Winter Ink

Privacy Policy

This Privacy Policy describes how we collect, use, disclose, and protect Personal Information in connection with winter.ink (“the Site”), the hub site for the published and professional work of Dr Robert N. Winter and Dr Halaina R. Winter. It should be read alongside the Terms and the Disclaimer, each of which forms part of the agreement between you and us.

In this Policy, “we”, “us”, and “our” refer jointly to Dr Robert N. Winter and Dr Halaina R. Winter, both of New South Wales, Australia.

We treat compliance with Australian privacy law as the primary framework for this Policy and layer other jurisdictional requirements on top of it. Specifically:

  • The Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”) set the baseline for how Personal Information is handled.
  • The EU and UK General Data Protection Regulations (“GDPR”) apply to Personal Information collected from individuals located in the European Economic Area and the United Kingdom.
  • The California Consumer Privacy Act and California Privacy Rights Act (“CCPA/CPRA”) apply to Personal Information collected from California residents.

Where any provision of this Policy conflicts with a mandatory requirement of applicable law, the legal requirement prevails.

Who We Are

This Site is operated jointly by Dr Robert N. Winter and Dr Halaina R. Winter of New South Wales, Australia. For privacy enquiries, contact us at contact [at] winter [dot] ink.

For the purposes of the GDPR, we are the joint data controllers of Personal Information collected through the Site.

What This Site Is

The Site is a portfolio and signposting hub. It introduces our work and directs visitors to the destinations at which that work is published—at present robert.winter.ink and the podcast On the Subject of Leadership with Dr Robert N. Winter, and in due course the projects of Dr Halaina R. Winter.

Substantive interactions—membership, subscriptions, comments, and payments—occur at the destination sites, not on this hub. The privacy practices that apply to those interactions are described in each destination’s own privacy policy. In particular, the publication and podcast at robert.winter.ink are governed by the Privacy Policy published there.

What Personal Information We Collect

We collect only the Personal Information needed to operate the Site, respond to enquiries, and meet our legal obligations.

Correspondence. If you contact us by email, we receive whatever information you choose to include, together with your email address and the technical metadata your mail client transmits.

Email subscriptions through WordPress.com. If you subscribe to receive updates from the Site through the WordPress.com Subscribe mechanism, your email address and subscription preferences are collected and held by WordPress.com (Automattic Inc.) on our behalf. We can see the list of subscribers and aggregate engagement data; we do not control how WordPress.com itself processes this information beyond what its own privacy practices permit.

Technical information. Web servers operated by WordPress.com record, as a routine matter, the IP address, user-agent string, pages visited, and time spent on the Site. This information is used in aggregate form for site administration, security, and the platform’s own operational and analytical purposes.

Aggregated analytics. Visit statistics may be collected and aggregated by Jetpack Stats, the analytics service built into the WordPress.com platform. The data is presented in aggregate and is used to understand which pages are read and how often.

We do not operate paid memberships, comments, or transactions on the Site. Those functions, where offered, are operated at the destination sites under their own privacy policies.

How We Collect It

We collect Personal Information directly from you when you contact us or subscribe to updates. Technical information is collected automatically by the WordPress.com platform that operates the Site. We do not purchase Personal Information from data brokers and we do not acquire Personal Information from third parties for marketing purposes.

Why We Collect It and the Legal Basis

The purposes for which we collect and use Personal Information, and the legal bases on which we rely, are:

To operate the Site and respond to enquiries. Legal basis: our legitimate interest in maintaining a public-facing portfolio; your consent where you have opted in to optional communications.

To deliver subscribed updates. Legal basis: your consent.

To maintain the security, integrity, and performance of the Site. Legal basis: our legitimate interest in protecting the Site and its visitors against fraud, abuse, and unauthorised access.

To comply with legal obligations. Including responses to lawful requests from regulators, courts, and law-enforcement authorities. Legal basis: legal obligation.

Who We Share It With

The Site is hosted and operated on the WordPress.com platform, and the principal processor of Personal Information collected through the Site is therefore Automattic Inc., the operator of WordPress.com:

  • WordPress.com (Automattic Inc.) provides hosting, server infrastructure, the email subscription mechanism, the comment system (where enabled), the Subscribe and login functionality, and analytics through Jetpack. Automattic’s own privacy practices are described in the Automattic Privacy Policy.

Beyond Automattic, we do not disclose Personal Information to third parties except where required by law, where necessary to protect our legal rights, or with your express consent.

We do not sell, rent, or trade Personal Information, and we do not engage in the “sharing” of Personal Information for cross-context behavioural advertising within the meaning of the CCPA/CPRA.

Where you follow a link from the Site to one of our destination publications—at present robert.winter.ink—any Personal Information collected at that destination is governed by the destination’s own privacy policy.

Overseas Disclosures

Automattic Inc. is based in the United States, and the operation of the Site involves the disclosure of Personal Information to the United States and to other jurisdictions in which Automattic operates infrastructure. Where Personal Information is transferred from the EEA or the UK to a jurisdiction not the subject of an adequacy decision, the transfer is made under the Standard Contractual Clauses approved by the European Commission or the UK International Data Transfer Agreement, as applicable, in reliance on Automattic’s published transfer mechanisms.

Cookies and Similar Technologies

The Site, as operated on the WordPress.com platform, uses cookies and similar technologies for functional and analytical purposes:

  • Functional cookies are set by WordPress.com to maintain session state, preserve preferences, and operate features such as the Subscribe mechanism.
  • Analytics cookies may be set by Jetpack Stats or other Automattic services to measure aggregate traffic.

Cookies set by the WordPress.com platform are described in detail in the Automattic Cookie Policy. The Site does not, of itself, set advertising cookies or social-media tracking pixels beyond those that may be set by the WordPress.com platform.

Security

We rely on the security measures maintained by Automattic for the WordPress.com platform, which include encryption in transit (HTTPS), restricted administrative access, and recognised security certifications. No internet-based service can be guaranteed fully secure. If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth).

How Long We Keep It

Correspondence is retained for as long as is reasonably necessary to maintain the relationship and for a reasonable archival period thereafter.

Subscription records held by WordPress.com on our behalf are retained while your subscription is active. You may unsubscribe at any time through the link in any subscription email; on unsubscription, your record is removed in accordance with WordPress.com’s retention practices.

Technical and analytics information is retained by Automattic in accordance with its own retention practices.

Where Personal Information is no longer required for the purposes for which it was collected and is not required to be retained by law, it will be destroyed or de-identified in accordance with APP 11.2.

Your Rights

Under Australian Privacy Law

You have the right to:

  • Request access to the Personal Information we hold about you (APP 12).
  • Request correction of Personal Information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13).
  • Deal with us anonymously or pseudonymously in any circumstances where this is lawful and practicable (APP 2).
  • Make a complaint about our handling of your Personal Information.

Requests under APPs 12 and 13 will ordinarily be responded to within thirty days.

Under the EU and UK GDPR

If you are in the EEA or the UK, you have, in addition to the rights above, the right to:

  • Erasure of your Personal Information.
  • Restriction of processing.
  • Data portability.
  • Object to processing undertaken on the basis of legitimate interests.
  • Withdraw consent where processing is based on consent, without affecting the lawfulness of processing carried out before the withdrawal.
  • Lodge a complaint with the supervisory authority in your country of residence, workplace, or the place of the alleged infringement.

Under California Law

If you are a California resident, you have the right to:

  • Know what categories of Personal Information are collected, the sources, the business purposes, and the categories of third parties to whom it is disclosed.
  • Request deletion of Personal Information, subject to statutory exceptions.
  • Request correction of inaccurate Personal Information.
  • Opt out of the sale or sharing of Personal Information. We do not sell or share Personal Information as those terms are defined under the CCPA/CPRA.
  • Not be discriminated against for exercising any of these rights.

To exercise any right set out above, contact us using the details in the Complaints and Contact section below. We will verify your identity by reasonable means before acting on a request.

Where a right is exercised in respect of Personal Information held by Automattic on our behalf, we will work with Automattic to give effect to it. Some rights may, in addition or in the alternative, be exercised directly with Automattic in accordance with its own privacy practices.

Artificial Intelligence and Machine Learning

Personal Information collected through the Site is not used, licensed, disclosed, or made available to any party for the purpose of training, fine-tuning, grounding, evaluating, or otherwise developing any machine-learning model, large language model, generative artificial intelligence system, or comparable automated system. This applies equally to correspondence, subscription data, and analytics data.

The corresponding protection of the Site’s published Content against AI-training use is set out in the Terms, and a fuller reservation in respect of content authored by Dr Robert N. Winter is set out in the Content Licence at robert.winter.ink.

Children

The Site is intended for an adult professional readership and is not directed to children. We do not knowingly collect Personal Information from a person under the age of sixteen. If you believe a child has provided Personal Information to the Site, contact us and we will take reasonable steps to delete it.

Changes to This Policy

We will revise this Policy from time to time to reflect changes in the Site, in the services used to operate it, or in applicable law. The date of the most recent revision appears at the foot of the Policy. Where a change is material—for example, where it broadens the purposes for which Personal Information is used or introduces a new category of disclosure—a prominent notice will be posted on the Site before the change takes effect. Minor or clarificatory changes will be published without separate notice.

Complaints and Contact

If you have a question about this Policy, or if you believe we have mishandled your Personal Information, contact us at contact [at] winter [dot] ink. We will acknowledge your complaint within seven days and respond substantively within thirty.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.

If you are in the United Kingdom, you may lodge a complaint with the Information Commissioner’s Office.

If you are in the European Economic Area, you may lodge a complaint with your national supervisory authority. A directory is maintained by the European Data Protection Board.

Last updated: 23 April 2026