P
PMMilestone
Encyclopedia & Research

Privacy Policy

Last updated: 21 June 2026

This Privacy Policy explains how PMMilestone.com ("we", "us", "our") collects, uses, shares and protects personal information when you access or interact with the website at pmmilestone.com — including the A–Z encyclopedia, career guides, articles, downloadable resources, contact form and any related pages (together, the "Service"). It is written to be readable: if you only have a minute, skip to the Summary in plain English at the end. PMMilestone.com is operated by Dr. Hassan Eliwa, PhD (Founder of PMMilestone.org and PMMilestone.com), trading through Eliwa.co.nz, based in Auckland, New Zealand.

1. Scope of this Policy

This Policy applies to personal information we process in connection with the Service. It does not cover the operational platform at PMMilestone.org, which has its own privacy notice, nor any third-party site you reach via an outbound link (LinkedIn, X, Medium, Amazon, Google Scholar, ResearchGate, ORCID, software vendors, standards bodies, sponsored references, etc.). Where this Policy refers to "personal information" or "personal data", we mean information that identifies, or is reasonably capable of identifying, a living individual — for example, your name, email address, IP address, browser fingerprint, or persistent advertising identifier.

2. Who we are and how to contact us

The data controller for PMMilestone.com is Dr. Hassan Eliwa, PhD, contactable at hassan.eliwa@eliwa.co.nz, or via the contact page. Postal address: Auckland, New Zealand. We do not have a designated EU representative; EU and UK residents may contact us using the same details. New Zealand residents have their statutory rights under the Privacy Act 2020 (NZ).

3. What information we collect

We aim to collect as little personal information as is reasonably necessary to operate the Service, keep it secure, and improve it over time. The categories below describe what may be collected and from whom.

3.1 Information you provide directly

  • Contact and correspondence data — when you email us, send a message via the contact page, submit a correction, contribute a draft, or reach out on LinkedIn, we receive your name, email address, the content of the message and any attachments you choose to send.
  • Subscriber data — if and when we offer an email newsletter or similar service, we will collect the email address you provide, plus any preferences you select. We will obtain consent at the point of sign-up.
  • Submission data — Submissions made under our Terms (corrections, contributions, case studies) include any personal data you choose to include in the Submission.

3.2 Information collected automatically

  • Device and connection data — IP address, approximate location derived from IP, user-agent string, device type, operating system, browser type and language, screen resolution, and referring URL.
  • Usage data — pages viewed, time on page, click events on internal links, scroll depth, FAQ block expand/collapse interactions (used to improve content), and basic performance metrics such as page-load timing.
  • Cookies and similar technologies — small data files set on your device for analytics, security, accessibility preferences, and advertising. See Section 5 for detail.

3.3 Information from third parties

  • Analytics providers may share aggregated audience data with us (no individual identification).
  • Advertising partners (including Google) may share information about ad performance.
  • Social platforms may share basic profile information if you choose to engage with our content through them (for example, by clicking a "share" button).

4. Why we process your information (purposes & legal bases)

We process personal information for the following purposes, on the following legal bases (where the GDPR or comparable laws apply):

  • To operate and secure the Service — hosting, content delivery, fraud and abuse prevention, and basic site availability. Legal basis: legitimate interest.
  • To respond to your enquiries — answering messages sent via contact, email, or LinkedIn. Legal basis: legitimate interest; or, where relevant, performance of a pre-contract step at your request.
  • To improve content and editorial quality — understanding which encyclopedia entries, career guides and FAQ blocks readers find useful, so we can prioritise updates. Legal basis: legitimate interest.
  • To serve advertising, including via Google AdSense and partner networks where applicable. Legal basis: consent where required (EEA/UK/UK GDPR), legitimate interest elsewhere.
  • To comply with legal obligations — for example, responding to lawful requests from public authorities. Legal basis: legal obligation.
  • To protect rights and interests — including enforcing our Terms of Service, defending claims, and protecting intellectual property. Legal basis: legitimate interest.

5. Cookies and similar technologies

Cookies are small text files set on your device by us or by third parties. We use cookies (and similar technologies such as local storage, web beacons and pixels) for the following purposes:

  • Strictly necessary — basic functioning of the site, security, load balancing.
  • Functional & preference — remembering your accessibility, language, or display preferences.
  • Analytics — measuring how the Service is used so we can improve it. Where applicable, we use privacy-respecting analytics with IP anonymisation enabled.
  • Advertising — where ads are displayed (including via Google AdSense), the ad provider may set cookies to measure ad delivery, frequency-cap repeated ads, and personalise advertising. EEA/UK/Swiss users will see a consent prompt as required by the ePrivacy Directive and PECR.

You can control cookies through your browser settings, through any in-product consent controls we surface, and through Google's Ads Settings, YourAdChoices (DAA), the European Interactive Digital Advertising Alliance (EDAA), and similar opt-out programmes. Disabling some cookies may affect site functionality.

6. Google AdSense and third-party advertising

The Service may display advertising delivered by Google (Google AdSense) or other advertising networks. Such providers may use cookies, identifiers and similar technologies to serve and measure ads based on prior visits to this and other websites. Google's use of advertising cookies enables it and its partners to serve ads to users based on their visit to our site and other sites on the Internet, in accordance with Google's privacy and advertising policies.

You can opt out of personalised advertising by visiting Google's Ads Settings. You can opt out of some third-party vendors' use of cookies for personalised advertising at aboutads.info/choices. For EEA/UK users, we rely on Google-certified CMPs (Consent Management Platforms) where required to obtain valid consent under TCF v2.2 or successor frameworks.

We follow Google's Publisher Policies and AdSense Programme Policies. We do not present advertising in a manner that misleads readers, places ads in deceptive proximity to editorial content, encourages accidental clicks, or appears on pages that breach Google's content policies.

7. How we share information

We do not sell your personal information. We share personal information only in the following limited circumstances:

  • Service providers — hosting, CDN, email delivery, analytics, security and advertising partners acting under contract and on our instructions. They process personal information only as needed to provide their service.
  • Legal and regulatory — where we are required by law, a valid court order or a legitimate request from a public authority to disclose personal information.
  • Protection of rights — where disclosure is necessary to investigate, prevent or take action against suspected illegal activity, suspected fraud, threats to safety, or breaches of our Terms.
  • Business transfer — in connection with a merger, acquisition, financing, reorganisation or sale of all or part of the Service, personal information may be transferred to the acquirer subject to equivalent protection.

8. International transfers

PMMilestone.com is operated from New Zealand and the hosting infrastructure may be located in multiple jurisdictions, including the European Economic Area, the United Kingdom, the United States and the Asia-Pacific region. Where we transfer personal information internationally, we rely on appropriate legal mechanisms — for example, standard contractual clauses, adequacy decisions, or your explicit consent — to ensure that the personal information remains adequately protected. New Zealand has been recognised by the European Commission as providing an adequate level of protection for personal data.

9. How long we keep your information

We retain personal information only for as long as is necessary for the purposes set out in this Policy, or for as long as is required by law. Email correspondence is typically retained for up to three years from the last interaction. Analytics data is typically retained at the provider's default retention setting (14 to 26 months, with IP anonymisation enabled where supported). Advertising-related identifiers follow the retention rules of the ad provider. Aggregate, anonymised statistics may be retained indefinitely.

10. Your rights

Depending on where you live, you may have the following rights in respect of your personal information:

  • Access — to obtain a copy of the personal information we hold about you.
  • Rectification — to correct inaccurate or incomplete personal information.
  • Erasure ("right to be forgotten") — to request deletion of personal information, subject to legal exceptions.
  • Restriction — to restrict our processing of your personal information in certain circumstances.
  • Portability — to receive personal information in a structured, commonly used, machine-readable format.
  • Objection — to object to processing based on legitimate interest, including profiling and direct marketing.
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint — with the New Zealand Office of the Privacy Commissioner, the UK Information Commissioner's Office, your local EU data protection authority, or — for California residents — the California Privacy Protection Agency.

To exercise any of these rights, email hassan.eliwa@eliwa.co.nz. We will respond within 30 days, or sooner where legally required. We may need to verify your identity before fulfilling a request.

11. California, Virginia, Colorado and other US state rights

Residents of California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut, Utah and other US states with comprehensive privacy laws have additional rights in respect of "personal information" or "personal data", including the right to know what categories of information are collected, the right to delete it, the right to correct it, the right to opt out of "sale" or "sharing" for cross-context behavioural advertising, and the right not to be discriminated against for exercising those rights. We do not knowingly "sell" personal information for monetary consideration. Where we display personalised advertising, that activity may be classified as "sharing" under CCPA/CPRA; you can opt out via our cookie-consent tool or by signalling "Global Privacy Control" (GPC) from your browser, which we treat as a valid opt-out signal for personalised advertising.

12. Children

The Service is not directed to children under the age of 16, and we do not knowingly collect personal information from anyone under 16. If you believe that a child has provided personal information to us, please email hassan.eliwa@eliwa.co.nz and we will delete it promptly.

13. Security

We take reasonable technical and organisational measures to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Examples include HTTPS/TLS for all traffic, hardened third-party hosting, principle-of-least-privilege access to administrative tools, and regular review of editorial and operational practices. However, no transmission over the internet and no electronic storage method is 100% secure, and we cannot guarantee absolute security.

14. Do Not Track and Global Privacy Control

We honour the Global Privacy Control (GPC) signal where applicable. Some browsers also transmit a "Do Not Track" (DNT) signal; because there is no industry consensus on how DNT should be interpreted, we do not respond differently to DNT, but we still honour GPC and equivalent opt-out signals defined by applicable law.

15. Automated decisions and profiling

We do not make solely automated decisions that produce legal or similarly significant effects concerning you. Personalised advertising involves a degree of automated profiling by ad providers; you can opt out as described in Sections 5 and 6.

16. Changes to this Policy

We may update this Policy from time to time to reflect changes in law, technology or our editorial and advertising practices. The "Last updated" date at the top of the page indicates when this Policy was last revised. Material changes will be highlighted via a notice on the site for a reasonable period. Continued use of the Service after a change indicates acceptance of the updated Policy.

17. Contact

Privacy questions, rights requests and complaints should be sent to hassan.eliwa@eliwa.co.nz or via the contact page. Please describe the request clearly so we can respond efficiently; for rights requests we may ask for verification details.

18. Summary in plain English

PMMilestone.com is a free editorial site about project management and project controls, run by Dr. Hassan Eliwa, PhD, from Auckland, New Zealand. If you read the site, we may use cookies for analytics and (where applicable) for Google AdSense advertising. If you email us, we keep your message to respond to it. We do not sell your information. You can ask to see, correct or delete what we hold; you can opt out of personalised ads; you can complain to your data protection authority. If you have questions, email hassan.eliwa@eliwa.co.nz. Thank you for trusting us with your time.

Buy me a coffee