Data Protection Policy

Understanding how I handle, process, and protect your personal information is important. This policy outlines my commitment to data privacy and security.

Last Updated: January 29, 2026

Introduction

This Data Protection Policy explains how I, Liam Blank, collect, use, and protect any information you provide when using my professional portfolio and blog website at liamblank.com. I am committed to ensuring that your privacy is protected and that I comply with relevant data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy regulations.

Key Points Summary

I collect minimal data necessary for providing my services, use cookies for essential website functionality, never sell your data to third parties, implement strong security measures to protect your information, and respect your rights to access, correct, or delete your personal data.

Data Controller Information

Data Controller: Liam Blank

Business Address: New York, New York, United States

Email: liam@liamblank.com

Website: liamblank.com

As a sole proprietor operating a personal professional website, I am the data controller responsible for your personal information. For any questions or concerns about how your data is handled, please contact me using the information above.

Information Collection

I collect personal information through the following channels:

Contact Form Submissions

  • Data Collected: Name, email address, message content, submission timestamp
  • Collection Method: Voluntary submission via contact form
  • Purpose: To respond to your inquiries about professional services, speaking engagements, or consulting opportunities

Website Analytics

  • Data Collected: Anonymized IP addresses, browser type, device information, pages viewed, time spent on site, referring URLs, general geographic location (city/region level)
  • Collection Method: Automated collection via privacy-focused analytics tools
  • Purpose: To understand website traffic patterns, improve user experience, and optimize content

Newsletter Subscriptions

  • Data Collected: Email address, name (if provided), subscription preferences, engagement metrics (open rates, click-through rates)
  • Collection Method: Voluntary opt-in via subscription form
  • Purpose: To send periodic newsletters with professional insights on transportation policy, urban planning, and transit advocacy

Server Logs

  • Data Collected: IP addresses, access times, requested pages, HTTP status codes, browser information
  • Collection Method: Automatic collection by web hosting infrastructure
  • Purpose: Security monitoring, troubleshooting technical issues, and preventing abuse

Under GDPR Article 6, I process your personal data based on the following lawful grounds:

  • Consent (Article 6(1)(a)): Newsletter subscriptions and optional analytics cookies require your explicit consent, which you can withdraw at any time
  • Legitimate Interest (Article 6(1)(f)): Processing contact form inquiries, security monitoring, and anonymized analytics serve my legitimate interest in operating a professional website and responding to professional opportunities, balanced against your privacy rights
  • Contract Performance (Article 6(1)(b)): When you reach out for consulting services, processing your inquiry is necessary for potential contract performance

Use of Information

I use your personal information for the following purposes:

  • Responding to Inquiries: To answer questions about my work, speaking availability, consulting services, or collaboration opportunities
  • Website Improvement: To analyze traffic patterns and user behavior in order to enhance site functionality, content relevance, and user experience
  • Professional Communications: If you opt-in, to send newsletters containing insights on transportation policy, transit advocacy updates, and professional announcements
  • Security and Fraud Prevention: To protect the website from malicious activity, prevent unauthorized access, and ensure technical stability
  • Legal Compliance: To comply with applicable laws, respond to legal requests, or protect my legal rights

I will never sell, rent, or trade your personal information to third parties for their marketing purposes.

Cookies and Tracking Technologies

Essential Cookies

I use only essential cookies required for the website to function correctly. These include:

  • Session cookies: Temporary cookies that maintain your session state while navigating the site
  • Security cookies: Used to authenticate requests and prevent cross-site request forgery attacks
  • Preference cookies: Remember your language preferences and accessibility settings

These essential cookies do not require consent as they are strictly necessary for website operation.

Analytics Cookies

I use privacy-focused analytics tools that anonymize IP addresses and do not track users across websites. These cookies help me understand:

  • Which pages are most visited
  • How users navigate through the site
  • What content resonates with visitors
  • General geographic distribution of traffic

You can disable cookies in your browser settings, though this may affect certain site functionality.

Cookie Management

To manage or delete cookies:

  • Chrome: Settings → Privacy and Security → Cookies
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Cookies and website data
  • Edge: Settings → Privacy, search, and services → Cookies

Data Storage, Security & Retention

Security Measures

I take data security seriously and implement the following protections:

  • SSL/TLS Encryption: All data transmitted between your browser and the website is encrypted using industry-standard SSL/TLS protocols
  • Access Controls: Personal data is stored with restricted access, protected by strong passwords and two-factor authentication where available
  • Regular Updates: Website software, plugins, and security patches are kept current to prevent vulnerabilities
  • Secure Hosting: Data is hosted with reputable providers that maintain SOC 2 compliance and implement robust security measures
  • Data Minimization: I collect only the minimum data necessary to fulfill stated purposes

Retention Periods

I retain personal data only as long as necessary to fulfill its intended purpose:

  • Contact Form Submissions: 3 years from submission date, or until you request deletion
  • Newsletter Subscriptions: Until you unsubscribe or request deletion
  • Analytics Data: 90 days for granular data; aggregated anonymized data retained indefinitely for historical analysis
  • Server Logs: 90 days for security and troubleshooting purposes

After these periods, personal data is securely deleted or anonymized so that it can no longer identify you.

Third-Party Services

To operate this website, I use the following third-party services. Each service is selected for its strong data protection practices and compliance with privacy regulations:

Web Hosting

  • Provider: HostGator
  • Purpose: Website hosting and content delivery
  • Data Shared: Server logs, IP addresses, page requests
  • Location: United States

Content Management System

  • Platform: WordPress with Elementor Pro
  • Purpose: Website content management and design
  • Data Shared: User interactions with website forms and elements
  • Location: Hosted on HostGator servers (United States)

Email Service

  • Provider: Google Workspace
  • Purpose: Receiving and responding to contact form submissions; newsletter delivery if applicable
  • Data Shared: Contact form content, email addresses, names
  • Location: United States

All third-party services are bound by data processing agreements that ensure they process data only according to my instructions, implement appropriate security measures, do not use your data for their own purposes, and comply with GDPR and other applicable privacy regulations.

International Data Transfers

As I am based in the United States and use U.S.-based service providers, your personal data may be transferred to and processed in the United States. The U.S. does not have the same data protection laws as the European Economic Area.

To protect your data during international transfers, I rely on:

  • Standard Contractual Clauses (SCCs): EU-approved contracts with service providers that ensure adequate data protection
  • Provider Certifications: Services that maintain EU-U.S. Data Privacy Framework certification or equivalent mechanisms
  • Additional Safeguards: Technical and organizational measures such as encryption and access controls

If you are located in the EU/EEA and have concerns about international data transfers, please contact me to discuss your options.

Your Rights

Under data protection laws, you have the following rights regarding your personal information:

Right to Access

You can request a copy of the personal data I hold about you, including information about how it is processed.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent.

Right to Restrict Processing

You can request that I limit how I use your personal data in certain circumstances, such as while verifying accuracy.

Right to Data Portability

You can request a copy of your personal data in a structured, commonly used, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time without affecting prior processing.

Right to Lodge a Complaint

You have the right to file a complaint with your local data protection authority if you believe your rights have been violated.

Exercising Your Rights

To exercise any of these rights, please contact me at liam@liamblank.com with the subject line "Data Protection Request." I will respond within 72 hours to acknowledge your request and provide next steps. In most cases, I will fulfill your request within 30 days, though complex requests may require additional time.

To verify your identity and protect your data, I may request additional information before processing your request.

Automated Decision-Making

I do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. All decisions regarding professional inquiries, consulting opportunities, or newsletter content are made by me personally without automated processing.

Changes to This Policy

I may update this Data Protection Policy periodically to reflect changes in my practices, technologies, legal requirements, or other operational needs. The "Last Updated" date at the top of this page indicates when the most recent changes were made.

Notification of Changes

For significant changes that materially affect your rights or how I process your data, I will:

  • Display a prominent notice on the website homepage for at least 30 days
  • Send an email notification to newsletter subscribers
  • Update the "Last Updated" date

Your continued use of the website after changes take effect constitutes acceptance of the updated policy. I encourage you to review this policy periodically to stay informed about how I protect your information.

Contact Information

If you have any questions, concerns, or requests regarding this Data Protection Policy or how I handle your personal information, please contact me:

Contact Details

Email: liam@liamblank.com
Response Time: I aim to respond to all inquiries within 72 hours
Subject Line: For data protection matters, please use "Data Protection Inquiry" or "Data Protection Request"

For general inquiries about my professional work in transportation policy and urban planning, you can also reach out through the contact form on this website.

Effective Date: January 29, 2026

This policy applies to all personal data collected through liamblank.com and associated communications.