Back to Home
Legal Effective 27 May 2026

Privacy Policy

This privacy policy explains how we handle personal data when you visit chrismatthews.co.uk or get in touch. It is written in plain English so it actually makes sense, while still meeting our obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

If anything here is unclear, email privacy@chrismatthews.co.uk and we will explain it properly.

Who is responsible for your data

The data controller for this website is:

RCM Solutions, a UK general partnership registered with HMRC, trading as Chris Matthews and operating chrismatthews.co.uk.
Registered address: Rowan House, Irthington, Carlisle, Cumbria, CA6 4NJ, United Kingdom.
Email for privacy enquiries: privacy@chrismatthews.co.uk
General contact: chris@chrismatthews.co.uk

Throughout this policy, “we”, “us” and “our” refer to RCM Solutions as the data controller. “I” refers to Chris Matthews personally, where the human handling your enquiry is the relevant point. RCM Solutions is in the process of registering with the Information Commissioner’s Office (ICO) as a data controller; the registration number will be added here once issued.

What data I collect

This site is intentionally simple and does not have contact forms, comment sections, or newsletter sign-ups. The data that gets collected is therefore quite limited:

Server logs. Like every website on the internet, the hosting provider that delivers this site (Cloudflare) automatically records technical information when you visit, including your IP address, the time of the request, the page you accessed, your browser type, and the page that referred you. These logs help keep the site secure and running, and are kept for a short period before being deleted by Cloudflare.

Information you send me directly. If you email me, message me on WhatsApp, book a discovery call through the calendar on chrismatthews.co.uk/book, attend a Zoom meeting, or contact me via my X or YouTube profiles, you are choosing to share your name, contact details, and the contents of your message with me. I keep this so I can respond to you, follow up if appropriate, and run my business.

Aggregate traffic analytics (cookieless, always on). Cloudflare Web Analytics runs on every page of this site to count visits and measure performance. It is cookieless, anonymises and aggregates IP addresses at the edge, does not track individual users across sessions or sites, and does not share data with third parties for advertising purposes. No personal data is processed and no consent is required for this.

Optional analytics (cookies, only with your consent). If you accept the consent banner the first time you visit, two additional tools load:

  • Google Analytics 4 (property G-ETQ3XY8V2D). This sets cookies in your browser and reports anonymised behaviour back to Google so I can see which pages are read, which articles people return to, and where visitors come from. IP addresses are anonymised at collection.
  • Microsoft Clarity (project wxnu0w3rgz). This sets cookies and records anonymised session replays, heatmaps, and scroll behaviour so I can see how the site is actually used and fix anything that is broken. Replays do not show form input by default and are stored by Microsoft, not by me.

If you reject the banner, neither of these tools loads at all. You can change your mind at any time by clearing your cookies for this site, which will bring the banner back on your next visit. Cloudflare Web Analytics continues to run either way because it does not set cookies and processes no personal data.

Theme preference cookie. If you switch between dark and light mode using the toggle in the header, a small cookie called theme remembers the choice for the next visit. It is strictly functional, sets no analytics, and does not require consent.

What I do with your data

I use the data I hold for the following purposes:

  • Replying to your messages and following up on conversations we have started
  • Delivering coaching, consulting, and speaking work I have agreed to do for you
  • Keeping records I am legally required to keep, for example for tax purposes
  • Keeping the website secure and dealing with technical issues

I do not sell your data to anyone. I do not add you to mailing lists you have not asked to be on. I do not use your data for automated decision-making or profiling.

My legal basis for processing

Under UK GDPR I must have a lawful basis for processing your personal data. The bases I rely on are:

  • Legitimate interests for replying to your enquiries, keeping records of conversations, and protecting the security of the website.
  • Performance of a contract when you have engaged me for coaching, consulting, or speaking work.
  • Legal obligation when I am required to keep certain records, for example tax and accounting records that HMRC requires me to retain.
  • Consent if I ever ask you specifically to opt in to something, for example a future newsletter.

Who I share your data with

The third parties that may process your data on my behalf are:

  • Cloudflare, which hosts this website, operates the email routing for chrismatthews.co.uk, and provides the cookieless aggregate web analytics described above.
  • Google, which provides the Google Analytics 4 reporting described above, but only if you accept the consent banner.
  • Microsoft, which provides the Clarity session replay and heatmap tool described above, but only if you accept the consent banner.
  • My email provider, which stores and delivers messages you send me.
  • HighLevel (Go High Level), the booking platform that powers the calendar at chrismatthews.co.uk/book. If you schedule a discovery call, it processes the name, email, and any details you submit so the appointment can be confirmed.
  • Zoom, which hosts the video calls themselves and processes the meeting details.
  • WhatsApp / Meta, if you message me on WhatsApp.
  • HMRC and our accountant, where we are legally required to disclose financial records as a UK partnership.

Each of these providers has its own privacy policy. Some of them are based outside the UK, in which case the transfer of your data is covered by appropriate safeguards under UK GDPR, such as Standard Contractual Clauses or an adequacy decision.

How long I keep your data

I keep personal data only for as long as it is needed for the purpose I collected it. In practice this means:

  • Email and messaging conversations: kept while there is an ongoing business relationship and for a reasonable period after, then deleted.
  • Client records: kept for the duration of our engagement and for a minimum of six years afterwards, in line with UK tax and accounting rules.
  • Server logs: a short retention period set by my hosting provider, typically a few weeks.

Your rights

Under UK GDPR you have the following rights over your personal data. You can exercise any of these by emailing me at privacy@chrismatthews.co.uk:

  • Right of access, to ask what data I hold about you.
  • Right to rectification, to correct anything that is wrong or out of date.
  • Right to erasure, also called the right to be forgotten, where applicable.
  • Right to restrict processing in certain circumstances.
  • Right to data portability, to receive a copy of your data in a structured format.
  • Right to object to processing where I rely on legitimate interests.
  • Right to withdraw consent at any time, where consent is the basis I rely on.

I will respond to any request within one month. If I cannot fulfil it, I will explain why.

If you are not happy with how I have handled your data, you have the right to complain to the UK Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113. I would always prefer you talked to me first so I can put it right.

External links

This site links to external websites, including X, YouTube, LinkedIn, Amazon, Zoom, WhatsApp, HighLevel (the booking calendar), and the book funnel sites for my published books. Once you click through, you are governed by the privacy policy of that third party rather than mine. I encourage you to read their policies before sharing data with them.

Children

This site is intended for business owners, executives, and other adults. It is not directed at children under 13, and I do not knowingly collect personal data from anyone under that age.

Changes to this policy

I will update this policy if my practices change, for example if I add a contact form, a newsletter, or any tool that uses cookies. The effective date at the top of this page tells you when the latest version was published.

Get in touch

For anything related to your personal data, please email privacy@chrismatthews.co.uk. For anything else, chris@chrismatthews.co.uk is the right address.