have special access privileges to such systems and are required to treat the information with strict confidentiality. In addition, the extremely sensitive/credit information of your resource is encrypted using Secure Socket Layer (SSL) technology.
We implement several security measures whenever a user gets into, submits, or accesses their information to protect your individual information.
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or form of electronic storage is 100 percent secure. Therefore, we cannot guarantee its absolute security.
Debbie Duthie prohibits unauthorized access or use of personal information stored on our servers. Such access is a violation of law, and we will fully investigate and press charges against any party that has illegally accessed the information within our systems.

Can-spam act

The CAN-SPAM Act is a regulation that sets the guidelines for commercial email, establishes requirements for commercial announcements, offers recipients to have emails ceased from being delivered to them, and spells out hard fines for violations.

We accumulate your email to be able to:

Send information, react to questions, and/or other demands or questions
To maintain compliance with CANSPAM, we consent to the next:
Do not use untrue or misleading subject matter or email addresses.
Identify the concept as an advertisement in some realistic way.
Include the physical address of our site headquarters or business
Screen third-party email marketing services for conformity, if one can be used.
Honor opt-out/unsubscribe demands quickly.
Allow users to unsubscribe utilizing the link at the bottom of every email.

If anytime you want to unsubscribe from receiving future emails, you can email us by using the contact form on our website, and we'll immediately remove you from ALL communication.

Limitation of liability

Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages, so some of the above limitations may not apply to you.

We make no legal representation that the website or products are appropriate or available in locations outside United Kingdom. You may access the website from outside the United Kingdom.at your own risk and initiative and must bear all responsibility for compliance with applicable foreign laws.

Governing Law and Jurisdiction

This website originates from the United Kingdom. The laws of the United Kingdom. Without regard to its conflict of law, principles will govern these terms to the contrary. You hereby agree that all disputes arising out of or in connection with these terms shall be submitted to the exclusive jurisdiction of the United Kingdom. Using this website, you consent to the jurisdiction and venue of such courts in connection with any action, suit, proceeding, or claim to arise under or because of these terms. You hereby waive any right to trial by jury arising out of these terms.

Changes to this privacy notice

We're constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time, but we will alert you to changes by placing a notice on the Debbie Duthie website by sending you an email and/or by some other means. Please note that if you've opted not to receive legal notice emails from us (or you haven't provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all the changes. The use of the information we collect is subject to the Privacy Policy in effect at the time such information is collected.

Contacting us

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may do so via the contact us or email us at [email protected].