Data Protection Policy

Last updated: December 05, 2025

Michael Harris ("we", "our", "us") is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). This policy explains what personal data we collect, how we use it, your rights, and how we protect your information.

1. Data Controller

The data controller for this website is Michael Harris. For questions about this policy or to exercise your data protection rights, please contact us at support@athenacfo.com, or write to Athena Solutions, LLC at 7533 S Center View CT #5316, West Jordan, UT, 84084, USA.

2. Personal Data We Collect

2.1 Newsletter Subscriptions

When you subscribe to our newsletter, we collect:

  • Email address (required)
  • Subscription status (confirmed, unconfirmed, or unsubscribed)
  • Confirmation and unsubscribe tokens (for managing your subscription)
  • Timestamps (when you subscribed, confirmed, or unsubscribed)

Legal basis: Your explicit consent (Article 6(1)(a) GDPR). You can withdraw consent at any time by unsubscribing.

2.2 Contact Messages

When you submit a contact message, we collect:

  • Message title and content (required)
  • Email address (optional, if you provide it)
  • IP address (hashed using SHA-256 one-way encryption) for spam prevention
  • Submission timestamp

Legal basis: Legitimate interest for spam prevention and security (Article 6(1)(f) GDPR), and consent for optional email address (Article 6(1)(a) GDPR).

2.3 Content Engagement Metrics

When you interact with our content (view posts, heart posts, or share posts), we collect:

  • Post hearts: IP address (hashed using SHA-256 one-way encryption) to prevent duplicate hearts from the same IP address
  • Post views and shares: No personal data is stored—only simple aggregate counters
  • Home page views: No personal data is stored—only simple aggregate counters

Legal basis: Legitimate interest for preventing abuse and tracking content engagement (Article 6(1)(f) GDPR).

2.4 Cookies & Local Storage

We use:

  • Essential session cookies: Required for site security and CSRF protection. These are necessary for the website to function.
  • Cookie consent preference: Stored in browser localStorage and cookies (when accepted) to remember your cookie consent choice.

We do NOT use: Third-party advertising cookies, social media tracking pixels, cross-site tracking technologies, or any analytics cookies from external providers (e.g., Google Analytics).

Legal basis: Legitimate interest for essential cookies (Article 6(1)(f) GDPR), and consent for cookie consent storage (Article 6(1)(a) GDPR).

3. How We Use Your Personal Data

  • Newsletter delivery: To send you newsletters and manage your subscription preferences (double opt-in confirmation required).
  • Communication: To respond to your contact messages and inquiries.
  • Security & spam prevention: To prevent abuse, limit contact form submissions (3 per day per IP), and maintain site security.
  • Content engagement: To track aggregate metrics such as post view counts, heart counts, share counts, and home page view counts. For post hearts, we store hashed IP addresses (using SHA-256 one-way encryption) to prevent duplicate hearts from the same IP address. View counts and share counts do not store any personal data—only simple counters.

4. Data Sharing & Third Parties

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We may share data only with:

  • Email service providers: To deliver newsletters (only email addresses and subscription status).
  • Hosting providers: Our hosting infrastructure stores data securely under strict confidentiality agreements.

Any data transfers outside the UK or EU are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) where applicable.

5. Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this policy:

  • Newsletter subscriptions: Retained until you unsubscribe or request deletion. Unsubscribed records may be retained for a short period to prevent re-subscription issues.
  • Contact messages: Retained indefinitely to support follow-up conversations, unless asked to be deleted.
  • Post hearts: Hashed IP addresses are retained indefinitely to maintain the integrity of heart counts and prevent duplicate hearts.
  • View and share counts: No personal data is stored—only simple aggregate counters. These counts are retained indefinitely.

6. Your GDPR Rights

Under the GDPR, you have the following rights:

  • Right of access (Article 15): Request a copy of all personal data we hold about you.
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): Request deletion of your data ("right to be forgotten"), subject to legal obligations.
  • Right to restrict processing (Article 18): Request that we limit how we use your data.
  • Right to data portability (Article 20): Receive your data in a structured, machine-readable format.
  • Right to object (Article 21): Object to processing based on legitimate interests.
  • Right to withdraw consent (Article 7): Withdraw consent at any time (e.g., unsubscribe from newsletters) without affecting prior lawful processing.

To exercise any of these rights, please contact us at support@athenacfo.com. We will respond within one month. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority:

  • UK: Information Commissioner's Office (ICO) - ico.org.uk
  • EU: Your local data protection authority (DPA)

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • IP addresses collected for contact form spam prevention are hashed using SHA-256 encryption before storage (one-way, irreversible).
  • SSL/TLS encryption for data transmission.
  • Secure session management with HTTP-only, secure cookies.
  • Regular security assessments and updates.
  • Limited access to personal data on a need-to-know basis.

8. Cookies & Cookie Consent

We use a cookie consent banner that allows you to accept or reject cookies. When you accept, we store:

  • Your consent preference in browser localStorage and cookies.
  • Essential session cookies are required for site functionality (CSRF protection, admin authentication).

You can manage or delete cookies through your browser settings. Note that disabling essential cookies may prevent certain features from working (e.g., form submissions).

9. Children's Privacy

Our website is not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

10. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, legal requirements, or services. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

11. Contact Us

If you have questions, concerns, or wish to exercise your GDPR rights, please contact us at:

Email: support@athenacfo.com

Address: Athena Solutions, LLC at 7533 S Center View CT #5316, West Jordan, UT, 84084, USA