Lies.of.HR

Privacy

Privacy.

Last updated · 5 June 2026

This is the privacy notice for liesofhr.com ("Lies of HR", "we", "us"). The site is a personal project by Martin Spiteri Schillig. It tries to collect as little personal data as possible, and what it does collect is used only for the things described below.

This notice is written to meet the requirements of the EU General Data Protection Regulation (GDPR) and the UK GDPR. If you are in the EU, the EEA, or the UK, the rights set out below apply to you.

Who is the data controller

The data controller for personal data collected through this site is Martin Spiteri Schillig, operating Lies of HR as a sole individual. You can reach the controller at hello@liesofhr.com for any privacy-related question or request. We do not have a designated Data Protection Officer because the scale of processing does not require one under Article 37 GDPR.

What we collect

The site only collects information you actively give us:

  • Your email address, when you sign up to be told about the next Lie, or when you ask to be kept posted about the workshop from the assessment page.
  • Your assessment answers stay in your browser while you take the test. If you ask to be kept posted about the workshop, we store the email you provided together with the name of your top lie from the test (for example, "Cultural fit"). We do not store the individual statement-by-statement answers.
  • Basic server logs — like most websites, our hosting provider records technical information such as IP address, browser type, and timestamp for short periods, to keep the site available and secure. We do not use these logs to profile visitors.

We do not run analytics, advertising trackers, or third-party social pixels on the site.

Why we use it

  • To email you when a new Lie is published, if you signed up for it.
  • To email you about the workshop, if you opted in for that.
  • To run, secure, and improve the site itself.

We do not sell your data, and we do not share it with anyone for their own marketing.

Legal basis

Under Article 6(1) GDPR, our legal bases are:

  • Consent (Art. 6(1)(a)) — for sending you emails about new Lies or the workshop. You give consent by entering your email and submitting the form. You can withdraw consent at any time, without affecting the lawfulness of processing done before withdrawal.
  • Legitimate interests (Art. 6(1)(f)) — for keeping the site secure, preventing abuse, and maintaining basic server logs. Our interest is running a reliable site, balanced against the minimal intrusion of short-lived technical data.

How long we keep it

  • Email subscriptions — kept until you unsubscribe or ask us to delete you, or until the relevant list is closed.
  • Workshop interest (email + top lie) — kept until the workshop programme is concluded or you ask us to delete it.
  • Server logs — typically rotated within 30 days by our hosting provider.
  • If the site is shut down, all lists are deleted within a reasonable period.

Who processes the data

We use a small number of processors who act on our instructions under written data processing agreements:

  • Lovable — site hosting and managed backend (including the database that stores the email lists).
  • Cloudflare — content delivery and edge runtime used by our hosting provider.
  • An email-sending provider — used to deliver the emails you opt in to.

Outgoing emails about new Lies or the workshop are sent from a mailbox controlled by us.

International transfers

Some of our processors are based outside the European Economic Area (notably in the United States or the United Kingdom). When personal data is transferred outside the EEA, we rely on appropriate safeguards under Chapter V GDPR — typically the European Commission's Standard Contractual Clauses, the EU–US Data Privacy Framework where applicable, and the UK adequacy decision. You can request a copy of the relevant safeguards by emailing us.

Automated decisions and profiling

We do not make any decisions that produce legal or similarly significant effects about you using automated processing or profiling.

Your rights

If the GDPR or UK GDPR applies to you, you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Have inaccurate data rectified (Art. 16).
  • Have your data erased — the "right to be forgotten" (Art. 17).
  • Restrict how we process your data (Art. 18).
  • Data portability — receive your data in a portable format (Art. 20).
  • Object to processing based on legitimate interests (Art. 21).
  • Withdraw consent at any time, without affecting prior processing (Art. 7(3)).

To exercise any of these, email hello@liesofhr.com. We will respond within one month, as required by Art. 12 GDPR. To stop receiving emails, you can also use the unsubscribe link in any email we send.

You also have the right to lodge a complaint with a data protection supervisory authority in the EU/EEA member state where you live, work, or where you believe a violation occurred. In the UK, this is the Information Commissioner's Office (ico.org.uk). A list of EU supervisory authorities is available at edpb.europa.eu.

Security

We use technical and organisational measures appropriate to the risk: encryption in transit (HTTPS), access controls on the database, and limiting personal data to the minimum needed. No system is perfectly secure, but we take reasonable care.

Children

The site is aimed at working adults and is not intended for anyone under 16. Please do not submit personal data if you are under 16.

Changes

If we change this notice, we will update the "last updated" date at the top. Material changes will be flagged on the site.

Contact

Questions about privacy: hello@liesofhr.com.

← Back to the Lies