Privacy Policy

Last updated 26th April 2026

I am Emily Knights; a professional freelance proofreader and sole trader, trading as Burr Editorial Services. My website address is: https://www.burreditorial.co.uk. You may contact me at emily@burreditorial.co.uk or by using the Contact form on this website. The services I offer are listed on my Services page.

This privacy policy is for Burr Editorial Services (‘I’) and describes how and why I might access, collect, store, use, and/or share (‘process’) your personal information when you use my services (‘Services’), including when you visit my website at https://www.burreditorial.co.uk or engage with me in other related ways, including any marketing or events.
Reading this privacy policy will help you understand your privacy rights and choices. I am responsible for making decisions about how your personal information is processed. If you do not agree with my policies and practices, please do not use my Services. If you still have any questions or concerns, please contact me at emily@burreditorial.co.uk.

1. WHY I COLLECT INFORMATION FROM YOU

I collect your information only for legitimate and understandable reasons as listed below. I may also process your information for other purposes with your consent.

  1. User experience: to understand how visitors use my website; keeping records of clients’ preferences; and to recommend Services.
  2. Collaboration: to support real-time collaboration and simultaneous editing; store comments and suggestions; and manage access permissions and version control.
  3. Storage and syncing: saving documents in the cloud and syncing changes across devices/platforms.
  4. Accounting: to handle payments.
  5. Security and fraud prevention: to keep documents safe from being lost or damaged and to spot anyone trying to access documents without permission.
  6. Analytics: to understand which Services and features are most used.
  7. Client support: allowing access to specific content and to provide customised support.
  8. Legal reasons: for GDPR and information requests.
  9. Communication: to respond to information requests and to contact clients.
2. WHAT INFORMATION I COLLECT/PROCESS FROM YOU

When you visit, use, or navigate my Services, I may process personal information depending on how you interact with me and the Services, the choices you make, and the products and features you use. I only collect personal information that you provide to me. I collect personal information that you voluntarily provide to me when you express an interest in obtaining information about me or my Services, when you participate in activities on the Services, or otherwise when you contact me.

  1. Personal information given by you: this may include names; phone numbers; email addresses; contact preferences; billing addresses; documents given to me to edit which may contain personal data about a client or others; and instructions or messages about a project.
    All personal information that you provide to me must be true, complete, and accurate, and you must notify me of any changes to such personal information.
  2. Information created during the editing process: these may be comments, drafts, edits, notes and version history. It also might include invoices and payment methods.
  3. Information automatically collected: some information – such as your Internet Protocol (IP) address and/or browser and device characteristics – is collected automatically when you visit, use or navigate my Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. Like many businesses, I also collect information through cookies and similar technologies. You can find out more about this in my Cookie Policy.
    The information I collect includes:
    Log and usage data: service-related, diagnostic, usage, and performance information my servers automatically collect when you access or use my Services and which I record in log files. Depending on how you interact with me, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called ‘crash dumps’), and hardware settings).
    Location data: such as information about your device’s location, which can be either precise or imprecise. How much information is collected depends on the type and settings of the device you use to access the Services. For example, I may use GPS and other technologies to collect geolocation data that tells me your current location (based on your IP address). You can opt-out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt-out, you may not be able to use certain aspects of the Services.
  4. Sensitive personal information: some of the information may be considered ‘special’ or ‘sensitive’ in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. I may process sensitive personal information, when necessary, with your consent or as otherwise permitted by applicable law.
3. HOW I PROCESS YOUR INFORMATION

I process your personal information for a variety of reasons, depending on how you interact with my Services, including:

  1. Delivery of Services: I may process your information in order to provide you with the requested service and to carry this out. This includes: to save drafts and track changes; to record client preferences; to raise and respond to queries; to deliver completed work.
  2. Communication: I may process your information for administrative reasons for example, to send you details about my services, changes to my terms and policies, and other similar information. I also may process your information to ask for testimonials; confirm bookings; provide quotations; and send updates.
  3. Business reasons: I may process your information to fulfil and manage your orders, payments, and refunds made through the Services; to create invoices; keep financial records and meet my tax obligations; record agreements and contracts; and to store documents and maintain backups.
  4. Regulatory reasons: I may process your information to comply with a data subject access request or a tax authority in the event of an audit, or to share information if obliged to by a law or court order.
4. who i share information with

I aim to keep client data private, however, it is necessary to share data in the following ways.

  1. Service providers: cloud-based storage systems (OneDrive and SharePoint) and email providers (Outlook).
  2. Regulatory bodies: HMRC in the event of an audit and appropriate legal bodies in the event of legal action.
5. HOW LONG I KEEP YOUR INFORMATION

I will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

  1. Project files will usually be kept for one month after the work is completed, unless requested to be deleted sooner.
  2. Financial records will be kept for ‘at least 5 years after the 31 January submission deadline of the relevant tax year’ as this is a requirement by HMRC.
  3. Correspondence will likely not be deleted unless you specifically ask me to.
6. HOW I KEEP YOUR INFORMATION SAFE

I have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information I process, however, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so I cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat this security and improperly collect, access, steal, or modify your information. Although I do my best to protect your personal information, transmission of personal information to and from my Services is at your own risk. You should only access the Services within a secure environment.
The information I collect is stored using the following data servers:

  1. Website: this is hosted by IONOS and built using WordPress; both of which are password-protected The website has an SSL certificate and IONOS’s servers are based in the UK. IONOS’s privacy policy can be found here and WordPress’s privacy policy here.
  2. Cloud services: OneDrive and SharePoint are my cloud-based storage systems, which are part of Microsoft 365. They are password-protected and accessed via my pin-protected PC. My Microsoft 365 account is also protected with Microsoft Authenticator. Microsoft OneDrive inherits privacy features and settings from Microsoft 365 and SharePoint, where applicable. OneDrive services adhere to the Microsoft Privacy Statement and Microsoft OneDrive supports compliance with General Data Protection Regulation (GDPR) requirements.
  3. Email: I use Outlook, which is also part of Microsoft 365. It is password protected and accessed on my pin-protected PC and on my fingerprint-protected mobile smart phone. Outlook services also adhere to the Microsoft Privacy Statement.
7. YOUR PRIVACY RIGHTS

In some regions, such as the European Economic Area (EEA), United Kingdom (UK), and Switzerland, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time, depending on your country, province, or state of residence. In some regions (like the EEA, UK, and Switzerland), you have certain rights under applicable data protection laws. These may include the right to request access and obtain a copy of your personal information; to request rectification or erasure; to restrict the processing of your personal information; if applicable, to data portability; and not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting me at emily@burreditorial.co.uk. I will consider and act upon any request in accordance with applicable data protection laws. If you are located in the EEA or UK and you believe I am unlawfully processing your personal information, you also have the right to complain to the UK data protection authority.

  1. Withdrawing your consent: if I am relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting me however, please note that this will not affect the lawfulness of the processing before its withdrawal nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  2. Cookies and similar technologies: most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of my Services. For further information, please see my Cookie Policy. If you have questions or comments about your privacy rights, you may email me at emily@burreditorial.co.uk.
  3. How to exercise your rights: the easiest way is by submitting a data subject access request, or by contacting me. I will consider and act upon any request in accordance with applicable data protection laws, within a reasonable timeframe.
8. LEGAL BASIS AND GDPR

I only process your personal information when I believe it is necessary and have a valid legal reason (i.e. legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfil our contractual obligations, to protect your rights, or to fulfil our legitimate business interests. The General Data Protection Regulation (GDPR) and UK GDPR require me to explain the valid legal bases I rely on in order to process your personal information. As such, I may rely on the following legal bases to process your personal information:

  1. Consent: I may process your information if you have given me permission (consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
  2. Performance of a contract: I may process your personal information when I believe it is necessary to fulfil my contractual obligations to you, including providing my Services or at your request prior to entering into a contract with you.
  3. Legal obligations: I may process your information where I believe it is necessary for compliance with my legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend my legal rights, or disclose your information as evidence in litigation in which I am involved.
  4. Vital interests: I may process your information where I believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
9. COOKIES AND OTHER TRACKING TECHNOLOGIES

I may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with my Services. Some online tracking technologies help maintain the security of my Services, prevent crashes, fix bugs, save your preferences, and assist with basic site functions. Specific information about how I use such technologies and how you can refuse certain cookies is set out in my Cookie Policy.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting that you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, I do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that I must follow in the future, I will inform you about that practice in a revised version of this privacy policy.

11. USE OF AI

I use digital tools to enhance the quality and accuracy of my editorial services and some of these tools have AI-assisted technologies running in the background, however I do not necessarily use them.

  1. The digital tools I use that have AI capabilities are:
    Microsoft Word: used for editing services, using a licenced version of Microsoft 365. Copilot is included in this package but I do not use it.
    Adobe Acrobat: used for editing services, using a free account. There is an AI assistant included but I do not use it.
    Google Search: used for fact-checking.
  2. I will only ever upload your material to a third-party site with your express permission, except for the purposes of storage where I will use OneDrive.
  3. Any digital outputs assisted by software or AI are reviewed and refined by me.
  4. I do not use generative AI for any editorial work.
  5. I do not use open AI systems for any client work so that your material is not used for language model training.
  6. I only use reputable providers and treat client work as confidential.
12. UPDATES TO THIS POLICY

I will update this notice as necessary to stay compliant with relevant laws. The updated version will be indicated by the ‘Last updated’ date at the top of this page. If I make material changes, I may notify you either by prominently posting a notice of such changes or by directly sending you a notification. I encourage you to review this privacy policy frequently to be informed of how I am protecting your information.

13. HOW YOU Can REVIEW, UPDATE, OR DELETE THE DATA i COLLECT FROM YOU

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.