Privacy Policy

Last updated: March 2025

1. Introduction

Welcome to danielariddle.com (the "Website"), operated by Daniel A. Riddle ("I", "me", "my"). I am based in the United Kingdom and am committed to protecting your privacy and handling your personal data responsibly.

This Privacy Policy explains how I collect, use, store, and protect your personal information when you visit my Website, create an account, subscribe to my newsletter, or make a purchase through my direct store.

I process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where visitors are located in the European Economic Area (EEA), I also respect the requirements of the EU GDPR. For visitors from other jurisdictions, I apply the same high standard of data protection as required by UK law.

This Privacy Policy should be read alongside my Terms & Conditions and Cookie Policy.

2. Data Controller

Daniel A. Riddle is the data controller for the personal data collected through this Website. If you have any questions about this Privacy Policy or how I handle your data, please contact me at:

Email: author@danielariddle.com

3. Information I Collect

3.1 Information You Provide

When you create an account:

  • Your name
  • Your email address
  • A password (stored in securely hashed form — I never have access to your plain-text password)

When you place an order:

  • Your name and email address
  • Your delivery address (for physical book orders)
  • Order details (items purchased, quantities, prices)

I do not collect or store your payment card details. All payments are processed securely by PayPal (see Section 6).

When you subscribe to my newsletter or join the Inner Circle:

  • Your email address
  • Your name (if provided)

When you contact me:

  • Your name and email address
  • The content of your message

3.2 Information Collected Automatically

When you visit my Website, certain information may be collected automatically, including:

  • Your IP address
  • Browser type and version
  • Operating system
  • Pages you visit and time spent on each page
  • Date and time of your visit
  • Referring website
  • Your approximate geographic location (country), determined via IP geolocation to provide the correct regional experience (e.g. directing UK visitors to the direct store and international visitors to third-party retailers)

3.3 Information from Third Parties

I may receive limited information from third-party services I use, such as:

  • PayPal: Transaction confirmation, payer email, and payment status when you complete a purchase
  • MailerLite: Email engagement data (e.g. whether you opened an email or clicked a link)

4. How I Use Your Information

I use your personal information for the following purposes:

  • Order fulfilment: To process your purchases, deliver digital downloads, dispatch physical books, and provide order confirmations and updates
  • Account management: To create and maintain your customer account, enable access to your order history and downloads, and facilitate password resets
  • Digital content delivery: To generate personalised, watermarked ebook files and provide secure download links (see Section 5)
  • Newsletter and marketing: To send you updates about new book releases, events, promotions, and exclusive content (only with your consent)
  • Free content delivery: To deliver complimentary ebooks you have requested (e.g. through the Inner Circle)
  • Cart recovery: To send you a reminder email if you leave items in your shopping cart without completing your purchase
  • Customer support: To respond to your enquiries, resolve issues with orders, and provide replacement downloads
  • Website improvement: To understand how visitors use my Website, analyse traffic patterns, and improve the user experience
  • Advertising measurement: To measure the effectiveness of my advertising campaigns on platforms such as Facebook, Instagram, and Google
  • Security: To protect my Website and customers against fraud, abuse, and security threats
  • Regional experience: To detect your country and display the appropriate purchasing options (UK direct store or international retailer links)

5. Digital Watermarking

All ebooks sold or provided free of charge through this Website (including complimentary Inner Circle ebooks) are digitally watermarked. This means your copy contains invisible, personalised identifying information linked to your purchase or sign-up.

This is a form of social DRM (Digital Rights Management) used to discourage unauthorised redistribution while allowing you to read your ebook on any compatible device without restrictive DRM software.

The watermark embeds information associated with your transaction (such as your order reference or email identifier) within the ebook file. This data is used solely for the purposes of copy protection and is not shared with third parties.

By purchasing or receiving a digital product, you acknowledge that your copy is uniquely identifiable. Full details of the licence terms are set out in my Terms & Conditions.

6. Legal Basis for Processing

I process your personal data based on the following legal grounds under the UK GDPR:

  • Contract (Article 6(1)(b)): Processing is necessary to fulfil your order, deliver products, manage your account, and provide customer support. This includes generating watermarked ebooks, processing payments through PayPal, and sending order-related communications.
  • Consent (Article 6(1)(a)): When you subscribe to my newsletter, join the Inner Circle, or accept non-essential cookies. You can withdraw consent at any time.
  • Legitimate Interests (Article 6(1)(f)): To operate and improve my Website, analyse traffic, ensure security, send cart recovery emails, detect your country for regional display, and measure advertising effectiveness. I have balanced these interests against your rights and do not believe they are overridden by your interests or fundamental rights.

For marketing emails, I also comply with the Privacy and Electronic Communications Regulations 2003 (PECR), which require your consent before sending marketing communications. Transactional emails related to your orders (such as order confirmations, dispatch notifications, and download links) are sent under the contractual legal basis and do not require separate marketing consent.

7. Third-Party Services

I use the following third-party services that may process your data:

PayPal

I use PayPal to process payments securely. When you make a purchase, you are redirected to PayPal to complete payment. PayPal processes your payment details in accordance with their own privacy policy. I receive confirmation of payment, your PayPal email address, and transaction details, but I do not receive or store your payment card information. You can view PayPal's privacy policy at paypal.com/uk/webapps/mpp/ua/privacy-full.

MailerLite

I use MailerLite to manage my newsletter subscriptions and email communications. When you subscribe, your email address (and name, if provided) is stored by MailerLite. MailerLite tracks email opens and link clicks to help me understand engagement. MailerLite is based in Lithuania (EU) and processes data in accordance with the EU GDPR. You can view their privacy policy at mailerlite.com/legal/privacy-policy.

Meta (Facebook) Pixel

I use the Meta Pixel on certain pages (such as landing pages, reading sample pages, and the podcast page) to measure the effectiveness of my advertising on Facebook and Instagram. The Pixel collects information about how you interact with those pages, including pages visited and actions taken. This data is sent to Meta and used to help me understand my audience and improve my marketing. The Meta Pixel is only loaded if you have consented to non-essential cookies. You can learn more at facebook.com/privacy/policy.

Google Analytics and Google Ads

I use Google Analytics (GA4) to understand how visitors use my Website and Google Ads to measure advertising effectiveness. These services collect information such as your IP address, browser type, pages visited, and actions taken. Google Analytics data is anonymised where possible. These services are only loaded if you have consented to non-essential cookies. You can learn more at policies.google.com/privacy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

IP Geolocation Service

I use a third-party IP geolocation API to determine your approximate country when you first visit the Website. This is used solely to display the correct regional purchasing options (UK direct store or international retailer links). Only your IP address is sent to this service, and the result (country code) is cached locally in your browser for the duration of your session. No personal data is stored on my servers for this purpose.

SiteLock

I use SiteLock to scan my Website for malware and security vulnerabilities. SiteLock may process limited technical data (such as IP addresses) as part of its security monitoring. You can view their privacy policy at sitelock.com/privacy-policy.

Web Hosting

My Website is hosted on servers that log standard access information (including IP addresses, request times, and URLs accessed) for security and performance purposes.

8. International Data Transfers

I am based in the United Kingdom. Some of the third-party services I use may process your data outside the UK:

  • PayPal: Processes data globally, including in the United States. PayPal relies on Standard Contractual Clauses and other approved transfer mechanisms.
  • MailerLite: Based in Lithuania (EU/EEA). Transfers from the UK to the EEA are permitted under the UK adequacy decision for the EEA.
  • Google: Processes data globally, including in the United States. Google relies on Standard Contractual Clauses and other approved transfer mechanisms.
  • Meta: Processes data globally, including in the United States. Meta relies on Standard Contractual Clauses and other approved transfer mechanisms.

Where personal data is transferred outside the UK, I ensure that appropriate safeguards are in place as required by the UK GDPR, including adequacy decisions, Standard Contractual Clauses, or other approved mechanisms.

9. Data Retention

I retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

  • Customer accounts: Until you request deletion of your account. Order records may be retained for up to 7 years after your last purchase for tax, legal, and accounting purposes.
  • Order data: Retained for up to 7 years after the transaction date to comply with UK tax and accounting requirements (HMRC).
  • Newsletter subscribers: Until you unsubscribe or request deletion.
  • Download links: Download tokens expire automatically. Records of downloads are retained as part of order data.
  • Website analytics: Typically retained for up to 14 months (Google Analytics default) or as configured by the respective analytics service.
  • Server logs: Typically retained for up to 12 months.
  • Cart data: Abandoned cart data is retained for a limited period and then automatically deleted.

10. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data I hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: Request limitation of how I use your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent (e.g. unsubscribe from the newsletter). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Rights relating to automated decision-making: I do not make any automated decisions about you that have legal or similarly significant effects.

To exercise any of these rights, please contact me at author@danielariddle.com. I will respond to your request within one month, as required by law.

These rights apply to all visitors, regardless of location. If you are based in the EEA, you have equivalent rights under the EU GDPR.

11. Marketing Communications

I will only send you marketing emails (such as newsletter updates, new release announcements, and promotional offers) if you have given your explicit consent by subscribing to my mailing list.

Every marketing email includes an "Unsubscribe" link at the bottom. You can also unsubscribe at any time by contacting me directly at author@danielariddle.com.

Please note that even after unsubscribing from marketing emails, you may still receive transactional emails related to your orders (e.g. order confirmations, dispatch notifications, download links, and cart recovery reminders). These are sent under the contractual legal basis and are not marketing communications.

12. Data Security

I take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption on all pages of the Website
  • Secure password hashing for customer accounts
  • Regular security scanning via SiteLock
  • Payment processing handled entirely by PayPal (I never receive your card details)
  • Access controls to limit who can access personal data

However, no internet transmission is completely secure, and I cannot guarantee the absolute security of data transmitted online. You are responsible for keeping your account password confidential.

13. Children's Privacy

This Website and its products are not directed at children under 18. I do not knowingly collect personal data from anyone under 18 without parental or guardian consent. If you believe I have inadvertently collected data from a child under 18, please contact me immediately and I will take steps to delete it.

14. International Visitors

This Website is operated from the United Kingdom and is primarily intended for UK customers (direct purchases are available to UK addresses only). However, the Website is accessible worldwide.

If you access this Website from outside the UK, please be aware that your data may be transferred to and processed in the United Kingdom and other countries where my third-party service providers operate. By using this Website, you acknowledge that your data will be handled in accordance with this Privacy Policy and UK data protection law.

I apply the same high standards of data protection to all visitors, regardless of location. If you are located in the EEA, your rights under the EU GDPR are respected.

15. Changes to This Policy

I may update this Privacy Policy from time to time to reflect changes in my practices, technology, or legal requirements. Any changes will be posted on this page with an updated revision date. I encourage you to review this policy periodically. Material changes will be highlighted where appropriate.

16. Complaints

If you have concerns about how I handle your personal data, please contact me first at author@danielariddle.com. I will do my best to resolve any issues.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Website: ico.org.uk
Phone: 0303 123 1113

If you are located in the EEA, you may also contact your local data protection authority.

17. Contact

For any questions about this Privacy Policy, your personal data, or to exercise your rights, please contact:

Daniel A. Riddle
Email: author@danielariddle.com