Privacy Policy

Who we are

Our website address is: https://masterstrokecoaching.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site, commentors, we collect the data shown in the comments form and browser user agent string to help spam detection. Commentors are not obliged to give their email address or other Personal Data, but should they this data will be stored in the website database encrypted.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

To use the contact form(s) on this website the visitor has to acknowledge that they have read this Privacy Policy and agree to have their name, email, telephone and enquiry data being encrypted and saved to the website database. All contact form entries are deleted from the database afer 28 days have elapsed.

Cookies

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

masterstrokecoaching.com uses Google Analytics to provide website traffic statistics and visitor behaviour data which helps us produce and maintain an interesting, informative and useful website.
To opt-out of analysis by Google Analytics on masterstrokecoaching.com and other websites, please visit https://tools.google.com/dlpage/gaoptout

Who we share your data with

From time to time masterstrokecoaching.com will use embedded content allowing the originator of this content to place cookies in your browser. Such companies may include, but is not limited to, Google and Youtube.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Contact information is stored in the website database as part of an account holders’ user profile. The only aspect of a user profile that cannot be changed by the account holder is the username.

Additional information

To opt-out of personalised ad delivery on the Google content network, please visit https://adssettings.google.com or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin from here https://chrome.google.com/webstore/detail/google-analytics-opt-out.

From time to time masterstrokecoaching.com may use online retargeting. Online retargeting is another form of online advertising that allows us and some of our advertising partners to show you advertising based on your browsing patterns and interactions with a site away from masterstrokecoaching.com.

For example, if you have visited an online clothes retailer, you may start seeing adverts from that same retailers’ site displaying special offers or showing you the products you were browsing. This allows companies to advertise to you if you leave their website without making a purchase.

How we protect your data

masterstrokecoaching.com is routinely monitored for malicious code that could lead to a data breach.

Form datafields provided for the entry of Personal data are indicated. Data entered into these indicated datafields will be stored in the website database in encrypted form. Commentors are not obligated to provide Personal data to submit a comment although such anonymous comments may be subject to automatic moderation. Commentors are discouraged from including personal information in the actual comment throgh the comment datafield.

What data breach procedures we have in place

Data Breach Policy

This policy applies to the website owner, appointed agents, employees, contractors and data service providers.

As website owner, Samantha Mackey has overall responsibility for the day-to-day implementation of this policy.

Legislation Considerations: GENERAL DATA PROTECTION REGULATION (GDPR) 2016/679

According to the European Commission Personal Data is: “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”

Personal Data

Use of sensitive Personal Data is to be strictly controlled in accordance with this policy.

Data that on its own does not relate to an individual would not constitute Personal Data unless it is associated with, or made to relate to, a particular individual. Generic information that does not relate to a particular individual may also form part of an individual’s Personal Data when combined with Personal Data or other information to enable an individual to be identified.

The Personal Data of form users and commentors may include:

  • User profile information such as Photograph, Username, First Name, Last Name, Nickname, Display Name, Email, Website and social media URL’s
  • Health-related behavioral data such as weight and sleep patterns
  • Messages between users and our coaching service

Causes

Data breaches may be caused by human error, malicious behaviour and hardware or software failure.

Human Error

Human Error causes include:

  • Loss of computer or computer peripheral
  • Disclosing data to the wrong recipient
  • Unauthorized access of personal data by sharing login details for example
  • Improper disposal of computers, computer parts or peripherals.

Malicious Activities Malicious causes include:

  • Hacking incidents resulting in database content loss
  • Theft of electronic devices including computers and their peripherals
  • Social engineering whereby the website owner, appointed agents, employees and contractors are tricked into disclosing Personal Data

Computer System Error Computer System Error causes include:

  • Software update conflicts
  • Failure to apply crucial updates

Reporting Breaches

The website owner, appointed agents, employees and contractors have an obligation to report actual or potential data protection compliance failures. This allows us to:

  • Investigate the failure or potential failure and take appropriate remedial action
  • Maintain a register of compliance failures notified and non-notified
  • Notify the Supervisory Authority of GDPR compliance failures

Under the GDPR the website owner is legally obligated to notify the Supervisory Authority within 72 hours of the data breach (Article 33). Individuals have to be notified if adverse impact is determined (Article 34).).

The website owner does not have to notify the data subjects if anonymized data is breached. Specifically, the notice to data subjects is not required if the data breached has been subjected to pseudo-anonymisation techniques like encryption along with adequate technical and organizational protection measures to the Personal Data affected (Article 34).

Data Breach Team

The Data Breach Team consists of the website owner and appointed professionals. The website owner has the responsibility to make all time-critical decisions on steps taken to contain and manage the incident.

The Data Breach Team should immediately be alerted of any confirmed or suspected data breach via email:

  • Samantha Mackey: sam@masterstrokecoaching.com

The notification should include the following information where possible:

  • Extent of the data breach
  • Type and volume of personal data involved
  • Cause or suspected cause of the breach

Responding to a Data Breach

Data Breach Action Plan

Plan comprises the following:

  • Confirm the Breach
  • Contain the Breach
  • Assess Risks and Impact of Breach
  • Report the Breach
  • Evaluate the Response and Recovery to Prevent Future Breaches

Confirm the Breach

The Data Breach Team should act as soon as it is aware of a data breach. It should first seek to confirm that the data breach has occurred. It may make sense to proceed on to Contain the Breach depending on the likelihood of the severity of risk.

Contain the Breach

The following weasures should be taken to contain the breach, where applicable:

  • Shut down the website(s) affected.
  • Establish whether steps can be taken to recover lost data and limit any damage caused by the breach
  • Prevent any further unauthorized access to the system
  • Reset passwords of accounts that appear compromised
  • Isolate the causes of the data breach in the system log(s)

Assess Risks and impact of Breach

Knowing the risks and impact of data breaches will help determine whether there could be serious consequences to affected individuals, as well as the steps necessary to notify the individuals affected.

Risk and Impact on Individuals

    How many people were affected?
  • A higher number may not mean a higher risk, but assessing this helps overall risk assessment
  • Whose personal data had been breached?
  • Does the personal data belong to employees, customers, or minors? Different people will face varying levels of risk as a result of a loss of personal data
  • What types of personal data are involved?
  • This will help to ascertain if there are risk to reputation, identity theft, safety and/or financial loss of affected individuals
  • Any additional measures in place to minimize the impact of a data breach? eg: a lost device protected by a strong password or encryption could reduce the impact of a data breach

Report the Breach

The website owner is legally required to notify affected individuals if their personal data has been breached. This will encourage and allow individuals to take preventitive measures to reduce the impact of the data breach.

Who to Notify:

  • Notify individuals whose personal data have been compromised
  • Notify GDPR especially if a data breach involves sensitive personal data
  • The relevant law enforcement body should be notified if criminal activity is suspected and evidence for investigation should be preserved (eg: hacking, theft or unauthorized system access by an employee.)

When to Notify:

  • Notify affected individuals immediately if a data breach involves sensitive personal data. This allows them to take necessary actions early to avoid potential abuse of the compromised data
  • Notify affected individuals when the data breach is resolved

How to Notify:

  • Use the most effective ways to reach out to affected individuals, taking into consideration the urgency of the situation and number of individuals affected
  • Notifications should be simple to understand, specific, and provide clear instructions on what individuals can do to protect themselves

What to Notify:

  • How and when the data breach occurred, and the types of personal data involved in the data breach
  • What has been done or will be done in response to the risks brought about by the data breach
  • Specific facts on the data breach where available, and actions affected individuals can take to prevent that data from being misused or abused

Evaluate the Response & Recovery to Prevent Future Breaches

After steps have been taken to resolve the data breach the website owner will review the cause of the breach and evaluate if existing protection and prevention measures and processes are sufficient to prevent similar breaches from occurring and, if applicable, put a stop to practices which led to the data breach.

What third parties we receive data from

From time to time masterstrokecoaching.com may feature personalised advertising from varied advertising sources in this eventuality those sources will be listed here.

What automated decision making and/or profiling we do with user data

Anonymous commentors may be subject to automatic moderation.

Commentors may be automatically selected for comment publication based on content keyword(s) and / or previous comment standing.