Privacy Policy

Effective: 7th July 2026

1. About this notice

This Privacy Notice explains how I, Jeremiah Haastrup, collect, use, store and protect personal information when you:

  • Visit this website
  • Submit a project enquiry
  • Contact me by email
  • Discuss or commission a project
  • Work with me as a client, supplier or collaborator
  • Receive a relevant business communication from me

I am a sole trader based in London, United Kingdom, and I am the data controller responsible for the personal information described in this notice.

Jeremiah Haastrup
London, United Kingdom
Email: hello@jeremiahhaastrup.com
ICO registration number: 0001468875

2. Information I collect

Information you provide

Depending on how you contact or work with me, I may collect:

  • Your name
  • Your email address
  • Your telephone number, where provided
  • Your company or organisation name
  • Your job title or professional role
  • Your website or relevant social media profiles
  • Information about your project, business or requirements
  • Your proposed budget and timeframe
  • Messages and correspondence between us
  • Proposal, contract and project information
  • Billing, payment and transaction information if you become a client

The enquiry form does not accept file uploads.

Required form fields are clearly identified. You are not legally required to submit an enquiry, but I may be unable to respond, assess your project or prepare a proposal if you do not provide the required information.

Please do not include sensitive personal information in an enquiry unless it is genuinely necessary and I have asked you to provide it.

Technical information

When you visit the website or submit a form, my website infrastructure and security providers may automatically process limited technical information, including:

  • Your IP address
  • Browser and device information
  • The date and time of a request
  • Requested pages or resources
  • Security, diagnostic and server log information
  • Information used to detect spam, attacks or misuse

This information is used to operate, secure and maintain the website.

3. How I collect information

I normally receive personal information directly from you when you:

  • Complete the enquiry form
  • Email or otherwise communicate with me
  • Request a quotation or proposal
  • Enter into a contract with me
  • Pay an invoice
  • Work with me on a project
  • Provide your business contact details during professional communication

I do not buy or rent mailing lists.

4. How and why I use your information

I only use personal information where I have a lawful reason to do so.

Purposes for processing personal information and their lawful bases
PurposeLawful basis
Responding to project enquiries and quotation requestsTaking steps at your request before entering into a contract
Responding to general questions or communicationsLegitimate interests
Assessing project suitability and preparing proposalsTaking steps before entering into a contract and legitimate interests
Providing commissioned creative, design or development servicesPerformance of a contract
Managing project communications and client relationshipsPerformance of a contract and legitimate interests
Issuing invoices and processing paymentsPerformance of a contract
Maintaining financial, accounting and tax recordsLegal obligation
Maintaining appropriate business records or handling disputesLegitimate interests and legal obligation where applicable
Protecting the website and preventing spam, fraud or misuseLegitimate interests
Sending relevant business communications where permittedLegitimate interests or consent where legally required
Responding to legal, regulatory or law enforcement requestsLegal obligation

My legitimate interests include operating and protecting my business, responding to communications, assessing potential work, maintaining business relationships, preventing misuse and establishing or defending legal claims.

Where I rely on legitimate interests, I consider whether the use of the information is necessary, proportionate and reasonably expected.

5. Business and promotional emails

I may occasionally send relevant emails to existing business contacts, prospective corporate clients or other professional contacts about new projects, availability or services where this is permitted by applicable data protection and electronic marketing laws.

Depending on the recipient and circumstances, I may rely on legitimate interests or consent. I do not send unsolicited electronic marketing to individual subscribers, including sole traders and certain partnerships, unless consent has been obtained or another lawful exception applies.

Every promotional communication will identify me and provide a clear way to ask me to stop. You may object to direct marketing at any time by replying to the email or contacting hello@jeremiahhaastrup.com.

I may retain limited information about an objection so that I can respect it and avoid contacting you again for marketing purposes.

6. Who receives your information

I do not sell your personal information.

I may share or allow access to information only where reasonably necessary, including with:

Cloudflare

Cloudflare provides website hosting, content delivery, performance and security services. It may process technical information such as IP addresses and request logs when you access the website.

Google Workspace

Google Workspace provides my business email and related communication services. Enquiries and subsequent correspondence may therefore be stored and processed through Google Workspace.

Google reCAPTCHA

Where active, Google reCAPTCHA helps protect the enquiry form against spam and automated misuse. It may process technical and interaction information to determine whether a submission is legitimate.

Website and form infrastructure

The website server, form handler or email delivery infrastructure used to receive and transmit your enquiry may process the information you submit for that purpose.

Accounting and payment providers

If you become a client, relevant contact, billing and transaction information may be processed by the accounting, banking or payment providers I use to manage invoices and payments.

Professional advisers and authorities

Information may also be disclosed to accountants, insurers, legal advisers, regulators, courts or public authorities where this is reasonably necessary or legally required.

Service providers acting on my behalf are only permitted to process personal information for the relevant service and are expected to maintain appropriate security and confidentiality measures.

7. International transfers

Some of my technology providers, including Cloudflare and Google, operate internationally. This means personal information may be processed or accessed outside the United Kingdom.

Where personal information is transferred internationally, I use providers that apply an appropriate transfer mechanism. This may include:

  • UK adequacy regulations
  • Approved contractual protections
  • The UK International Data Transfer Agreement
  • The UK Addendum to approved standard contractual clauses
  • Another legally recognised safeguard

You may contact me for further information about the safeguards relevant to your information.

8. How long I keep information

I retain personal information only for as long as it is reasonably needed for the purpose for which it was collected, including legal, accounting and contractual requirements.

Usual retention periods for different types of information
Type of informationUsual retention period
Enquiries that do not become projects12 months after the last meaningful communication
Prospective client communications and unsuccessful proposals12 months after the last meaningful communication
Clearly irrelevant or spam submissionsDeleted as soon as reasonably possible
Client contracts, project records and important correspondenceUp to six years after the project ends
Invoices, expenses and tax recordsFor the period required by UK tax and accounting law
Website security and server logsNormally between 30 and 90 days, unless required for an investigation
Data protection requests and complaintsNormally three years after the matter is closed
Marketing objections and opt-out recordsFor as long as reasonably necessary to respect the objection

Information may be kept for longer where necessary to comply with the law, resolve a dispute, investigate an incident or establish or defend a legal claim.

When information is no longer required, I will delete it securely or anonymise it where appropriate.

9. Cookies and similar technologies

This website does not use cookies for advertising or behavioural profiling.

Essential technologies may be used where necessary to:

  • Operate and secure the website
  • Deliver website content
  • Protect the enquiry form
  • Prevent spam, fraud or malicious activity
  • Maintain essential website functionality

This may include security technologies used by Cloudflare and Google reCAPTCHA when those services are active.

10. How I protect your information

I use reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, alteration or disclosure.

These measures may include:

  • HTTPS encryption
  • Secure and reputable service providers
  • Access controls and account authentication
  • Restricted access to enquiries and client information
  • Software and security updates
  • Spam and abuse prevention
  • Appropriate retention and deletion procedures
  • Confidentiality arrangements where information is shared with collaborators or advisers

No method of internet transmission or electronic storage can be guaranteed to be completely secure. However, I take reasonable steps to reduce the risks associated with processing personal information.

11. Automated decision making

I do not use personal information to make decisions based solely on automated processing that produce legal or similarly significant effects.

Automated security and spam detection systems may analyse or block suspicious form submissions, but they are not used to make significant decisions about you.

12. Your rights

Depending on the circumstances, you may have the right to:

  • Request access to the personal information I hold about you
  • Ask me to correct inaccurate or incomplete information
  • Ask me to delete your information
  • Ask me to restrict how your information is used
  • Object to processing based on legitimate interests
  • Receive certain information in a portable format
  • Withdraw consent where processing is based on consent
  • Complain about how your information has been handled

These rights are not absolute, and a legal exemption may apply in some circumstances.

To exercise a right, contact hello@jeremiahhaastrup.com. I may ask for information needed to confirm your identity before responding.

You will not normally be charged for making a request.

13. Data protection complaints

You may contact me if you have concerns or wish to make a complaint about how I have used your personal information.

Email hello@jeremiahhaastrup.com with “Data protection complaint” in the subject line and include:

  • Your name and contact details
  • A description of your concern
  • Any relevant dates or correspondence
  • What you would like me to do

I will acknowledge receipt of your complaint within 30 days. I will take appropriate steps to investigate and respond without undue delay, keep you informed where necessary and explain the outcome.

You also have the right to complain to the Information Commissioner’s Office, the UK regulator responsible for data protection. You can find current complaint and contact information on the ICO website.

14. External websites

This website may contain links to external websites, social media platforms, client websites and professional profiles.

I am not responsible for how those external organisations collect or use personal information. You should review their privacy notices before providing information to them.

15. Children’s information

This website and my professional services are not directed at children. I do not knowingly collect personal information from children through the project enquiry form.

If you believe that a child has submitted personal information, please contact me so that I can take appropriate action.

16. Changes to this notice

I may update this Privacy Notice when my services, providers, data practices or legal obligations change.

The latest version will always be published on this page, and the “last updated” date will be revised. Where a change would materially affect how existing information is used, I will take reasonable steps to bring it to the attention of the people affected.

17. Contact

For questions, requests or complaints concerning this Privacy Notice or your personal information, contact:

Jeremiah Haastrup
London, United Kingdom
Email: hello@jeremiahhaastrup.com
ICO registration number: 0001468875