Privacy Policy
Last updated: 8 April 2026
1. Introduction
This Privacy Policy explains how personal data is collected, used, stored, and protected when visitors access the website howbitcoinfixedmoney.com (the "Site"), operated by Zia Afzal (the "Data Controller"). The Site exists to promote the book How Bitcoin Fixed Money and to provide related educational content through a blog and newsletter.
This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). Where the Site is accessed from within the European Economic Area, the EU General Data Protection Regulation (GDPR) also applies.
2. Data Controller
The Data Controller responsible for personal data processed through this Site is Zia Afzal. For any data protection enquiries, requests, or complaints, the Data Controller can be contacted at [email protected].
3. What Data Is Collected
The Site collects the minimum data necessary to fulfil its stated purposes. The following table summarises the categories of data collected, the purpose for each, and the lawful basis under GDPR:
| Data Category | Purpose | Lawful Basis |
|---|---|---|
| Email address | Pre-registration for book purchase notifications and newsletter subscription | Consent (Article 6(1)(a)) |
| Newsletter subscription status | Managing opt-in and opt-out preferences for email communications | Consent (Article 6(1)(a)) |
| Page views and referral sources | Anonymised analytics to understand how visitors engage with the Site | Legitimate interest (Article 6(1)(f)) |
| Amazon link click data | Tracking the number of clicks on book purchase links (no personal identifiers stored) | Legitimate interest (Article 6(1)(f)) |
| Share button click data | Recording which social platforms visitors use to share the Site (platform name, page URL, anonymised user agent) | Legitimate interest (Article 6(1)(f)) |
The Site does not collect sensitive personal data (also known as special category data), financial information, or data relating to children.
4. How Data Is Collected
Personal data is collected through two mechanisms. First, email addresses are collected directly when a visitor voluntarily submits the pre-registration form on the Site. This action constitutes explicit consent. Second, anonymised usage data — including page views, referral sources, and share button interactions — is collected automatically through the Site's built-in analytics system. This analytics data does not identify individual visitors and does not rely on third-party tracking cookies.
5. Cookies and Tracking Technologies
The Site uses only essential, first-party cookies required for the proper functioning of the website (such as session management for the administrative backroom). The Site does not use third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| Session cookie | Maintains authentication state for the administrative backroom | Session | Strictly necessary |
Because the Site relies solely on strictly necessary cookies, no cookie consent banner is required under PECR. However, this policy serves as transparent disclosure of cookie usage.
6. How Data Is Used
Email addresses submitted through the pre-registration form are used exclusively for sending book-related updates, publication announcements, and newsletter content authored by Zia Afzal. Anonymised analytics data is used to understand visitor engagement patterns, measure the effectiveness of content, and improve the Site's design and functionality. No personal data is used for automated decision-making or profiling.
7. Data Sharing and Third Parties
Personal data is not sold, rented, or shared with third parties for marketing purposes. Data may be shared with the following categories of service providers, solely to the extent necessary for the operation of the Site:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Email delivery service (SMTP) | Sending newsletter and notification emails | Recipient email addresses |
| Hosting provider | Serving the website and storing data | All data stored on the Site (encrypted in transit) |
The Site contains links to third-party websites, including Amazon (for book purchases) and social media platforms (via the share button). These third parties operate under their own privacy policies, and the Data Controller bears no responsibility for their data practices.
8. Data Storage and Security
Personal data is stored in a secure, encrypted database. All data transmitted between the visitor's browser and the Site is protected by TLS (HTTPS) encryption. Access to the administrative backroom — where subscriber data can be viewed — is restricted by password-protected authentication.
While every reasonable measure is taken to protect personal data, no method of electronic transmission or storage is entirely secure. The Data Controller cannot guarantee absolute security but commits to promptly addressing any data breach in accordance with GDPR requirements (notification to the ICO within 72 hours where applicable, and to affected individuals without undue delay where the breach poses a high risk to their rights and freedoms).
9. Data Retention
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected. The following retention periods apply:
| Data | Retention Period |
|---|---|
| Email addresses (active subscribers) | Retained until the subscriber unsubscribes or requests deletion |
| Email addresses (unsubscribed) | Deleted within 30 days of unsubscription |
| Anonymised analytics data | Retained indefinitely (no personal identifiers) |
| Newsletter send logs | Retained for 12 months for operational review |
10. Data Subject Rights
Under the UK GDPR and EU GDPR, individuals whose personal data is processed by this Site have the following rights. These rights can be exercised by contacting the Data Controller at [email protected]. Requests will be responded to within one calendar month.
| Right | Description |
|---|---|
| Right of access | Request a copy of all personal data held about the individual |
| Right to rectification | Request correction of inaccurate or incomplete personal data |
| Right to erasure | Request deletion of personal data (the "right to be forgotten") |
| Right to restrict processing | Request that processing of personal data be limited in certain circumstances |
| Right to data portability | Request personal data in a structured, commonly used, machine-readable format |
| Right to object | Object to processing based on legitimate interest |
| Right to withdraw consent | Withdraw consent at any time (e.g., by unsubscribing from the newsletter) |
If an individual is dissatisfied with how their personal data has been handled, they have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
11. International Data Transfers
The Site's hosting infrastructure may process data in jurisdictions outside the United Kingdom or the European Economic Area. Where such transfers occur, appropriate safeguards are in place — including standard contractual clauses or adequacy decisions — to ensure that personal data receives an equivalent level of protection as required by the UK GDPR and EU GDPR.
12. Children's Privacy
The Site is not directed at individuals under the age of 16. The Data Controller does not knowingly collect personal data from children. If it comes to the Data Controller's attention that personal data has been collected from a child without appropriate parental consent, that data will be deleted without undue delay.
13. Changes to This Policy
This Privacy Policy may be updated from time to time to reflect changes in data processing practices or legal requirements. The "Last updated" date at the top of this page indicates the most recent revision. Where material changes are made, existing newsletter subscribers will be notified by email.
14. Contact
For any questions, concerns, or requests relating to this Privacy Policy or the processing of personal data, please contact the Data Controller at [email protected].