Skip to main content
AndersLearmonth

Legal

Privacy Policy

Last updated: May 26, 2026

This Privacy Policy explains how Anders Learmonth ("I", "me", or "my") collects, uses, and protects information that you provide when using this website (dregozone.com). I am committed to ensuring that your privacy is protected and that this website complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who is the Data Controller?

The data controller responsible for your personal information on this website is:

Anders Learmonth
Founder, Glacial Studio
Email: Contact via website

2. What Personal Data I Collect

I collect the following categories of personal data:

a) Newsletter Subscriptions

  • Email address — used to send you occasional blog updates and newsletters.
  • Name (optional) — used to personalise newsletter emails.
  • Subscription date — recorded for administrative purposes.

Your email address is collected with your explicit consent when you complete the newsletter sign-up form. You can withdraw consent and unsubscribe at any time (see Section 6).

b) Contact Form Submissions

When you submit a message via the contact form, I collect:

  • Name
  • Email address
  • Subject and message content
  • Enquiry type (e.g. general, work request, partnership)
  • Additional project details where provided (e.g. budget, timeline, company name)

This information is processed to respond to your enquiry. It is stored securely on the website server and accessible only to me.

The personal data described above may also be included in operational database backups created for disaster recovery, service continuity, and restoration of the website after an incident.

c) Technical / Usage Data

  • Blog post view counts — individual page views are counted anonymously to understand which content is most popular. No personally identifiable information is stored alongside view counts.

I do not currently use third-party analytics, advertising networks, or tracking pixels.

3. Legal Basis for Processing

Purpose Legal Basis (UK GDPR)
Sending newsletter emails Consent (Art. 6(1)(a))
Responding to contact enquiries Legitimate interests (Art. 6(1)(f))
Anonymous page view counting Legitimate interests (Art. 6(1)(f))
Maintaining operational backups and restoring the website after an incident Legitimate interests (Art. 6(1)(f))

4. How Long I Keep Your Data

  • Newsletter subscribers — your email address is retained while your subscription is active. If you unsubscribe, your record is marked inactive and will be deleted within 30 days of a deletion request.
  • Contact messages — kept for up to 2 years from receipt, or until the enquiry is fully resolved and no longer required.
  • Operational database backups — retained on a rolling schedule for disaster recovery purposes: all backups are kept for 7 days, daily backups for 16 days, weekly backups for 8 weeks, monthly backups for 4 months, and yearly backups for up to 2 years. Older backups may be deleted sooner where storage limits require cleanup.

5. Cookies

This website uses a small number of cookies that are essential for it to function correctly. These include a session cookie used by the Laravel framework for security (CSRF protection) and to maintain your login state if you have an account.

When you visit the site for the first time, a cookie consent banner is displayed. Dismissing this banner stores a preference in your browser's local storage so the banner does not appear again during that session.

I do not use advertising, profiling, or third-party tracking cookies.

Cookie Purpose Type
XSRF-TOKEN Security — prevents cross-site request forgery attacks Essential
laravel_session Maintains your login session Essential
cookie_consent (localStorage) Remembers that you have acknowledged the cookie notice Functional

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — you can request a copy of the personal data I hold about you.
  • Right to rectification — you can request that inaccurate data be corrected.
  • Right to erasure ("right to be forgotten") — you can request that I delete your personal data. I will action this within 30 days.
  • Right to restrict processing — you can ask me to pause processing your data in certain circumstances.
  • Right to data portability — you can request your data in a structured, commonly used format.
  • Right to withdraw consent — where processing is based on consent (e.g. newsletter), you can withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to object — you can object to processing based on legitimate interests.

To exercise any of these rights, please contact me with the subject line "Data Subject Request". I will respond within 30 calendar days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully.

7. Newsletter Unsubscribe

Every newsletter email I send contains an unsubscribe link at the bottom. Clicking this link will immediately remove you from the mailing list.

If you have a registered account on this website, you can also manage your newsletter subscription at any time via your account settings (Settings → Newsletter). You can also request removal by contacting me directly.

8. Data Security

I take reasonable precautions to protect your personal data against unauthorised access, disclosure, or loss. The website is served over HTTPS. Access to stored contact messages and subscriber data is restricted to authenticated administrators only.

Operational database backups are stored on restricted server storage with access limited to authorised administrators. When a backup archive is emailed for continuity or disaster recovery purposes, it is sent only to a designated administrator address, should be stored securely once archived, and should be deleted from the mailbox after archival. Where configured, backup archives may also be protected with archive encryption.

9. Third Parties

I do not sell, trade, or otherwise transfer your personal data for marketing purposes. Your data may be processed by service providers that support the operation of the website, including the hosting provider and the transactional email provider used to deliver site emails and operational backup messages. These providers act as data processors and are required to handle personal data in accordance with applicable data protection law.

10. Children's Privacy

This website is not directed at children under the age of 13. I do not knowingly collect personal data from children. If you believe a child has submitted personal data through this site, please contact me and I will delete it promptly.

11. Changes to This Policy

I may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. I encourage you to review this page periodically to stay informed about how your data is protected.

12. Contact

If you have any questions about this Privacy Policy or how your data is handled, please get in touch via the contact page.

This site uses essential cookies to keep you securely logged in and to protect against CSRF attacks. No tracking or advertising cookies are used. By continuing to use this site you consent to these essential cookies. Read our Privacy Policy for full details.

Learn more