This Privacy Policy explains how Mary Lumley, trading as MaryLumley.com (“I”, “me”, “my”), collects, uses, and protects your personal information when you visit my website or use my services.

I am committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR), the French Data Protection Act (Loi Informatique et Libertés n° 78-17), and other applicable data protection laws.

Collecting Information

Information You Provide

When you interact with this website or services, you may choose to provide personal information including: your name and email address (when subscribing to newsletters, free courses, or resources), contact details and business information (when enquiring about or purchasing services), payment information (processed securely through Stripe), and any other information you choose to share through contact forms or direct communication.

Information Collected Automatically

When you visit this website, certain technical information is collected automatically, including your IP address and approximate location, browser type and operating system, pages visited and time spent on the site, referring website, and device information. This information is collected through Google Analytics and is used to understand how visitors use this website and to improve the user experience.

Lawful Basis for Processing

Under GDPR, I process your personal data based on the following lawful grounds:

Consent: When you subscribe to my newsletter, opt into free resources, or agree to receive marketing communications.

Contract: When processing is necessary to deliver services you have purchased or to take steps at your request before entering into a contract.

Legitimate Interests: For website analytics, security, and improving my services, where these interests do not override your fundamental rights.

Legal Obligation: When I am required to retain certain records for accounting, tax, or legal purposes.

How I Use Your Information

I use your personal information to: deliver products, services, and resources you have requested; process payments and register you as a customer; send marketing communications (where you have opted in); respond to your enquiries and provide customer support; analyse website traffic and improve user experience; and comply with legal and regulatory obligations.

Cookies and Tracking Technologies

This website uses cookies and similar technologies. Cookies are small files stored on your device that help the website function properly and provide analytics data.

Types of Cookies Used

Essential Cookies: Necessary for the website to function properly.

Analytics Cookies: Used via Google Analytics to understand how visitors interact with the website.

Marketing Cookies: Used by social media platforms (such as Pinterest) to deliver relevant advertising.

Third-Party Service Providers

I work with trusted third-party service providers to deliver services. These providers only receive the information necessary to perform their functions and are bound by confidentiality agreements. I do not sell, rent, or share your personal information with third parties for their own marketing purposes.

The following third parties may have access to your Personally Identifiable Information:

• ActiveCampaign (USA) — Email marketing and automation
• Acuity Scheduling (USA) — Online appointment booking
• Asana (USA) — Project management
• Canva (Australia) — Graphic design
• Dropbox (USA) — Document storage
• Fathom (USA) — Meeting notes and transcription
• Google Analytics (USA) — Website traffic analysis
• Stripe (USA) — Payment processing
• Tailwind (USA) — Content scheduling

Data Retention

I retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods are as follows: email subscriber data is retained until you unsubscribe, plus 30 days to process your request; client and project data is retained for 6 years after the end of our business relationship for accounting and legal purposes; website analytics data is retained for 26 months in accordance with Google Analytics settings; and payment records are retained for 10 years as required by French tax law.

Your Rights

Under GDPR and French data protection law, you have the following rights regarding your personal data:

Right of Access: You can request a copy of the personal data I hold about you.

Right to Rectification: You can ask me to correct any inaccurate or incomplete data.

Right to Erasure: You can request deletion of your personal data (the “right to be forgotten”).

Right to Restrict Processing: You can ask me to limit how I use your data.

Right to Data Portability: You can request your data in a structured, commonly used format.

Right to Object: You can object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact me. I will respond to your request within one month. You also have the right to lodge a complaint with a supervisory authority. In France, this is the Commission Nationale de l’Informatique et des Libertés (CNIL).

Use of Artificial Intelligence

I use AI-powered tools to help deliver my services more efficiently and effectively. Here’s what you should know:

How I Use AI

I use Claude (Anthropic), ChatGPT (OpenAI), and Perplexity to assist with tasks including content research, content creation, data analysis, and general administrative work related to my Pinterest marketing services.

Your Data and AI

I do not upload confidential client data, account credentials, or personally identifiable information into any AI tool. All three tools are used on paid plans, which include appropriate data protection terms. Your data is not used to train AI models..

AI-Assisted Content

Any content that has been assisted by AI is reviewed, edited, and approved by me before delivery. What you receive always reflects my own expertise and strategic thinking.

Transparency

If you have questions about how AI is used in your specific project, I’m happy to discuss this with you directly. Contact me.

Email Communications

I will never pass on your email address to third parties for their marketing purposes. If you have opted into my newsletter, free courses, resources, or challenges, you can unsubscribe at any time by clicking the unsubscribe link in any email or by contacting me via the contact form.

Links to Other Websites

This website may contain links to external websites that are not under my control. These websites have their own privacy policies, and I have no responsibility for their content or practices. I provide these links for your convenience and information only.

Security

I take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet is completely secure, and I cannot guarantee absolute security.

Changes to This Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in practices or legal requirements. Any changes will be posted on this page with an updated “Last Updated” date. For significant changes, I may notify you by email or through a notice on this website.

Protection des Données (French)

Conformément au Règlement Général sur la Protection des Données (RGPD) et à la loi n° 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés, vous disposez d’un droit d’accès, de rectification, d’effacement, de limitation, de portabilité et d’opposition concernant vos données personnelles.

Pour exercer ces droits ou pour toute question relative à la protection de vos données, vous pouvez me contacter à l’adresse [email protected]. Vous avez également le droit d’introduire une réclamation auprès de la Commission Nationale de l’Informatique et des Libertés (CNIL).