YOUR PROFESSIONAL PORTFOLIO
Back Home
PRIVACY POLICY

Privacy Policy

This policy explains how we collect, use, and protect personal data when someone asks us to transform a CV into an online portfolio or otherwise contacts us through this website.

Last updated: 25 March 2026

Who We Are

Your Professional Portfolio is the controller of the personal data collected through this website for enquiry handling, project scoping, portfolio design, delivery, and related customer support.

If you have a privacy question or want to exercise a data protection right, contact us at hello@itboffins.com.

What We Collect

Depending on what you send us, we may collect:

  • Identity and contact details such as your name and email address.
  • Professional information such as your role, industry, preferred design direction, timeline, project goals, and portfolio requirements.
  • CVs, resumes, biographies, project notes, and any other files or materials you choose to upload or share with us.
  • Technical and usage information needed to operate and secure the site, such as basic server logs, browser information, and submission timestamps.
  • Correspondence records where you email us or continue a project discussion.
Sensitive and Criminal-Offence Data

CVs can sometimes contain special category personal data or criminal-offence data, for example health details, ethnicity, religion, trade union membership, political opinions, disability information, or conviction history.

Please only include that kind of information where it is genuinely necessary for the portfolio you want us to create. When you submit the form on this website, we ask for a separate express statement covering that type of data.

Where you voluntarily provide that information, we process it only to the extent needed to review your enquiry and deliver the requested service, and not for general marketing, profiling, or resale.

How We Use Personal Data

We use personal data to:

  • Review and respond to your enquiry.
  • Assess project fit, prepare proposals, and discuss scope or pricing.
  • Create, revise, and deliver your online portfolio.
  • Communicate with you about timelines, approvals, edits, and handover.
  • Receive enquiry details by email so we can reply and discuss the project.
  • Protect the site, prevent misuse, and enforce our legal rights.
  • Comply with legal, tax, accounting, or regulatory obligations where applicable.
Lawful Bases

For standard personal data, the main lawful bases we rely on under the UK GDPR are:

  • Article 6(1)(b): processing necessary to take steps at your request before entering into a contract and to perform our contract with you.
  • Article 6(1)(f): our legitimate interests in operating, securing, documenting, and improving the service in a proportionate way.
  • Article 6(1)(c): processing necessary to comply with legal obligations where they apply.

Where you voluntarily submit special category personal data, we ordinarily rely on your explicit consent under Article 9(2)(a) of the UK GDPR. Where you voluntarily submit criminal-offence data, we rely on your consent together with the relevant consent condition in Schedule 1, Part 3, paragraph 29 of the Data Protection Act 2018.

Who We Share Data With

We may share personal data only where reasonably necessary with:

  • Hosting, storage, email, and technical service providers acting on our instructions.
  • Professional advisers such as accountants, insurers, or legal advisers.
  • Payment, contract, or domain providers if a project proceeds to delivery.
  • Regulators, law enforcement, courts, or government bodies where disclosure is required.
  • A buyer, successor, or reorganised business structure, if the service is transferred in a lawful transaction.

We do not sell customer CV data or enquiry data.

International Transfers

Some service providers may process data outside the UK. Where that happens, we aim to use lawful transfer mechanisms and appropriate safeguards, such as adequacy regulations or approved contractual clauses, before personal data is transferred.

Retention

The website contact form emails enquiry submissions and uploaded CVs to us without saving a local copy on the website. We do not keep personal data for longer than necessary in our email inboxes or project systems.

Where a project proceeds, we may keep relevant project records for longer if reasonably needed for delivery history, support, contractual records, or legal claims.

Your Rights

Subject to applicable law, you may have the right to request:

  • Access to your personal data.
  • Correction of inaccurate or incomplete personal data.
  • Erasure of personal data we no longer need.
  • Restriction of processing in certain circumstances.
  • Objection to processing based on legitimate interests.
  • Data portability where legally available.
  • Withdrawal of consent for sensitive or criminal-offence data processing.

You also have the right to complain to the Information Commissioner's Office if you believe your data has been handled unlawfully. The ICO website is ico.org.uk.

Automated Decision-Making

We do not use solely automated decision-making or profiling that produces legal or similarly significant effects on you in relation to this service.

Changes to This Policy

We may update this policy from time to time to reflect changes to the website, our working process, or legal requirements. The latest version will be posted on this page with the updated date shown above.