Privacy Notice

Last updated: January 28, 2026

1. Who I am

Crossfeed Consultancy is the trading name of Jurij Blazejewski (the data controller).

Contact (privacy queries):
Email: j.blazejewski@crossfeed.ie
Phone: 089 988 9959
Location: Ireland

This notice explains how I collect and use personal data when you visit my website, contact me, subscribe to updates, or book sessions.

2. What personal data I collect

A) Website use data

Depending on your settings and my website configuration, the site may collect technical and usage data such as IP address, device/browser information, pages visited, and referral information. This can be collected via Squarespace features and/or HubSpot tracking (if enabled).

B) Contact and enquiry data

If you contact me or submit a form, I may collect:

  • Name, email address, phone number (if provided)

  • Company name (if provided)

  • The content of your message and any files you send

Forms may be handled via Squarespace forms and/or HubSpot forms, depending on how the site is configured. Squarespace form submissions can be stored in Squarespace and/or sent to an email address, depending on the storage settings.

C) Newsletter and marketing preferences

If you subscribe to a newsletter or updates, I may collect:

  • Your contact details (typically email, and sometimes name/company)

  • Subscription preferences and consent records

  • Email engagement data (for example delivery, opens, clicks), where HubSpot provides these features

HubSpot provides notice and consent options for forms and subscription capture.

D) Booking and meeting data

If you book a session via Microsoft Bookings, I may collect:

  • Name and contact details

  • Appointment details (service type, date/time)

  • Any information you submit in booking fields

Meetings are typically delivered via Microsoft Teams. If you prefer, meetings may also be delivered via Zoom or Google Meet (or similar tools) where needed. These platforms process meeting-related data such as join details and technical metadata, and may process audio/video during the call.

E) Meeting notes, transcripts, and recordings (where used)

  • I may take notes during calls to produce deliverables and follow-up actions.

  • With participant permission, I may use Fathom as a meeting assistant to help capture notes, transcripts, or recordings. Fathom explicitly warns users to obtain the necessary permissions/consents from participants before recording.

  • Where Fathom consent features are enabled, Fathom can send consent requests to external attendees in advance.

F) Client delivery and administration data

If we work together, I may process:

  • Notes, decisions, and drafts related to your communications plan, messaging, workflows, and measurement

  • Documents you provide for audit/review (for example proposals, internal updates, draft copy, dashboards)

  • Invoicing and basic accounting records

3. Why I process your data and the legal bases

GDPR requires a lawful basis for processing and clear information at the point of collection.

Enquiries and bookings

Purpose: respond to enquiries, arrange sessions, and communicate with you.
Lawful basis: steps prior to entering a contract and/or performance of a contract (GDPR Art 6(1)(b)).

Delivering consultancy services

Purpose: provide advisory services, produce deliverables, and run review sessions.
Lawful basis: performance of a contract (GDPR Art 6(1)(b)).

Training and enablement sessions

Purpose: train nominated staff in agreed workflows and measurement routines.
Lawful basis: performance of a contract (GDPR Art 6(1)(b)).

Newsletter and marketing communications

Purpose: send updates you have requested (newsletter, insights, announcements).
Lawful basis: consent (GDPR Art 6(1)(a)). You can unsubscribe at any time via the link in emails.

Meeting assistant, transcripts, or recording (Fathom) where used

Purpose: improve accuracy of notes, reduce admin, and support timely follow-up.
Lawful basis: consent (GDPR Art 6(1)(a)) where recording/transcription is used, and only with participant permission.

Operational administration and record-keeping

Purpose: invoicing, accounting, tax compliance, dispute handling.
Lawful basis: legal obligation (GDPR Art 6(1)(c)) and/or legitimate interests (GDPR Art 6(1)(f)), depending on the record type.

Website security and basic performance monitoring

Purpose: maintain website security and reliability, diagnose errors, and prevent abuse.
Lawful basis: legitimate interests (GDPR Art 6(1)(f)).

4. AI-assisted tools (how I use them)

I may use AI-assisted features within Microsoft 365 (including Microsoft Copilot) to help draft or summarise content, prepare meeting notes, and improve productivity. Microsoft states that data processed by Microsoft 365 Copilot is handled within Microsoft 365 contractual commitments and is not used to train foundation language models.

I do not use AI to make solely automated decisions that produce legal or similarly significant effects.

5. Who I share your data with

I use service providers that process personal data on my behalf (processors). Depending on how you interact with me, these may include:

  • Squarespace (website hosting, site operations, and forms storage, where Squarespace forms are used). Squarespace provides GDPR-related information and transfer safeguards.

  • HubSpot (CRM, embedded forms, newsletter and mailing campaigns, and related analytics where enabled). HubSpot publishes a Data Processing Agreement and information about EU data transfers and SCCs.

  • Microsoft 365 (email, Teams meetings, Microsoft Bookings, and Copilot features). Microsoft provides published privacy and protections information for Microsoft 365 Copilot.

  • Zoom (only if used for meetings). Zoom publishes GDPR commitments and a DPA.

  • Google Meet / Google Workspace (only if used for meetings). Google publishes a data processing amendment and SCC information for Workspace.

  • Fathom (only if used for meeting assistance, and only with permission). Fathom states users must obtain necessary consent and provides consent-request features.

I do not sell personal data.

6. International transfers

Some of the providers listed above may process personal data outside Ireland and the EEA. Where international transfers occur, I rely on appropriate safeguards (for example Standard Contractual Clauses) and provider contractual commitments.

Squarespace states it uses SCCs for transfers, and also publishes a DPA. (support.squarespace.com)
HubSpot publishes its DPA and information about SCCs and EU data transfer safeguards. (legal.hubspot.com)
Google provides SCC and DPA commitments for Workspace. (Google Cloud)
Zoom provides GDPR commitments and a DPA. (Zoom)

7. Cookies and similar technologies

My website may use cookies and similar technologies for essential operation, security, and (where enabled) analytics or marketing tracking. Because I use Squarespace and may use HubSpot tracking, cookies may be set by one or both platforms depending on configuration.

For full details (including categories and how to manage preferences), see the Cookie Notice.

8. How long I keep data

I keep personal data only as long as necessary for the purposes described, including:

  • Enquiries: typically up to [12 months] after the last interaction, unless you become a client or there is a continuing reason to keep it.

  • Bookings and meeting notes: typically up to [12 months] after the appointment, unless it becomes part of an ongoing engagement.

  • Client records and invoices: retained for [6 years] where needed for tax and accounting compliance.

  • Newsletter contacts: retained until you unsubscribe or request deletion, subject to lawful record-keeping needs (for example suppression lists to ensure you are not re-added in error).

9. Your rights

You have rights under GDPR, including:

  • access, rectification, erasure (in certain circumstances)

  • restriction, portability (where applicable)

  • objection (where processing is based on legitimate interests)

  • withdrawal of consent (where processing is based on consent)

The Irish Data Protection Commission highlights that transparency information should be clear, accessible, and easy to understand.

To exercise your rights, contact me using the details in section 1.

Complaints

You can lodge a complaint with the Irish Data Protection Commission (DPC).

10. Security

I use reasonable technical and organisational measures to protect personal data. Access is limited to what is needed for delivery and administration. No method of transmission or storage is fully secure, but I take appropriate precautions.

11. Changes to this notice

I may update this Privacy Notice from time to time. The latest version will be published on my website with the "Last updated" date.