Privacy Policy
Last updated: March 2026
This Privacy Policy explains how Francesco Federico ("we", "us", "our") collects, uses, stores, and protects personal data in connection with the website francescofederico.com (the "Site").
This Policy is provided in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read it carefully before using this Site.
1. Data Controller
The data controller for this website is:
2. Data We Collect
We may collect the following categories of personal data:
- Contact data: Name and email address, if you submit an enquiry or subscribe to the newsletter via this Site.
- Usage data: Pages visited, time on site, browser type, and device information — collected via analytics tools (if enabled). This data is anonymised where possible.
- Communications: Any messages or enquiries you send to us directly.
3. How We Use Your Data
We use personal data for the following purposes, under the following legal bases:
When you contact us, we use your data to respond.
If you subscribe to Chronicles of Change, we use your email to deliver issues. Managed via Substack — see Substack's privacy policy for their data practices.
To understand how the Site is used and improve it. Analytics data is anonymised.
Where we are required to process or retain data by law.
4. Data Sharing & Third Parties
We do not sell personal data. We may share data with:
- Substack — if you subscribe to Chronicles of Change via Substack, your data is governed by Substack's Privacy Policy.
- Analytics providers — anonymised usage data may be processed by a third-party analytics service (e.g. Plausible or similar privacy-first tools).
- Legal authorities — where required by law or to protect our legal rights.
5. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by applicable law. Enquiry data is retained for up to 12 months. Newsletter subscriber data is managed through Substack and governed by their retention policies.
6. Your Rights (UK GDPR)
Under UK GDPR, you have the following rights:
- Right of access — to request a copy of personal data we hold about you.
- Right to rectification — to correct inaccurate or incomplete data.
- Right to erasure ('right to be forgotten') — to request deletion of your data.
- Right to restrict processing — to request that we limit how we use your data.
- Right to data portability — to receive your data in a structured, machine-readable format.
- Right to object — to object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact us via LinkedIn. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
7. Cookies
This Site may use essential cookies required for functionality. We do not use advertising or tracking cookies. If analytics are enabled, we use a privacy-first analytics provider that does not use cookies for tracking. You can disable cookies in your browser settings at any time.
8. Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. The Site is served over HTTPS. However, no method of internet transmission is 100% secure.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Any material changes will be noted by updating the "Last updated" date at the top. Continued use of the Site after changes constitutes acceptance of the updated Policy.
10. Contact
For any questions about this Privacy Policy or your personal data, please contact Francesco Federico via LinkedIn.