Back to Home
Legal Effective 27 April 2026

Privacy Policy

This privacy policy explains how I, Chris Matthews, handle personal data when you visit chrismatthews.co.uk or get in touch with me. I have written it in plain English so it actually makes sense, while still meeting my obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

If anything here is unclear, email me at privacy@chrismatthews.co.uk and I will explain it properly.

Who is responsible for your data

The data controller for this website is:

Chris Matthews, sole trader, United Kingdom.
Email for privacy enquiries: privacy@chrismatthews.co.uk
General contact: chris@chrismatthews.co.uk

What data I collect

This site is intentionally simple and does not have contact forms, comment sections, or newsletter sign-ups. The data that gets collected is therefore quite limited:

Server logs. Like every website on the internet, the hosting provider that delivers this site (Cloudflare) automatically records technical information when you visit, including your IP address, the time of the request, the page you accessed, your browser type, and the page that referred you. These logs help keep the site secure and running, and are kept for a short period before being deleted by Cloudflare.

Information you send me directly. If you email me, message me on WhatsApp, book a meeting through my Zoom link, or contact me via my X or YouTube profiles, you are choosing to share your name, contact details, and the contents of your message with me. I keep this so I can respond to you, follow up if appropriate, and run my business.

Aggregate traffic analytics. I use Cloudflare Web Analytics to understand which pages are visited and how the site performs. This service is cookieless, anonymises and aggregates IP addresses at the edge, does not track individual users across sessions or sites, and does not share data with third parties for advertising purposes. No personal data is processed for analytics.

Cookies. At the time of writing, this site does not set any tracking, advertising, or marketing cookies. The analytics described above is cookieless. If that ever changes, I will update this policy and add a cookie banner that lets you choose what to allow before any non-essential cookies are loaded.

What I do with your data

I use the data I hold for the following purposes:

  • Replying to your messages and following up on conversations we have started
  • Delivering coaching, consulting, and speaking work I have agreed to do for you
  • Keeping records I am legally required to keep, for example for tax purposes
  • Keeping the website secure and dealing with technical issues

I do not sell your data to anyone. I do not add you to mailing lists you have not asked to be on. I do not use your data for automated decision-making or profiling.

My legal basis for processing

Under UK GDPR I must have a lawful basis for processing your personal data. The bases I rely on are:

  • Legitimate interests for replying to your enquiries, keeping records of conversations, and protecting the security of the website.
  • Performance of a contract when you have engaged me for coaching, consulting, or speaking work.
  • Legal obligation when I am required to keep certain records, for example tax and accounting records that HMRC requires me to retain.
  • Consent if I ever ask you specifically to opt in to something, for example a future newsletter.

Who I share your data with

The third parties that may process your data on my behalf are:

  • Cloudflare, which hosts this website, operates the email routing for chrismatthews.co.uk, and provides the cookieless aggregate web analytics described above.
  • My email provider, which stores and delivers messages you send me.
  • Zoom, if you book a meeting via my Zoom link, which processes the meeting details.
  • WhatsApp / Meta, if you message me on WhatsApp.
  • HMRC and my accountant, where I am legally required to disclose financial records.

Each of these providers has its own privacy policy. Some of them are based outside the UK, in which case the transfer of your data is covered by appropriate safeguards under UK GDPR, such as Standard Contractual Clauses or an adequacy decision.

How long I keep your data

I keep personal data only for as long as it is needed for the purpose I collected it. In practice this means:

  • Email and messaging conversations: kept while there is an ongoing business relationship and for a reasonable period after, then deleted.
  • Client records: kept for the duration of our engagement and for a minimum of six years afterwards, in line with UK tax and accounting rules.
  • Server logs: a short retention period set by my hosting provider, typically a few weeks.

Your rights

Under UK GDPR you have the following rights over your personal data. You can exercise any of these by emailing me at privacy@chrismatthews.co.uk:

  • Right of access, to ask what data I hold about you.
  • Right to rectification, to correct anything that is wrong or out of date.
  • Right to erasure, also called the right to be forgotten, where applicable.
  • Right to restrict processing in certain circumstances.
  • Right to data portability, to receive a copy of your data in a structured format.
  • Right to object to processing where I rely on legitimate interests.
  • Right to withdraw consent at any time, where consent is the basis I rely on.

I will respond to any request within one month. If I cannot fulfil it, I will explain why.

If you are not happy with how I have handled your data, you have the right to complain to the UK Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113. I would always prefer you talked to me first so I can put it right.

External links

This site links to external websites, including X, YouTube, LinkedIn, Amazon, Zoom, WhatsApp, and the book funnel sites for my published books. Once you click through, you are governed by the privacy policy of that third party rather than mine. I encourage you to read their policies before sharing data with them.

Children

This site is intended for business owners, executives, and other adults. It is not directed at children under 13, and I do not knowingly collect personal data from anyone under that age.

Changes to this policy

I will update this policy if my practices change, for example if I add a contact form, a newsletter, or any tool that uses cookies. The effective date at the top of this page tells you when the latest version was published.

Get in touch

For anything related to your personal data, please email privacy@chrismatthews.co.uk. For anything else, chris@chrismatthews.co.uk is the right address.