My Privacy & Cookie Policy | sandstonecastles marketing consultancy

Thank you for visiting my website. I would like to let you know what kind of information I collect from you when doing so, how I use that information and why.

The General Data Protection Regulation (GDPR), the new regulation for data privacy in the EU, has been enforceable since May 25th, 2018.

sandstonecastles complies with the GDPR as a data controller (me holding your data) as well as data processor (me having access to my clients’ customer data) as follows.

Who Am I?

sandstonecastles is the trading name of Denise Strohsahl, a marketing consultant for small business owners based in Edinburgh, and who I mean when I talk about ‘I’. I have been doing this since March 2010 and my office is at

Queensferry Street Studios
Co/Space (studio 4)
10A Queensferry Street
EH2 4PG Edinburgh

You can reach me here.

Data I collect

I’m very pleased that you have found my website. I write copy and provide content that is of value to you and tells you more about myself, my business and how I can help you.

But I can’t be sure if this is actually working, which is why I use Google Analytics & Search Console to monitor visitors to my website like yourself.

Thanks to cookies I can see how you found out about me, what page you visited before you got to my site and which pages you have a look at browsing my site.

If you don’t want me to be able to see all this, you can disable cookies in your browser or have a look at my cookie policy.

As data controller, I only get access to your personal data if you have given it to me because you’re interested in working with me either as a client or as a collaborator.

That might be by sending me an email, by contacting me through the contact form on my website, by giving me a call on my mobile or by handing over your business card.

What I use it for

I will only ever use your personal data for the purpose of informing you about and delivering my services. That may include sending you a quote, getting in touch to arrange a meeting or sending you an invoice.

As a business, I don’t run targeted advertising/marketing campaigns on- or offline. If that changes in the future, I will not send you anything before you have explicitly consented to receive such advertising/marketing content.

I do have a mailing list to which you can subscribe on my website. It’s provides a double opt-in, making sure you know exactly what you’re signing up for and giving you the option to unsubscribe at any time.

I use Brevo to manage my email newsletter and you can find their privacy policy here. The hosting servers on which Brevo processes and stores its databases are all located within the European Union, on their own Google Cloud servers in Belgium.

Data I don’t collect

It’s important to me that you know that I don’t collect any personal contact details like your email address while you’re visiting my website. Unless you give me your email address when filling out my contact or sign-up form, I won’t have your details.

In general, I don’t do the hard sell or cold calling. I prefer very much to create meaningful connections with the people I work with, based on trust, transparency and honesty.

Contacting me

If you get in touch and ask me to arrange a meeting or for some more information about my services, I will keep your email address or phone number to reply to your request.

I will only add your details to my UK-based accounting database (Freeagent) when you have explicitly agreed to work with me and get your first invoice.

Paying me

My clients usually pay me by BACS or direct transfer, so I only know what the bank tells me about you: the name of the person or company who paid me, how much money has been paid in and ideally the reference number from my invoice. That’s it.

Sharing your customer data with me

If you’re a client, I may also act as a data processor for you. For example, this might be the case if you have hired me to help with your email newsletter or social media, as this gives me access to your company’s customer data.

I won’t bring in another data processor (e.g. subcontractor) without your written consent and I will always process your data securely, following the new regulations (GDPR) and, most importantly, your instructions.

Usually, my access to your customer data is through a third-party software (e.g. MailChimp or Facebook). If possible, I will aim to set up my own account with the software which will keep you from having to give me your own access details and passwords.

Either way, I will keep passwords and access details to said data secure, using a third-party app that encrypts passwords to the current standard. At the end of our business relationship, I will hand over any access or data I have.

Data storage

The data I hold will never be sold or shared with others; not for selling to you, do research nor for any other purposes; unless you tell me otherwise (e.g. if you’d like an introduction to a contact of mine).

Any information I hold from you is strictly confidential. Only secure and reliable software (e.g. MacOS X, iOS, Dropbox), as well as the most secure passwords, are used to store your data. My hard drives and backup drives are all encrypted and password protected and I am the only one who can export or download data for backups.

When it comes to the software solutions I’m using, I prefer British companies or at least UK/EU-based servers. Some of your data is held in the US (Apple iCloud & Dropbox), some in the UK/EU (Freeagent). I have made sure that all those services comply with appropriate security standards which I’m checking regularly.

Data retention

To comply with existing regulations (e.g. accounting and insurances) and for internal reporting purposes, I will keep client data for 10 years after the completion of our business relationship.

I aim to delete data of prospects and possible collaborators 1 year after the last contact.

Want to find out what data I hold on you?

You can withdraw your consent at any time and you can request an overview of what data I hold on you. Get in touch and give me your name, email address(es) to find out what information I hold about you (I know, it sounds counterintuitive!).

I will search my data and send you an overview of what I have and can remove you from my customer database if you wish.

This privacy policy has been last updated in September 2023.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_9DHW0L0MEL	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_25188708_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.