Privacy and Security Policy

This privacy policy sets out how Wurlwind gathers, uses and protects any information that you give Wurlwind when you use this website and other contact with Wurlwind and Mark Stonham.

In light of GDPR this page has been updated to offer a more comprehensive explanation of how we gather and use data about people we are in contact with.

Wurlwind is committed to ensuring that your privacy is protected and that we are conformant with GDPR.

If we ask you to provide certain information by which you can be identified when using this website you can be assured that it will only be used in accordance with this privacy statement.

Wurlwind may change this policy from time to time by updating this page. You should check this page from time to time to make sure that you are happy with any changes.

Basis of gathering and holding information.

Under GDPR we gather, hold and use data under TWO categories:

  • Consent – where people have explicitly given their consent through our website, or in other ways.
  • Legitimate Interest – where our interest in growing our business does not conflict with individuals rights.

NB. Three of the six generic examples in the GDPR (in recitals 47 to 50) of where a Controller may have a legitimate interest are of particular note. (Source: econsultancy)

1. Direct marketing

The GDPR states, ‘the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.’

This may be where consent is not viable or not preferred, but where we can show that there is a balance of interests – ours and those the person receiving the marketing.

Of course, any individual can object to direct marketing and it is one of the examples of legitimate interests for which objection is already fairly well understood and easy to action (often by unsubscribe link or by contacting the company in question to request).

2. Relevant and appropriate relationship

This may be a direct appropriate relationship, such as where the individual is a client.

3. Reasonable expectations

Where individuals have a reasonable expectation their data will be processed, this may help to make a case for legitimate interests.

Aggregation of Information

In order to communicate with people in an appropriate way for them and for us we pool information from various sources to enable us to profile, prioritise and personalise how we communicate.

We aggregate information primarily on two systems:

  • Nimble CRM system for Contact Management and Sales Pipeline Management purposes
    • NB. We have checked that Nimble is GDPR compliant.
  • InTouch CRM for email marketing and marketing automation purposes
    • NB. We have checked that InTouch is GDPR compliant.

We also enrich the information we hold from other sources to build up a profile of our contacts, to varying degrees.

What information we collect from where

From this Website via Forms we may collect the following information:

  • name
  • email address
  • company and job title
  • other contact information eg. phone
  • demographic information such location
  • preferences and interests
  • other information relevant to customer surveys and/or offers

From LinkedIn by Exporting the records of our 1st connections

  • name
  • email
  • company
  • job title
  • when we connected on Linkedin

Via Nimble CRM ‘discovery’ widget

  • additional Social Profiles such as Twitter, Google+ AngelList etc
  • information from the Bio sections of those Social Profiles

Google Analytics Display Advertising Feature

This feature has been implemented on this website.

  • We are using this information to better understand the interests of visitors to the website, based on understanding their visiting and viewing behaviour in greater detail.
  • We are not knowingly providing this information to third parties.
  • We are not serving third-party adverts to visitors of the website.
  • Visitors can opt-out of the Google Analytics Display Advertiser Features through Ads Settings, Ad Settings for mobile apps, or any other available means (such as, the NAI’s consumer opt-out).
  • We encourage you to visit Google Analytics’ to review the currently available opt-outs for the web if you need further information.

What we do with the information we gather

We use the information we gather to understand your needs better and to give you a better experience and service.

In particular we use the data we gather for the following reasons:

  • Internal record keeping
  • To communicate with you directly (eg via email, LinkedIn Message, Tweet, mail or phone)
  • To communicate with you indirectly (eg. via a Like, Comment, ReTweet or other action in Social Media)
  • We will send you educational emails where you have explicitly signed up via a web form.
  • We may periodically send promotional email about new products, special offers or other information which we think you may find interesting using the email address which you have provided

It is highly unlikely, but we may also:

  • use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail.
  • use the information to improve our products and services
  • use the information to customise the website according to your interests
  • provide your information to our third party partners for marketing or promotional purposes.

We will never sell your information.

Data Removal

We have reviewed the options for people to remove their data from our system and the following is our assessment of the options:

  • Unsubscribe – emails sent from InTouch and the Group email system of Nimble will have an Unsubscribe link on them. Records will be flagged accordingly.
  • LinkedIn – you have the option to restrict which category of contact on Linkedin can see your email, and therefore export it.
  • LinkedIn – if you want to ONLY restrict how I use your Linkedin information you can Block me as a contact.
  • Direct Request – you have the option to contact me directly to request that i stop contacting you and remove your details. Due to the nature of data synchronisation it may be more effective to leave a minimal record on our systems to flag that you no longer what to be contacted, so that future synchronisation doesn’t re-create or re-activate the record.

We will do our best to comply with your removal request.


We are committed to ensuring that your information is secure. We have developed this security policy to protect the information we ask you to provide. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.


May 2013 – This policy is effective from 1 May 2013.

November 2014 – Section about Google Analytics Display Advertising Feature  added November 2014.

May 2018 – In light of GDPR – new sections added and existing sections reviewed