Effective: 5 April 2025 — Document ID: TDI-PRV-2025-04-05
Executive summary: The Digital Investors collects, processes, and safeguards personal data to deliver timely research, educational PDFs, and newsletter content. This policy is intentionally exhaustive and drafted to cover cross-border processing, partner relationships, and detailed rights handling.
Section A — Overview
This Privacy Policy applies to personal data processed by The Digital Investors (operator of thedigitalinvestors.com). We respect your privacy and take all reasonable steps to protect your data in accordance with the UK GDPR and applicable international standards.
If you have questions about this policy, contact our Data Protection Officer (DPO) at [email protected].
Section B — Data categories collected (detailed)
- Identity data: name, title.
- Contact data: email address, telephone number, postal address.
- Financial data (limited): purchase reference, payment confirmation, VAT number where provided. We do not store full payment card details; these are handled by our payment processors.
- Activity data: pages visited, downloads, referral source, session duration.
- Support and communications: chat logs, email exchanges, helpdesk tickets.
- Marketing data: subscription status, campaign engagement metrics.
Section C — Purposes of processing (granular)
We process personal data to:
- Contract execution: process one-off purchases, provide access to downloadable content, issue receipts.
- Customer care: answer enquiries, provide technical support, manage refunds and chargebacks.
- Security & fraud prevention: detect unusual patterns, block malicious activity.
- Product development: analyse anonymous usage to improve content relevance and format.
- Communications: deliver newsletters, product updates, or transactional messages.
Section D — Lawful bases (applied mapping)
- Contractual necessity for processing orders.
- Consent for marketing emails (opt-in) and for non-essential cookies.
- Legal compliance for accounting and tax records.
- Legitimate interest for fraud detection and platform security (with safeguards).
Section E — With whom we share your data
We use trusted suppliers:
- Payment partners (e.g., Stripe/PayPal): to process payments.
- Email delivery platforms (e.g., Mailchimp/Brevo): to send newsletters.
- Cloud hosting & storage: to host site content and backups.
- Analytics providers (e.g., Google Analytics): to track performance.
Each supplier is contractually bound to process data only on our instruction and implement appropriate security measures.
Section F — International transfers & safeguards
Some processors operate outside the UK. Where transfers occur, we ensure adequate safeguards:
- Use of UK-approved Standard Contractual Clauses (SCCs) or equivalent, or only transfer to jurisdictions with adequacy decisions.
- Access to data offshore is restricted and monitored.
Section G — Retention schedule (specific)
- Order invoices & tax records: retained for up to 5 years.
- Customer support tickets: retained for 3 years after case closure.
- Marketing lists: retained until unsubscribe + 1 year grace for account reactivation.
- Website logs (raw): retained for 90 days, aggregated analytics stored longer but anonymised.
- Legal holds: where litigation or regulatory action is ongoing, relevant data may be retained until resolution.
Section H — Cookies & tracking (detailed)
We implement a layered cookie consent:
- Level 1 – Strictly necessary: always active (authentication, cart, download).
- Level 2 – Performance & analytics: Google Analytics (anonymised IP optional).
- Level 3 – Personalisation & marketing: only with explicit opt-in.
You can change cookie preferences via the site footer link at any time.
Section I — Data subject rights & process
You may exercise the following:
- Access — request a copy of personal data we process about you.
- Rectification — correction of inaccurate data.
- Erasure — request deletion where there is no overriding legal requirement to retain.
- Restriction — temporary limitation of processing in limited scenarios.
- Portability — obtain and reuse your personal data for your own purposes.
- Objection — object to processing based on legitimate interest or direct marketing.
How to submit a request: Email [email protected] with your full name and order ID (where relevant). Requests are acknowledged within 48 hours and handled within one calendar month (extensions possible for complex requests).
Section J — Verification & security checks
To prevent fraudulent requests we may ask for identification (photo ID and proof of address). We will only request what is proportionate to the risk and redact any unnecessary details when storing proof.
Section K — Data security & incident handling
We maintain an Incident Response Plan. In the event of a notifiable data breach:
- We will notify the ICO within 72 hours where feasible.
- We will notify affected data subjects without undue delay when the breach poses a high risk to their rights and freedoms.
- Mitigation steps and post-incident reports will be maintained internally.
Section L — Children’s data
Our services are not directed at children under 18. If we learn we have collected personal information of a child under 18 without parental consent, we will remove the data promptly.
Section M — Automated decision-making
We do not use fully automated decision-making or profiling that produces legal or similarly significant effects on individuals.
Section N — Complaints
If you are dissatisfied with our handling of personal data, please contact [email protected] first so we may investigate. If unresolved you may file a complaint with the ICO.
Section O — Contact details & DPO
Privacy team: [email protected]
DPO (Data Protection Officer): [email protected]
Postal: 45 Finsbury Square, London EC2A 1PQ, United Kingdom
Section P — Policy amendments
This policy is reviewed annually or when business processes change materially. The effective date at the top of this policy will reflect the most recent update. Substantial changes may be communicated to registered users by email.