Privacy policy

Updated 25th March 2025

HeadScratcher is committed to protecting and respecting your privacy. This policy, together with any other documents referred to within, sets out the basis on which personal data collected from you, or provided by you, will be processed. Please read the following carefully to understand how your personal data is handled.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is Andrew Retmanski (the operator).

1. Collection and Processing of Personal Data
1.1 The operator collects and processes data from visitors to the HeadScratcher website at headscratcher.world.

2. Information processed about individuals
The operator may collect and process the following data about individuals:

2.1 If you contact the operator, a record may be kept of that correspondence;

2.2 You may be asked to complete surveys used for research purposes, although you do not have to respond to them;

2.3 Details of any transactions you carry out through the site;

2.4 Details of your visits to the site including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access; and

2.5 Any information incidental to that listed above.

3. Retention & Deletion
HeadScratcher retains your information while you remain an active user, unless you ask to delete your information. If you stop being an active user, your information will be retained unless you request deletion; however, the operator will only contact you if the information could be of “legitimate interest” to you or your company.

If you have requested information from the operator, your information will be retained until you request to be removed/deleted. Subject to the exceptions described below, your information will be deleted or anonymised upon request.

Subject to applicable law, the operator may retain information after account deletion:

3.1 If there is an unresolved issue relating to your account.

3.2 If necessary for legitimate business interests, such as fraud prevention.

3.3 If required by applicable law; and/or in aggregated and/or anonymised form.

4. Cookies and similar technologies
4.1 The operator may obtain information about your use of this site by using technologies such as “cookies” and localStorage. These first-party technologies help the site function correctly, remember preferences, and measure usage as described in Section 8.

4.2 To find out more about cookies, including how to control and disable them, please visit https://www.allaboutcookies.org.

4.3 You may refuse to accept cookies by activating settings on your browser. If you refuse all cookies you will be unable to access certain parts of the site. If you do not activate these settings on your browser, you will be taken to have consented to the use of cookies.

4.4 No third-party services are used on the site that set cookies.

5. Where individuals’ personal data is stored
The data collected from you may be transferred to, and stored at, a destination outside the United Kingdom (UK) or the European Economic Area (EEA). It may also be processed by staff operating outside the UK/EEA who work for the operator or a supplier. Such staff may be engaged in, among other things, the provision of support services. By submitting your personal data, you agree to this transfer, storage, or processing. The operator will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

6. Security and Control of Data
6.1 All information you provide to the operator via the website is stored on secure servers.

6.2 Please note that the transmission of information via the internet is not completely secure. Although the operator will endeavour to protect your personal data, the security of data transmitted to the site cannot be guaranteed; any transmission is at your own risk. Once the operator has received your information, strict procedures and security features will be used in order to reduce the risk of unauthorised access.

7. How your information is used
7.1 The operator uses information held about you in the following ways:
7.1.1 To ensure that content from the site is presented in the most effective manner for you and your device;
7.1.2 To provide you with information, products, or services that you request or which may interest you, where you have consented to be contacted for such purposes;
7.1.3 To carry out obligations arising from any contracts entered into between you and the operator;
7.1.4 To allow you to participate in interactive features of the service, when you choose to do so;
7.1.5 To notify you about changes to the service;
7.1.6 To generate personal profile reports about you which are used to help tailor the site and interactions with you to suit your preferences.

7.2 If you are an existing customer, you will only be contacted with information about goods and services similar to those which were the subject of a previous sale to you.

7.3 The operator does not disclose personal information about individuals to advertisers or sell your information to any other organisation for marketing purposes.

7.4 Your name and email address are securely shared with Mailchimp for the purposes of sending marketing emails you have subscribed to. Please check their terms and conditions at https://mailchimp.com/legal/terms (and privacy policy at https://mailchimp.com/legal/privacy).

8. Analytics and Usage Data
The site uses first-party analytics to understand how visitors use the website and to improve content and performance. These analytics tools record page views, navigation paths, and events together with pseudonymous identifiers stored in cookies. No external analytics providers or third-party tracking scripts are used.

8.1 Data collected may include: a pseudonymous visitor identifier, page URLs visited, referring and exit pages, UTM parameters, timestamps, approximate location based on IP address, and technical information about the browser, device, or operating system.

8.2 This processing is carried out for legitimate interests—specifically, monitoring site performance, understanding usage patterns, and maintaining security. Consent will be requested where required by law.

8.3 Analytics cookies are first-party cookies used only on headscratcher.world. They help distinguish repeat visits without identifying you personally. You can disable these cookies in your browser settings, although parts of the site may not function as intended.

8.4 Visit and event information is retained for a limited period (typically up to 13 months) and then deleted or anonymised. See Section 3 (Retention & Deletion) for general data-retention principles.

9. Sharing your information
9.1 The operator may disclose your personal information to third parties if:
9.1.1 The operator sells or buys any business or assets, in which case your personal data may be disclosed to the prospective seller or buyer of such business or assets;
9.1.2 headscratcher.world or substantially all of its assets are acquired by a third party, in which case personal data held about its users will be one of the transferred assets;
9.1.3 The operator is under a duty to disclose or share your personal data in order to comply with any legal obligation, or to enforce or apply the terms and conditions and other agreements; or to protect the rights, property, or safety of users or others;
9.1.4 It is necessary to the supply of the service to you.
Analytics data collected through first-party cookies remains within the operator’s own systems and is not shared with external analytics vendors.

9.2 You have the right to ask for your personal data not to be processed for marketing purposes. The operator will usually inform you (before collecting your data) if your data is intended to be used for such purposes or if there is an intention to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms used to collect your data. You can also exercise the right at any time by contacting andrew@headscratcher.world.

10. Links to other sites
The site may, from time to time, contain links to and from the websites of partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that the operator does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

11. Accessing your information
Data protection law gives you the right to access information held about you. You can find out if any personal information is held about you by making a “data subject access request” under the UK GDPR. If information is held about you, the operator will:
11.1 Give you a description of it;
11.2 Tell you why it is being held;
11.3 Tell you who it could be disclosed to; and
11.4 Let you have a copy.

Any formal subject access request should be made in writing to the address below. This will be provided free of charge. However, the operator may charge a reasonable fee for repetitive, unfounded, or excessive requests, or for additional copies.

12. How can you update or change your information?
12.1 If at any time you wish to change your information, you can contact the operator, providing the updated information.

12.2 If you wish to opt out of email notifications and communications, you can contact the operator, and you will not receive any further communications.

13. Data subject rights
13.1 Right to rectification — the right to request the controller rectify inaccurate personal data.
13.2 Right to object — the right to object to processing based on either public interests or legitimate interests. Processing must stop unless the controller demonstrates compelling grounds for continuing the processing or that the processing is necessary in connection with the controller’s legal rights.
13.3 Right to object to direct marketing.
13.4 Right to be forgotten — the right to have the controller erase personal data without undue delay, contingent on one of the following:
13.4.1 The data is no longer necessary;
13.4.2 The data subject withdraws consent (and consent is the legal basis for processing);
13.4.3 The controller has no overriding grounds for continuing processing against the objection;
13.4.4 Processing was unlawful;
13.4.5 Erasure is necessary to comply with EU, UK, or national law.
13.5 Right to restrict processing — the right to have the controller restrict processing if:
13.5.1 The accuracy of the data is contested;
13.5.2 Processing is unlawful;
13.5.3 The controller no longer needs the data for its original purpose, but needs it for legal purposes;
13.5.4 Erasure is pending.
13.6 Right of data portability — the right to receive a copy of your data in a commonly used machine-readable format for transfer to another controller (for example, .csv).

14. Changes to this privacy policy
Any changes made to this privacy policy in the future will be posted on this page.

15. Contact
Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to andrew@headscratcher.world.