GDPR Compliance Statement

Last Updated: 3rd November 2025

Claire Lives is committed to protecting the privacy and personal data of all our website visitors in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides detailed information about our compliance measures and your rights.

Our Commitment to GDPR Compliance

As a UK-based website, we adhere to the principles and requirements set forth in UK GDPR. We are committed to:

Processing personal data lawfully, fairly, and transparently
Collecting data only for specified, explicit, and legitimate purposes
Ensuring data adequacy, relevance, and limitation to what is necessary
Maintaining data accuracy and keeping it up to date
Retaining data only as long as necessary
Processing data securely and protecting against unauthorised access
Being accountable and able to demonstrate compliance

Data Controller Information

For the purposes of UK GDPR, Claire Lives acts as the data controller for personal data collected through our website.

Contact Details:
Email: admin@clairelives.co.uk
Website: clairelives.co.uk

What Personal Data We Collect

We collect and process the following categories of personal data:

Data You Provide Directly

Email Subscriptions:

Email address
Name (if provided)
Subscription date and time
Subscription preferences

Comments on Articles:

Name or username
Email address
Comment content
IP address (for spam prevention)
Date and time of comment

Contact Form Submissions:

Name
Email address
Message content
Any additional information you choose to provide

Data Collected Automatically

Technical Data:

IP address (anonymised where possible)
Browser type and version
Device type and operating system
Screen resolution
Referring website URL
Pages visited on our site
Time spent on pages
Click behaviour
Geographic location (country and city level)
Date and time of visit

Cookie Data:

Cookie identifiers
Cookie preferences
Analytics data
Advertising interaction data

Legal Basis for Processing

We process your personal data only when we have a valid legal basis under UK GDPR:

1. Consent (Article 6(1)(a))

We rely on consent when you:

Subscribe to our email newsletter
Accept non-essential cookies through our cookie banner
Submit contact forms
Leave comments on our articles

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

2. Legitimate Interests (Article 6(1)(f))

We process certain data based on legitimate interests that do not override your fundamental rights:

Our Legitimate Interests:

Understanding how visitors use our website to improve content and user experience
Ensuring website security and preventing fraud or abuse
Operating the technical aspects of the website
Generating revenue through ethical affiliate marketing and advertising
Responding to enquiries and providing customer support

Balancing Test: We have conducted a legitimate interest assessment (LIA) and determined that our processing activities are proportionate and do not override your rights and freedoms.

3. Legal Obligation (Article 6(1)(c))

We may process data to comply with legal obligations, such as:

Retaining financial records for tax purposes
Responding to lawful requests from authorities
Complying with court orders or legal processes

Your Rights Under UK GDPR

You have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights.

1. Right of Access (Article 15)

You have the right to obtain:

Confirmation of whether we process your personal data
A copy of your personal data
Information about how we process it

How to Request: Email admin@clairelives.co.uk with “Subject Access Request” in the subject line.

Response Time: Within one month of receipt. For complex requests, we may extend this by two additional months and will inform you promptly.

Format: We will provide data in a commonly used electronic format.

2. Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

How to Request: Email admin@clairelives.co.uk with details of the inaccurate or incomplete information.

Response Time: Within one month. We will notify you of any correction made.

3. Right to Erasure / Right to be Forgotten (Article 17)

You have the right to request deletion of your personal data when:

The data is no longer necessary for its original purpose
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Legal obligations require deletion

Exceptions: We may refuse erasure if we need to retain data for:

Compliance with legal obligations
Establishment, exercise, or defence of legal claims
Freedom of expression and information purposes

How to Request: Email admin@clairelives.co.uk with “Data Erasure Request” in the subject line.

4. Right to Restriction of Processing (Article 18)

You have the right to restrict processing when:

You contest the accuracy of data (during verification)
Processing is unlawful but you prefer restriction to erasure
We no longer need the data but you need it for legal claims
You have objected to processing (pending verification of legitimate grounds)

How to Request: Email admin@clairelives.co.uk explaining the circumstances requiring restriction.

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller when:

Processing is based on consent or contract
Processing is carried out by automated means

How to Request: Email admin@clairelives.co.uk requesting data in portable format.

Format Provided: We will provide data as CSV, JSON, or PDF files as appropriate.

6. Right to Object (Article 21)

You have the right to object to processing based on:

Legitimate interests (including profiling)
Direct marketing (including profiling)
Processing for scientific, historical research, or statistical purposes

How to Object:

Marketing emails: Click the unsubscribe link in any email
Other processing: Email admin@clairelives.co.uk with your objection and reasoning

Our Response: We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

7. Rights Related to Automated Decision-Making and Profiling (Article 22)

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. However, third-party services (such as advertising networks) may use profiling for ad targeting, which you can control through cookie preferences and ad settings.

How We Protect Your Data

Technical Measures

SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using HTTPS
Secure Hosting: Our website is hosted on secure servers with regular security updates
Access Controls: Personal data is accessible only to authorised individuals who require it
Password Protection: Strong password policies for administrative access
Regular Updates: Software and plugins are kept up to date to patch security vulnerabilities

Organisational Measures

Data Protection Policies: Internal policies governing data handling
Staff Training: Team members are informed about data protection responsibilities
Data Minimisation: We collect only the data necessary for specified purposes
Privacy by Design: Privacy considerations are integrated into our processes
Incident Response Plan: Procedures for identifying and responding to data breaches

Third-Party Security

We carefully select third-party service providers and ensure they:

Comply with UK GDPR requirements
Implement appropriate technical and organisational measures
Process data only on our documented instructions
Maintain confidentiality
Assist with fulfilling data subject rights
Notify us of any data breaches

Data Retention Periods

We retain personal data only as long as necessary for the purposes for which it was collected:

Data Type	Retention Period	Reason
Email subscriptions	Until unsubscription	To send requested newsletters
Comments	Indefinitely unless deleted	Public discussion; part of article content
Contact form submissions	12-24 months	To respond to enquiries and maintain records
Analytics data	26 months	Google Analytics default; for usage analysis
Cookie data	12-24 months typically	Varies by cookie type and purpose
Financial records	6 years	UK tax law requirements
Server logs	90 days	Security and troubleshooting

After retention periods expire, data is either:

Permanently deleted from our systems
Anonymised so it can no longer identify you
Archived securely if legal obligations require retention

International Data Transfers

Some of our service providers are located outside the United Kingdom. When we transfer data internationally, we ensure compliance with UK GDPR through:

Adequacy Decisions

We may transfer data to countries recognised by the UK Government as providing adequate data protection, including:

European Economic Area (EEA) countries
Countries with UK adequacy decisions

Appropriate Safeguards

For transfers to other countries, we implement appropriate safeguards such as:

Standard Contractual Clauses (SCCs): Approved by the UK ICO
Binding Corporate Rules: For transfers within multinational organisations
Certifications: Such as Privacy Shield equivalents where applicable

Specific Third-Party Transfers

Google Services (Analytics, AdSense):

Google has committed to GDPR compliance
Implements appropriate safeguards for international transfers
Provides data processing agreements aligned with GDPR requirements

Affiliate Networks:

Based in various jurisdictions
Comply with international data protection frameworks
Process minimal personal data (primarily cookie-based tracking)

Children’s Privacy

Our website is not intended for children under the age of 13, and we do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided us with personal data:

Contact us immediately at admin@clairelives.co.uk
Provide details to help us identify the data
We will promptly delete such information from our records

Data Breach Procedures

In the event of a personal data breach, we will:

Notification to ICO

Notify the Information Commissioner’s Office within 72 hours of becoming aware of a breach likely to result in a risk to rights and freedoms

Notification to Data Subjects

Notify affected individuals without undue delay if the breach poses a high risk to their rights and freedoms
Provide clear information about the nature of the breach
Explain the likely consequences
Describe measures taken or proposed to address the breach

Documentation

Document all data breaches including facts, effects, and remedial action
Maintain records to demonstrate compliance with notification requirements

Preventive Measures

Conduct root cause analysis
Implement additional safeguards to prevent recurrence
Review and update security measures as necessary

Cookies and Tracking Technologies

Cookie Categories

Strictly Necessary Cookies

Purpose: Essential website functionality
Legal Basis: Legitimate interests (website operation)
Control: Cannot be disabled without affecting site functionality

Performance Cookies

Purpose: Website analytics and performance monitoring
Legal Basis: Consent (non-essential)
Control: Can be disabled through cookie preferences or browser settings

Functionality Cookies

Purpose: Remember user preferences and settings
Legal Basis: Consent (non-essential)
Control: Can be disabled; may affect personalisation

Targeting/Advertising Cookies

Purpose: Display relevant advertisements
Legal Basis: Consent (non-essential)
Control: Can be disabled through ad settings or browser controls

Third-Party Cookies

Google Analytics

Collects anonymised usage data
IP anonymisation enabled
Data retention set to 26 months
Opt-out available via Google Analytics Opt-out Add-on

Google AdSense

Displays contextual and interest-based advertisements
Uses cookies for ad personalisation
Control available via Google Ad Settings

Affiliate Networks

Track referrals and purchases
Do not collect personally identifiable information through our site
Can be blocked via browser cookie settings

Managing Cookie Preferences

You can control cookies through:

Our cookie consent banner (when implemented)
Browser settings and preferences
Third-party opt-out tools
Privacy-focused browser extensions

Disabling cookies may affect website functionality and your user experience.

Your Right to Lodge a Complaint

If you believe we have not complied with UK GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Before Lodging a Complaint: We encourage you to contact us first at admin@clairelives.co.uk so we can address your concerns directly and promptly.

Contact and Data Protection Enquiries

For all data protection and privacy enquiries:

Email: admin@clairelives.co.uk
Subject Line: Please include “GDPR Request” or “Privacy Enquiry” for prompt handling
Response Time: We aim to respond within 5 working days, with full responses to formal requests within one month

When Contacting Us: Please provide:

Your full name
Your email address (for verification)
Clear details of your request or concern
Any relevant reference numbers or dates
Supporting information to help us locate your data

Identity Verification: For security purposes, we may request additional information to verify your identity before fulfilling requests involving access to or deletion of personal data. This protects your information from unauthorised access.

Updates to This Statement

We review and update this GDPR Compliance Statement regularly to ensure ongoing compliance and reflect any changes in our data processing activities.

Notification of Changes:

Material changes will be prominently displayed on our website
We will update the “Last Updated” date at the top of this page
Significant changes affecting your rights will be communicated via email to subscribers
Continued use of our website after changes constitutes acceptance

Version History: We maintain records of previous versions of this statement for transparency and accountability purposes.

Record of Processing Activities

In accordance with Article 30 of UK GDPR, we maintain an internal record of our processing activities, including:

Purposes of processing
Categories of data subjects and personal data
Categories of recipients of personal data
International data transfers and safeguards
Retention periods
Security measures

This record is available to the Information Commissioner’s Office upon request.

Accountability and Compliance

We demonstrate our commitment to GDPR compliance through:

Documentation: Comprehensive records of processing activities and compliance measures
Regular Reviews: Periodic assessment of data protection practices
Impact Assessments: Data Protection Impact Assessments (DPIAs) for high-risk processing
Staff Awareness: Ongoing training on data protection responsibilities
Third-Party Management: Due diligence and contractual safeguards with processors
Incident Management: Procedures for identifying and responding to data breaches

Summary

Claire Lives is committed to:

Full compliance with UK GDPR and Data Protection Act 2018
Transparent data processing practices
Protecting your privacy rights
Maintaining appropriate security measures
Facilitating the exercise of your data subject rights
Accountability and demonstrable compliance

For any questions, concerns, or to exercise your rights, please contact us at admin@clairelives.co.uk. We value your privacy and are dedicated to handling your personal data responsibly and in accordance with UK data protection law.