My Privacy Policy and General Data Protection Regulations (GDPR) Statement of Compliance

PRIVACY POLICY:

Your privacy matters to me. I would never sell or share email addresses gained through my website either via the contact form or via any subscription you might sign up to here such as my blog or newsletter. If you do sign up to any subscriptions available here on my website, you can unsubscribe at any time by following the unsubscribe instructions included at the foot of every blog post or email I send you.

My website uses cookies to analyze the performance of the content. You can switch off cookies via your internet browser settings.

My website is subject to regular security scans.

MY GDPR STATEMENT OF COMPLIANCE

I have done my best to familiarise myself with the guidelines for these new (25th May 2018) EU regulations. The regulations are primarily designed for large organisations. However although I am a sole trader, I do take your privacy seriously.

The document that follows explains how I comply. If you have given me your email address (by using the Contact Me link on my website or by any other means), you should read this to reassure yourself that I am looking after your data responsibly.

  1. Awareness
    I am a sole trader so there is no one else in my organisation to make aware.
  2. The information I hold
    Email addresses of people who have emailed me – and to whom I have replied – are automatically saved in two password-protected inboxes. Data given voluntarily such as names, postal addresses (for sending physical items like books) and names of contacts in schools – recorded in my inboxes and, for a very brief period, in a password-protected computer document. I do not share this information with anyone.
  3. Communicating privacy information
    I have put this document on my website.
    I have added a link on my Contact Me page.
  4. Individuals’ rights

    On request, I will delete data.

  5. Access requests
    I aim to respond to all requests within 24 hours.
  6. Lawful basis for processing data
    If people have emailed me, they have given me their email address. I do not actively add it to a list but my two email accounts will save it automatically. I will not add it to any database unless someone asks me to do so or gives me explicit and detailed permission.
    If a website visitor has bought something from me, their postal and email addresses are saved in my two inboxes. I may copy their names and postal addresses to a Word document for the purposes of printing labels or making invoices. I do not use their data for anything other than contacting them about the order and I will delete those Word details once the transaction is complete.
  7. Children
    Young people might email me but I will not know their ages unless they tell me. I will reply to their email but will not contact them again unless they email me for further information.
    I do not knowingly collect or maintain personal information from individuals under 16 years of age, Protecting the privacy of children is very important to me. If you are under 16, do not use or provide any information on the website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If I obtain knowledge that a user is under the age of 16, I will take steps to remove that user’s personal information from my databases.
  8. Data breaches
    I have done everything I can to prevent these, by strongly password-protecting my computer and email accounts. If any of those latter organisations were compromised I would take steps to follow their advice immediately.
  9. Data Protection by Design and Data Protection Impact Assessments
    I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.
  10. Data Protection Officers
    I have appointed myself as the Data Protection Officer, in the absence of anyone else.
  11. International
    My lead data protection supervisory authority is the UK’s ICO.
RRB-transparent-Logofacebooktwitter
website by digitalplot