I would far rather be writing poetry (even terrible poetry) than this document, but needs must. You don’t need to read anything more unless you want to. (The same is true of my poetry.) However (big breath) because of the EU’s General Data Protection Regulations that came into force on 25th May 2018, I was legally obliged to take action and inform you of it. Having undergone the Twelve Step Plan of the Information Commissioner’s Office, I can safely say I am fully recovered from any information addiction I may have ever suffered! In essence, these regulations are in place to protect the rights of the individual to know where their personal information is stored, how it is used and to have control over that. I affirm those rights and so here is my full and frank disclosure of the steps I have taken:
I am a self-employed author with no employees. I have read extensive guidance on my obligations, including that issued by the Society of Authors and declare that, to the best of my understanding and ability, I have taken the necessary steps to appropriately protect the data I hold.
- Information I hold:
– Email addresses where people have emailed me and I have replied – automatically saved in my work Gmail account, which is separate from my personal one.
– Names and email addresses of people who have signed up to receive my newsletter either by filling out a sheet at an event or through a link on my website or Facebook page. Stored with Mailchimp.
– Contact information, which may include email addresses, phone numbers and/or postal addresses, for individuals and organisations who have given it to me or where that data is in the public domain.
These are mainly stored in my Gmail account and/or in a filing cabinet.
– I also have lists of contact information which have been distributed at conferences and events, with the full consent of everyone on the list. These are either stored electronically on my laptop, or in a filing cabinet.
– I also have address information on correspondence, contracts and other information sent and received and these are either stored electronically or the filing cabinet.
– All of my electronic information is backed up on Dropbox.
– My website uses WordPress built on a Fasthosts platform. It contains a sign-up form for receiving my blog by email. I receive the email address of that person in my password-protected MailChimp records. For information on the Privacy and Information policies of the platforms and plugins mentioned, please click on those links.
I have password protection on my laptop and all electronic accounts.
I do not share contact information with anyone unless it is already in the public domain or where I am absolutely confident that the individuals concerned want to be connected.
- Communicating privacy information
I have written:
– This statement on my website with links to it:
– on my sign-up form for new subscribers
– on my email signature
– on my contact page
– at the bottom of every newsletter
– A statement in my May 2018 newsletter
- Individuals’ Rights
On request, I will:
– show someone their data via screen shot
– delete data if they wish
If they unsubscribe themselves from my newsletter, Mailchimp automatically deletes their data. My WordPress site includes tools for exporting and erasing data on confirmation of request.
- Subject access requests
I aim to respond to all communication promptly. Requests for data information will be met, according to GDPR guidelines, within one month.
- Lawful basis for processing data
– If people have emailed me, they have effectively chosen to give me their email address and it is automatically saved in Gmail. However, I will not add it to a database or spreadsheet unless given express permission, and will delete it on request.
– If people have signed up to receive my newsletter, I always make it clear this means receiving an email 3-4 times a year with my writing news. The Mailchimp sign-up process has always been ‘double opt-in’ requiring them to actively agree to receive it. Both this step and every newsletter includes the option to unsubscribe at any time, and this process is clear and simple.
I am confident that I only hold and process data on the basis of specific, informed consent. My website and newsletters will always contain clear information on how people can request to see their data or have it removed, and I will always act on these requests promptly.
I sometimes work with children and teenagers in workshops. I never accept social media contact requests from under-18s with whom I work and never use or keep information about young people in any context other than the specific workplace where it is required. Very occasionally, someone under 18 emails me, but so far this has always been with the knowledge of their parents and because they are family friends. If I am emailed by someone who tells me they are under 18, my policy would be to reply, but to explain I could not have further correspondence without the written consent of their guardian, unless the young person is over 16 and living independently. I am keen to encourage young people in their writing journey, but usually keep replies short and direct them to relevant websites and organisations.
- Data breaches
I have done everything I can to prevent this, by password-protecting my devices, WordPress, Fasthosts, Mailchimp, Google and Dropbox accounts. If any of those organisations were compromised I would take steps to follow their advice immediately. I also have reputable and routinely updated anti-virus software on all of my devices.
- Data Protection by Design and Data Protection Impact Assessments
I have undergone a Data Security Risk Assessment.
- Data Protection Officers
That’s me folks! (Loving the promotion… aka, yet another unpaid task of being self-employed)
My data protection supervisory authority is the UK’s ICO.
Specific to This Website:
Who We Are
My website address is: http://www.merrynglover.com
It is owned and managed by me, Merryn Glover, author.
What personal data we collect and why we collect it
My blog page Writing the Way is open to comments, always moderated by me.
None at the moment.
The website runs two cookies.
PHPSESSID is needed to help make the website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without it but you can control settings in your own browser to block cookies. It expires at the end of the session.
cookie_notice_accepted is used by the cookie banner, so that it remembers that you have accepted the notice. It expires after one month.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
I use analytics from WordPress and Jetpack, which is anonymised. I do not receive identifiable information about who has viewed my site.
Who we share your data with
How long we retain your data
The only contact information I get via this website is when you give it to me through the blog sign-up form or by clicking through to my Mailchimp newsletter sign-up. I will retain this until you ask me to delete it.
What rights you have over your data
You can request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.
Where we send your data