Privacy

Last Updated: 16 MARCH 2026

1. Introduction

This Privacy Policy explains how David Alston, trading as 'Only One You' Pro Bio Pages, a sole trader based at Halton Mill, Mill Lane, Halton, Lancaster, LA2 6ND ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit onlyone.you ("the Website") or use our bio page service ("the Service").

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

ICO Registration Number: [ZA431043]

We are committed to protecting your privacy in compliance with:

  • The UK General Data Protection Regulation (UK GDPR)

The Data Protection Act 2018

The Privacy and Electronic Communications Regulations 2003 (PECR)

The Data (Use and Access) Act 2025 

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

2.1. Information you provide directly:

  • Full name

Email address

Billing address

Payment information (processed securely by our payment processor; we do not store full card details)

Account login credentials (email and hashed password)

Any content you upload to the Service (links, images, text for your bio page)

2.2. Information collected automatically:

  • IP address

Browser type and version

Operating system

Device information

Pages visited and interaction data

Date and time of visits

Referring website

Cookie data (see our Cookie Policy)

2.3. Information from third parties:

  • Payment confirmation data from our payment processor (e.g., Stripe)

3. Lawful Basis for Processing

Under Article 6 of the UK GDPR, we process your personal data on the following lawful bases:

Purpose

Lawful Basis (Article 6(1))

Providing and managing the Service

(b) Performance of a contract

Processing payments

(b) Performance of a contract

Sending essential service communications (e.g. password resets, billing notices)

(b) Performance of a contract

Complying with legal and tax obligations

(c) Legal obligation

Website analytics and performance improvement

(f) Legitimate interests

Fraud prevention and security

(f) Legitimate interests

Marketing communications (only with consent)

(a) Consent

Where we rely on legitimate interests, we have conducted a balancing assessment and are satisfied that your rights and freedoms are not overridden. You have the right to object to processing based on legitimate interests. 

4. How We Use Your Data

We use your personal data to:

  • Create and manage your account

Provide, maintain, and improve the Service

Process subscription payments and send invoices/receipts

Communicate with you about your account, service updates, and support queries

Send marketing communications (only where you have opted in)

Analyse website usage to improve the user experience

Detect, prevent, and address technical issues, fraud, or abuse

Comply with legal obligations (e.g., tax records, HMRC requirements)

5. Data Sharing

We may share your personal data with the following categories of recipients:

  • Payment processors (Stripe) — to process payments securely

Hosting providers (Brizy) — to host the Website and Service

Email service providers (SMTP2Go, Birdsend) — to send transactional and, where consented to, marketing emails

Analytics providers (SMTP2Go, Birdsend)

Legal and regulatory authorities — where required by law or to protect our legal rights

We do not sell your personal data to third parties.

All third-party processors with whom we share data are bound by data processing agreements ensuring UK GDPR compliance.

6. International Data Transfers

Some of our third-party service providers may be based outside the UK. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

  • UK adequacy decisions

UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses

The service provider's binding corporate rules

For US-based processors, we verify that adequate contractual protections are in place. 

7. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this Privacy Policy:

Data Type

Retention Period

Account data

Duration of account + 30 days after deletion

Billing and payment records

6 years (HMRC legal obligation)

User Content (bio page data)

Duration of account + 30 days after deletion

Website analytics data

26 months (or as configured)

Marketing consent records

Duration of consent + 1 year

Support correspondence

2 years from resolution

After the applicable retention period, data will be securely deleted or anonymised.

8. Your Rights Under the UK GDPR

You have the following rights in relation to your personal data:

  • Right of access (Article 15) — Request a copy of the personal data we hold about you.

Right to rectification (Article 16) — Request correction of inaccurate or incomplete data.

Right to erasure (Article 17) — Request deletion of your personal data ("right to be forgotten"), subject to legal obligations.

Right to restrict processing (Article 18) — Request that we limit the processing of your data.

Right to data portability (Article 20) — Request your data in a structured, commonly used, machine-readable format.

Right to object (Article 21) — Object to processing based on legitimate interests or for direct marketing.

Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Rights related to automated decision-making (Article 22) — We do not currently carry out automated decision-making or profiling that produces legal effects.

To exercise any of these rights, please email help@onlyone.you. We will respond within one month of receiving your request, in accordance with the UK GDPR. 

9. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)

Encrypted storage of passwords (hashing)

Regular security assessments

Access controls limiting who can access personal data

Secure payment processing via PCI-DSS compliant providers

While we strive to protect your personal data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 18, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. Where changes are significant, we will notify you by email or via a notice on the Website.

12. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: https://ico.org.uk/make-a-complaint/

Phone: 0303 123 1113

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 

13. Contact Us

For any questions about this Privacy Policy or your personal data, please contact:

David Alston

Trading as 'Only One You' Pro Bio Pages

Halton Mill, Mill Lane, Halton, Lancaster, LA2 6ND

help@onlyone.you

ICO Registration Number: ZA431043