How Rock Steady Design collects, manages and uses your Personal Data.

1. Introduction

This privacy notice explains how Rock Steady Design (John Pawlenko), or ‘we’, use any of the personal data we collect about you or is provided by you to us, both offline and online, including that via, email, and our own social media accounts such as LinkedIn and Twitter. [For specific information on the personal data collected by users of this website, please also refer to our ‘Privacy & Cookie Policy’ found at]

2. Data Collection

We collect information about you, for example, when you fill in a contact form on our website; subscribe to one of our mailing lists; download or request a document; send or receive items via a file transfer service or a cloud account; purchase a product; contract or pay for our services; email us directly; or provide us with any information you supply voluntarily, including your email signature, commenting on our blog posts or delivered through a social media account.

Such information may include your full name, job title, business name, postal address, email address, phone number, tax id and other information about yourself, your business or your preferences.

Data is held by us for as long as is legally or practically necessary for our business, to resolve disputes and to enforce agreements. If no longer required, data is marked for deletion. This ensures that your data is not held indefinitely on our systems.

Data Controller

For General Data Protection Regulation (GDPR) purposes, the ‘Data Controller’ is the natural or legal person, public authority, agency or other body who decides the purposes for which, and the way in which, any personal data is processed. The Data Controller is John Pawlenko, Rock Steady Design, Carretera Nova 101, 08530 La Garriga, Barcelona, Spain.

Data Processor

A ‘Data Processor’ is a natural or legal person, public authority, agency or other body which processes personal data for the Data Controller. Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction. In this respect, the Data Processor is the same as the Data Controller named above.

3. Use of Personal Data

We collect, for example, information about you to fulfil any request you make of us; to make direct contact with you; process any information, product or service request; process your order; send administrative information to you, including information regarding our terms, conditions, and policies; manage your account; keep a record of your relationship with us; ensure we know how you prefer to be contacted; and analyse your personal information to create a profile of your interests and preferences so that we can contact you about products, services, offers and information which we think may be of interest to you. We may also make use of additional information about you when it is available from external sources to help us do this effectively.

We will take cautionary measures to ensure we do not collect any personal data from you we do not need in order to provide and oversee the aforementioned obligations, offers or services to you.

We will not share your information for general marketing purposes with companies so that they may offer you their products and services. We will never sell or rent your personal information to any third party.


We keep a record of the emails we send you, and we may track whether you received or opened them so we can ensure receipt, make sure we are sending you the most relevant information and schedule follow-ups.

Transferring your information outside of Europe

As part of the products and services offered to you, the information which you give to us may be transferred to countries outside of the European Union (‘EU’). Some of our third-party providers, for example, may be located outside of the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this notice and the ‘Privacy & Cookie Policy’ on our website. In submitting your personal data, you are agreeing to this transfer, storing or processing. Where our third-party suppliers are in the United States (‘US’) we have ensured that their services fall under the ‘Privacy Shield’ ( whereby participating companies are deemed to have adequate protection and are therefore able to facilitate the transfer of information from the EU to the US. The Privacy Shield is a binding legal framework which was put in place to help protect EU users’ rights while allowing US companies to handle EU users data without prior consent.

4. Use of Data in Marketing

We would like to send you information about our products and services which may be of interest to you. If you have consented to receive marketing, you may opt out at any point and have the right at any time to stop us from contacting you for marketing purposes. To opt out please email If you consented to receive contact from us via Mailchimp, please use the unsubscribe link found in the emails sent to you. Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information.

5. Security

We take steps to make sure that your personal information is safeguarded and treated securely. Information sent via our website is encrypted and protected with 128 Bit encryption on SSL. We have also taken all reasonable physical, technical and administrative controls to protect the information, such as deploying passwords, encrypting disks, setting router firewalls, and using anti-virus and anti-malware software. Emails are received and sent using MS Exchange; Exchange helps protect your information with advanced capabilities and uses anti-malware and anti-spam filtering to protect mailboxes. Data loss prevention capabilities also prevent users from mistakenly sending sensitive information to unauthorised people.

Non-sensitive details (your email address etc.) are sent normally over the internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

6. Access to information, data integrity

What is a ‘Subject Access Request’?

This is your right to request a copy of the information that we hold about you. We want to make sure your personal information is accurate and up-to-date. You may ask us to correct or remove information you think is inaccurate. If you would like a copy of some or all of your personal information, please email We will respond to your request within one month of receipt of the request.

Objections to processing of personal data

It is your right to lodge an objection to the processing of your personal data. The only reasons we will be able to deny your request are if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.

Data Portability

It is your right to receive the personal data which you have given to us or that we hold, in a structured, commonly used and machine-readable format and have the right to transmit that data to another Data Controller without delay from the current Data Controller if: 1. the processing is based on consent or on a contract, and 2. the processing is carried out by automated means.

7. Complaints

If you feel that your personal data has been processed in a way that does not meet the requirements of the GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaint.

8. Changes to our GDPR Privacy Notice

We keep this privacy notice under review and we will place any updates on this web page.


Address: John Pawlenko, Rock Steady Design, Carretera Nova 101, 08530 La Garriga, Barcelona, Spain

This privacy notice was last updated 22 May 2018.