This privacy policy explains how Efrain Gomez (“I”, “me”, “my”) collects, uses, and protects personal data in connection with this website (efraingomezhr.com). This policy applies to all visitors, including prospective employers and professional contacts who request access to portfolio content.
This website is operated on a personal, non-commercial basis. It is intended for professional networking and the sharing of HR knowledge and insight.
Who I am
Data Controller: Efrain Gomez
Location: London, United Kingdom
Contact: Available via the Contact page on this website
What Data I Collect and Why
I collect personal data in two contexts:
a) Portfolio access requests
When you request access to the password-protected portfolio section of this website, I collect:
- Full name
- Email address
- Employer or organisation name
- Job title or role
This data is collected solely to grant and manage access to portfolio content. It is not used for marketing, profiling, or any other purpose.
b) Blog comments
When you leave a comment on this blog, WordPress collects the following data as part of the comment submission process:
- Name (as provided by you)
- Email address (as provided by you)
- Website URL (optional, as provided by you)
- IP address (collected automatically)
- Browser user agent string (collected automatically)
All comments are moderated before publication. Your email address is not published or shared. It is used solely to notify you if I respond to your comment, and to help identify spam submissions.
Lawful Basis for Processing
The lawful basis for processing personal data collected via portfolio access requests is legitimate interests under Article 6(1)(f) of the UK GDPR and EU GDPR. I have a legitimate interest in sharing my professional portfolio with prospective employers and professional contacts, and they have a legitimate interest in accessing it.
The lawful basis for processing data submitted via blog comments is also legitimate interests. Publishing and moderating reader comments is a standard and expected function of a blog, and the data collected is limited to what is strictly necessary for that purpose.
How Long I Keep Your Data
Personal data collected via portfolio access requests is retained for a maximum of 12 months from the date of collection, after which it is securely deleted unless an ongoing professional relationship justifies continued retention. I review and purge stored data annually.
Data associated with approved blog comments is retained for as long as the comment remains published on the site. If you request deletion of your comment, associated personal data will also be deleted.
Third Parties and Data Processors
This website has been designed within the WordPress ecosystem and uses the following third-party services that may process personal data on my behalf:
Hostinger: This website is hosted on a third-party server. Hosting providers process data as part of normal website operation under appropriate data processing terms.
Akismet (Automattic Inc.): Comment data, including name, email, IP address, and comment content, is passed to Akismet for spam detection. Akismet is a service provided by Automattic Inc. and is subject to its own privacy policy, available at automattic.com/privacy. Akismet may store and process data in the United States under appropriate safeguards.
No personal data is sold to or shared with third parties for commercial purposes.
Cookies
This website uses cookies necessary for its operation, including cookies set by WordPress to manage comment author information and session state. If you leave a comment, WordPress may save your name and email in cookies to pre-fill the comment form on your next visit. These cookies last for one year.
If analytics tools are used on this website, they are configured to anonymise data where possible. You may disable cookies via your browser settings, though this may affect the functionality of the site.
Your Rights
Under UK GDPR and EU GDPR, you have the following rights in relation to your personal data:
- The right to access the personal data I hold about you
- The right to rectification if your data is inaccurate or incomplete
- The right to erasure (“right to be forgotten”)
- The right to restrict processing
- The right to data portability
- The right to object to processing based on legitimate interests
To exercise any of these rights, please contact me via the Contact page on this website. I will respond within one month of receiving your request.
How to Complain
If you are based in the United Kingdom and believe I have not handled your personal data in accordance with the law, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Telephone: 0303 123 1113
If you are based in the European Union, you have the right to lodge a complaint with your local data protection authority.
Changes to This Policy
I may update this privacy policy from time to time to reflect changes in how I operate or in applicable law. The date at the top of this page will always reflect when the policy was last revised. Continued use of this website following any update constitutes acceptance of the revised policy.