Privacy policy

Workplace Economies | workplaceeconomies.com

Last updated: March 2026

1. Important Information and Who We Are

Purpose of this privacy policy

This privacy policy explains how we collect and process your personal data when you visit workplaceeconomies.com, subscribe to our newsletter, listen to our podcast, or otherwise interact with our content.

Workplace Economies (workplaceeconomies.com) is owned and operated by intheOffice Limited.

This website is not intended for children under the age of 13, and we do not knowingly collect personal data relating to children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete it promptly.

Controller

intheOffice Limited is the controller and responsible for your personal data (referred to as "we", "us" or "our" in this privacy policy).

Contact details

If you have any questions about this privacy policy or our privacy practices, please contact us at legal@workplaceeconomies.com.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Changes to the privacy policy

We keep our privacy policy under regular review. This version was last updated in March 2026.

Third-party links

Our website includes links to third-party websites, services, and resources. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2. The Data We Collect About You

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store, and transfer the following kinds of personal data:

• Contact Data includes your email address and any other contact information you provide when subscribing to our newsletter or contacting us.

• Technical Data includes your internet protocol (IP) address, browser type and version, operating system, device type, screen resolution, and other technology on the devices you use to access the website.

• Usage Data includes information about how you use our website, including pages visited, time spent on pages, referral source, scroll depth, click behaviour, and navigation paths.

• Session Recording Data includes mouse movements, clicks, scrolling behaviour, and page interactions captured by Microsoft Clarity. This data helps us understand how visitors interact with the site. Clarity masks sensitive input fields by default. No keystrokes or form content are recorded.

• Communication Data includes any correspondence, feedback, or messages you send to us.

We also collect, use, and share aggregated data such as statistical information about website traffic for analysis purposes. Aggregated data could be derived from your personal data but is not considered personal data in law as it cannot directly or indirectly reveal your identity.

Special categories of personal data

We do not intentionally collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We do not collect any information about criminal convictions and offences.

3. How Is Your Personal Data Collected?

We collect data from and about you through the following methods:

Direct interactions

You provide us with your data when you:

• Subscribe to our newsletter
• Submit a comment on an article
• Contact us through a form or by email
• Respond to a survey or feedback request

Automated technologies

As you interact with our website, we automatically collect Technical Data and Usage Data. We collect this data using:

• Cookies and similar technologies (see our Cookie Policy for further details)
• Server logs
• Google Analytics
• Ghost's built-in analytics
• Microsoft Clarity session recording

Third-party or publicly available sources

We may receive Technical Data from analytics providers such as Google (based outside the UK) and Microsoft (based outside the UK).

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. The table below sets out the purposes for which we use your data, the types of data involved, and the legal basis we rely on.

Newsletter delivery — Contact Data — Consent (UK GDPR Article 6(1)(a)). You can withdraw consent at any time by unsubscribing.

Responding to enquiries — Contact Data, Communication Data — Legitimate interests (responding to people who contact us).

Website analytics — Technical Data, Usage Data — Legitimate interests (understanding how the site is used so we can improve it). Google Analytics anonymises your IP address before storage.

Session recording and heatmaps — Technical Data, Usage Data, Session Recording Data — Legitimate interests (understanding how visitors interact with specific pages to improve content and layout). Microsoft Clarity records mouse movements, clicks, and scrolling but does not record keystrokes or sensitive form content.

Displaying embedded content — Technical Data — Legitimate interests (providing podcast episodes and video content within our articles). When you load a page containing embedded content from YouTube or Podbean, those services may collect data as described in section 7.

Change of purpose

We will only use your personal data for the purposes for which we collected it. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

Legitimate interest assessment

Where we rely on legitimate interests as the legal basis for processing, we have assessed that the processing is necessary for our purposes and that your interests, rights, and freedoms do not override those purposes. You can request details of this assessment by contacting us.

5. Disclosures of Your Personal Data

We do not sell your data to anyone.

Your data may be processed by the following third-party services as part of running the website:

• Ghost (CMS and newsletter platform) — to publish content and manage subscriptions
• SendGrid (email delivery) — to deliver newsletter emails on our behalf
• Google Analytics (website analytics) — to understand site traffic and usage patterns
• Microsoft Clarity (session recording and heatmaps) — to understand how visitors interact with pages
• YouTube / Google (embedded video content) — when you load a page containing a YouTube embed
• Podbean (embedded podcast content) — when you load a page containing a podcast player

Data processor requirements

We require all third-party service providers to respect the security of your personal data and to treat it in accordance with applicable law. They are only permitted to process your data for specified purposes and in accordance with our instructions.

Legal requirements

We may disclose your personal data where required by law or where we believe in good faith that disclosure is necessary to comply with legal obligations, enforce our terms of use, or protect the rights, privacy, safety, or property of ourselves, our users, or the public.

Business transfers

If intheOffice Limited is acquired, merges with another company, or sells its assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.

6. International Transfers

Some of our third-party service providers are based outside the UK. In particular, Google (Google Analytics, YouTube) and Microsoft (Clarity) process data in the United States. SendGrid (operated by Twilio) also processes data outside the UK.

Whenever your personal data is transferred outside the UK, we ensure an appropriate level of protection by relying on one of the following safeguards:

• The receiving country has been deemed to provide an adequate level of protection by the UK government
• Standard contractual clauses approved for use in the UK are in place
• The provider participates in a framework requiring equivalent data protection standards

If you want further information about the specific safeguards applied to transfers of your data, please contact us.

7. Embedded Content and Third-Party Services

Our articles and podcast pages include embedded content from third-party services. When you load a page containing this content, it behaves as though you had visited those platforms directly. These services may collect your IP address, browser information, and set their own cookies.

We have no control over what data these third parties collect. Their privacy policies are:

• YouTube (Google): https://policies.google.com/privacy
• Podbean: https://www.podbean.com/privacy
• Google Analytics: https://policies.google.com/privacy
• Microsoft Clarity: https://privacy.microsoft.com
• SendGrid (Twilio): https://www.twilio.com/en-us/legal/privacy

8. Data Security

We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.

All data in transit is encrypted using industry-standard TLS/SSL (HTTPS). Access to personal data is limited to those who have a legitimate need.

Breach notification

We have procedures to deal with any suspected personal data breach. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO without undue delay and within 72 hours where legally required.

Limitations

While we implement reasonable security measures, no method of transmission over the internet or electronic storage is entirely secure. We cannot guarantee absolute security.

9. Data Retention

We retain your personal data only for as long as reasonably necessary to fulfil the purposes we collected it for.

• Newsletter subscriber data is kept for as long as you remain subscribed. When you unsubscribe, your email address is removed from our active mailing list.
• Contact form submissions and correspondence are kept for up to 12 months, unless there is an ongoing conversation or legitimate reason to retain them longer.
• Google Analytics data is retained for 14 months.
• Microsoft Clarity data is retained for up to 13 months.
• Ghost analytics data is retained indefinitely in aggregated, non-identifiable form.

When your data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

10. Your Legal Rights

Under UK data protection law, you have the following rights in relation to your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of any incomplete or inaccurate data
• Erasure — request deletion of your personal data where there is no good reason for us to continue processing it
• Restriction — request that we suspend processing of your data in certain circumstances
• Objection — object to processing based on legitimate interests where something about your particular situation makes you want to object
• Data portability — request your data in a structured, commonly used, machine-readable format
• Withdraw consent — where consent is the legal basis (for example, your newsletter subscription), you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

How to exercise your rights

To exercise any of these rights, please contact us at legal@workplaceeconomies.com. When making a request, please include your email address and specify which right you wish to exercise.

No fee usually required

You will not have to pay a fee to access your personal data or exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Response time

We aim to respond to all legitimate requests within one month. If your request is particularly complex, we will notify you and keep you updated.

Right to complain

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk. If you believe we have breached your data protection rights and wish to pursue legal action, you may bring a claim before the courts of England and Wales.

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We will not reduce your rights under this policy without your explicit consent.

Data Controller: intheOffice Limited
Website: workplaceeconomies.com
Contact: legal@workplaceeconomies.com
Last Updated: March 2026