Privacy Policy

Thank you for visiting my website. I would like to let you know what kind of information I collect from you when doing so, how I use that information and why.

The General Data Protection Regulation (GDPR), the new regulation for data privacy in the EU, has been enforceable since May 25th, 2018.

sandstonecastles complies with the GDPR as a data controller (me holding your data) as well as data processor (me having access to my clients’ customer data) as follows.

Who Am I?

sandstonecastles is the trading name of Denise Strohsahl, a marketing consultant for small business owners based in Edinburgh, and who I mean when I talk about ‘I’. I have been doing this since March 2010 and my office is at

London Road Studios

Co/Space

3 Royal Terrace Gardens

EH7 5DX Edinburgh

You can reach me either via phone at 07780 941 932 or by email.

Data I collect

I’m very pleased that you have found my website. I write copy and provide content that is of value to you and tells you more about myself, my business and how I can help you.

But I can’t be sure if this is actually working, which is why I use Google Analytics & Webmaster toolsGoSquared and Hotjar to monitor visitors to my website like yourself.

Thanks to cookies I can see how you found out about me, what page you visited before you got to my site and which pages you have a look at browsing my site.

If you don’t want me to be able to see all this, you can disable cookies in your browser or have a look at my cookie policy.

As data controller, I only get access to your personal data if you have given it to me because you’re interested in working with me either as a client or as a collaborator.

That might be by sending me an email, by contacting me through the contact form on my website, by giving me a call on my mobile or by handing over your business card.

What I use it for

I will only ever use your personal data for the purpose of informing you about and delivering my services. That may include sending you a quote, getting in touch to arrange a meeting or sending you an invoice.

As a business, I don’t have a mailing list and I don’t run targeted advertising/marketing campaigns on- or offline. If that changes in the future, I will not send you anything before you have explicitly consented to receive such advertising/marketing content.

Data I don’t collect

It’s important to me that you know that I don’t collect any personal contact details like your email address while you’re visiting my website. Unless you give me your email address when filling out my contact form, I won’t have your details.

In general, I don’t do the hard sell or cold calling. I prefer very much to create meaningful connections with the people I work with, based on trust, transparency and honesty.

Contacting me

If you get in touch and ask me to arrange a meeting or for some more information about my services, I will keep your email address or phone number to reply to your request.

I will only add your details to my UK-based accounting database (Freeagent) when you have explicitly agreed to work with me and get your first invoice.

Paying me

My clients usually pay me by BACS or direct transfer, so I only know what the bank tells me about you: the name of the person or company who paid me, how much money has been paid in and ideally the reference number from my invoice. That’s it.

Sharing your customer data with me

If you’re a client, I may also act as a data processor for you. For example, this might be the case if you have hired me to help with your email newsletter or social media, as this gives me access to your company’s customer data.

I won’t bring in another data processor (e.g. subcontractor) without your written consent and I will always process your data securely, following the new regulations (GDPR) and, most importantly, your instructions.

Usually, my access to your customer data is through a third-party software (e.g. MailChimp or Facebook). If possible, I will aim to set up my own account with the software which will keep you from having to give me your own access details and passwords.

Either way, I will keep passwords and access details to said data secure, using a third-party app that encrypts passwords to the current standard. At the end of our business relationship, I will hand over any access or data I have.

Data storage

The data I hold will never be sold or shared with others; not for selling to you, do research nor for any other purposes; unless you tell me otherwise (e.g. if you’d like an introduction to a contact of mine).

Any information I hold from you is strictly confidential. Only secure and reliable software (e.g. MacOS X, iOS, Dropbox), as well as the most secure passwords, are used to store your data. My hard drives and backup drives are all encrypted and password protected and I am the only one who can export or download data for backups.

When it comes to the software solutions I’m using, I prefer British companies or at least UK/EU-based servers. Some of your data is held in the US (Apple iCloud & Dropbox), some in the UK/EU (Freeagent). I have made sure that all those services comply with appropriate security standards which I’m checking regularly.

Data retention

To comply with existing regulations (e.g. accounting and insurances) and for internal reporting purposes, I will keep client data for 10 years after the completion of our business relationship.

I aim to delete data of prospects and possible collaborators 1 year after the last contact.

Want to find out what data I hold on you?

You can withdraw your consent at any time and you can request an overview of what data I hold on you. Get in touch and give me your name, email address(es) to find out what information I hold about you (I know, it sounds counterintuitive!).

I will search my data and send you an overview of what I have and can remove you from my customer database if you wish.