Rowan Tree Research logo

Privacy Policy

Last updated: 14 February 2026

This Privacy Policy explains how Rowan Tree Research (“I”, “me”, “my”) collects, uses, and protects personal data when you visit this website, contact me, or engage my genealogy/family history and publishing support services.

I aim to handle personal data responsibly and in line with UK data protection law, including the UK GDPR and the Data Protection Act 2018.

I am registered with the Information Commissioner's Office (Reference: ZB324722).

What information I collect

When you contact me

If you contact me via the website form or by email, I may collect: your name, email address, subject line, message content, and any information you choose to provide (for example, the background to your research enquiry).

When you commission research or publishing support

Genealogy and family history work can involve a wide range of information. Depending on the project, I may process:

  • Contact and billing details (name, email, invoice details, payment status)
  • Details you provide about your family (names, dates, locations, relationships, family documents)
  • Research outputs (family trees, reports, transcriptions, source citations)
  • Correspondence relating to the work

Information about deceased people

Data protection law generally applies to living individuals. However, genealogy research often includes deceased individuals. I treat information about the deceased with care and discretion, particularly where it could affect living relatives.

Special category and sensitive information

Historical records can sometimes reveal sensitive information (for example, religion, ethnicity, health, criminal proceedings, adoption, legitimacy, or other sensitive family circumstances). I avoid collecting more sensitive information than is necessary for the work and will handle it carefully. Where appropriate, I may discuss with you how (or whether) sensitive findings should appear in the final report.

How I use your information

I use personal data for purposes such as:

  • Responding to enquiries
  • Providing quotes, agreeing scope, and managing commissions
  • Delivering research or publishing support services
  • Preparing invoices and keeping basic business records
  • Improving this website (only if you allow analytics cookies, if/when enabled)

I do not sell your data, and I do not use it for unsolicited marketing.

Lawful bases for processing

Under UK GDPR, I rely on one or more of the following lawful bases:

  • Legitimate interests: to respond to enquiries and run a small research business responsibly
  • Contract: to deliver commissioned work and manage the project
  • Legal obligation: for accounting/tax record-keeping where required
  • Consent: for optional website cookies/analytics (where applicable)

Who I share data with

I keep your information confidential. I only share personal data where it is necessary to provide the service or operate the website, for example:

Form handling (contact form)

If you use the website contact form, messages are processed by Formspree (a third-party form service) and then delivered to me. You can read Formspree’s policies on their website.

Payments and accounting

If you pay an invoice, a payment provider and/or my bank will process the transaction. I keep basic transaction records for accounting.

Professional/production services (only if needed)

If your project involves printing, book production, or specialist services, I may need to share limited details with suppliers (for example, a printer for delivery). I will share the minimum necessary.

Legal reasons

I may disclose information if required by law, regulation, or a valid legal process.

International transfers

Some service providers (for example, website or form providers) may process data outside the UK. Where this happens, they typically rely on appropriate safeguards for international transfers under applicable data protection law.

How long I keep information

I keep personal data only as long as necessary for the purpose it was collected, including to provide services and maintain reasonable business records. Typical retention periods may include:

  • Enquiries: kept for a reasonable period to handle follow-up (then deleted/archived)
  • Project records: kept to support the work, answer queries, and provide continuity if you return
  • Invoices/accounting: kept for as long as required by tax/accounting rules

If you would like me to delete your enquiry emails or project correspondence (where practical and lawful), please ask.

How I protect your information

I take reasonable steps to protect personal data from loss, misuse, and unauthorised access. This includes sensible access controls and careful handling of client materials. No method of transmission or storage is 100% secure, but I work to keep information safe.

Your rights

Under UK GDPR, you may have rights including:

  • Access to your personal data
  • Correction of inaccurate data
  • Deletion of data (in certain circumstances)
  • Restriction of processing (in certain circumstances)
  • Objection to processing (in certain circumstances)
  • Data portability (where applicable)

To exercise your rights, please contact me via the Contact page.

Cookies

This site uses a cookie banner to record your cookie preference in your browser (local storage). If I add analytics cookies in future, you will be able to choose whether to allow them.

Children

This website is intended for adults, and I do not knowingly collect personal data from children via the site. If you believe a child has provided personal data, please contact me and I will address it appropriately.

Complaints

If you have concerns about how I handle your data, please contact me first so I can try to resolve the issue. You also have the right to raise a complaint with the UK Information Commissioner’s Office (ICO).

Changes to this policy

I may update this policy from time to time. The “Last updated” date at the top will change when revisions are made.