Privacy Policy

Last updated: 27 March 2026. Effective immediately.

This Privacy Policy explains how Michael Morris, trading as Morris Legacy (morris.is), collects, uses, and protects your personal data. This policy applies to all visitors to morris.is, anyone who submits a contact form or booking request, and anyone who engages with Morris Legacy services.

This policy is written in compliance with the General Data Protection Regulation (GDPR) and applicable Israeli data protection law. If you have any questions, contact: michael@morris.is.

1. Who is responsible for your data

Data Controller: Michael Morris
Trading as: Morris Legacy
Website: https://morris.is
Email: michael@morris.is
Location: Israel (UTC+3)

2. What data we collect and why

We collect only the personal data necessary to provide our services and communicate with you.

Data collectedWhy we collect itLegal basis (GDPR)
Name and email addressTo respond to contact form submissions and booking requestsLegitimate interest / Contract
Phone numberOptionally provided during booking — used for appointment reminders onlyConsent
Business informationProvided voluntarily in booking notes to prepare for discovery callsConsent
IP address and browser dataCollected automatically by WordPress and Jetpack for security and analyticsLegitimate interest
Booking appointment dataStored by Microsoft Bookings to manage appointmentsContract
Payment informationProcessed by Stripe — we never see or store your card detailsContract

3. How we use your data

  • To respond to enquiries submitted via the contact form or email
  • To confirm, manage, and follow up on scheduled appointments
  • To process payments for services via Stripe
  • To send you information about our services where you have requested it or where we have a legitimate interest in doing so
  • To improve the performance and security of this website

We do not use your data for automated decision-making or profiling. We do not sell your data. We do not share your data with third parties except as described in section 4.

4. Third parties we share data with

We use the following third-party services, each of which processes data on our behalf under their own privacy policies:

  • Microsoft Bookings (Microsoft 365) — manages appointment scheduling. Data processed under Microsoft’s privacy policy and Data Processing Agreement. Microsoft Privacy Statement
  • Stripe — processes payments. Card details are never transmitted to or stored on our servers. Stripe Privacy Policy
  • Jetpack (Automattic) — provides site security, performance, and basic analytics for morris.is. Automattic Privacy Policy
  • WordPress.com / Automattic — this website is hosted on a WordPress installation. Server logs may be retained for security purposes.

No data is transferred to third parties for marketing purposes without your explicit consent.

5. International data transfers

Morris Legacy is based in Israel. Israel is recognised by the European Commission as providing adequate data protection. Some third-party processors (Microsoft, Stripe, Automattic) are based in the United States and operate under standard contractual clauses or equivalent safeguards approved under GDPR Article 46.

6. How long we keep your data

  • Contact form submissions: retained for up to 12 months, then deleted unless an ongoing relationship exists
  • Booking records: retained for 24 months for record-keeping purposes
  • Payment records: retained for 7 years to comply with financial record-keeping obligations
  • Website analytics data: aggregated and anonymised — no retention limit

7. Your rights under GDPR

If you are located in the European Economic Area (EEA) or the UK, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your data where there is no compelling reason for its continued processing
  • Right to restrict processing — request that we limit how we use your data
  • Right to data portability — request your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, email michael@morris.is. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority. In Israel, this is the Privacy Protection Authority.

8. Cookies

This website uses cookies. Cookies are small text files placed on your device that help the site function correctly. We use:

  • Essential cookies — required for the website to function (WordPress session cookies, security tokens). These cannot be disabled.
  • Analytics cookies — Jetpack may collect anonymised visitor data to help us understand how the site is used. No personally identifiable information is collected through analytics.

We do not use advertising or tracking cookies. We do not serve third-party ads.

9. Security

We take data security seriously. Morris Legacy applies appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, or destruction. This includes HTTPS encryption on all pages, access controls on administrative systems, and use of GDPR-compliant third-party processors. As a CISSP-certified security professional, the same standards applied to client engagements are applied here.

10. Changes to this policy

We may update this policy from time to time. The date at the top of this page shows when it was last updated. Continued use of morris.is following any changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions, data requests, or complaints:
Michael Morris
Morris Legacy
michael@morris.is
https://morris.is