Yes, my personal website has a privacy policy. Daft, I know. But because I dared to add a single feature—a newsletter signup—I now possess the almighty power of storing an email address. Naturally, UK GDPR has kicked down the door demanding paperwork. So, grab a cup of tea, and here we go.
Below is everything you need to know about what this site collects, why it collects it, where it goes, and how to make me delete it.
Who I am
I’m Will Hackett. For anything related to this policy—or if you just want to chat about the thrilling world of data compliance—use the contact details on my about page.
What I collect
If you subscribe to the newsletter, I collect your email address. That is it. I don’t want your blood type, your mother’s maiden name, or your favourite colour. Just the email.
For everyone else just casually browsing, the site records entirely anonymous, faceless analytics (like what page you looked at and what website sent you here). There are zero cookies, zero session identifiers, and absolutely no sneaky ways for me to tie those stats back to newsletter subscribers.
Why I collect it
Your email address does exactly one thing: it lets me send you a weekly newsletter when I publish new content, and only then. No spam, I promise.
The anonymous analytics just soothe my ego by telling me which pages people actually read.
The lawful basis (legal jargon warning)
Newsletter subscriptions rely on your active, informed consent under UK GDPR Article 6(1)(a) and the Privacy and Electronic Communications Regulations (PECR). You give me that consent by typing in your email and clicking the confirmation link I send to your inbox (the classic double opt-in). You can take that consent back whenever you want.
As for the site analytics, they are so thoroughly anonymous that they don’t even qualify as personal data processing under UK GDPR. Take that, bureaucracy.
Who else handles your data
I send the newsletter using a service called Resend, who act as my “data processor” under a fancy Data Processing Agreement. While Resend is a US company, I specifically use their EU region—meaning your precious email and delivery data never leave the cozy, highly regulated confines of EU data centres.
Site analytics are handled by Umami, a cookieless tool running entirely on my own infrastructure. Absolutely zero third-party trackers, creepy ad networks, or data brokers will ever get their hands on your information.
Retention (how long I keep it)
I keep your email address until the exact moment you hit “unsubscribe.” The second you do, it goes poof—deleted immediately.
The email delivery logs hang around for 3 days just in case something breaks, and then they are tossed into the digital incinerator. After that, it’s like you were never here.
Your rights
Under UK GDPR, you have the right to demand things from me. Specifically, you can:
- Access the data I hold about you (spoiler: it’s just your email).
- Have me correct inaccurate data.
- Have your data completely erased.
- Restrict or object to me processing it.
- Receive a copy of your data in a portable format.
- Withdraw your consent at any time. (To make this easy, every single newsletter has a blatantly obvious, one-click unsubscribe link).
If you think I’m doing a terrible job with your data, you also have the right to tell on me to the Information Commissioner’s Office at ico.org.uk.
Contact for data requests
Want to exercise any of those rights? Hit up the contact details on the about page for access, correction, deletion, or any other request. I promise I’ll sort it out without making you fill out a form in triplicate.
For formal subject access requests, email gdpr@willhackett.com.
Last updated: 29 April 2026.