General Data Protection Regulation Compliance Statement
I have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. This document that follows explains how I comply. If you have given me your email address (by emailing me, or during events, for example), please read this to be reassured that I’m looking after your data extremely responsibly.
I value the security of your information extremely highly and will never intentionally breach the rules. However, the rules are designed for large corporations and as a sole trader and a working author, I’ll do my best to comply.
I’m a sole trader and freelance author. Apart from writing, I visit schools, libraries, bookshops and literature festivals. I assure you that I’m fully aware of the above mentioned regulation and its requirements.
The information I hold:
•Email addresses of people who have emailed me and to whom I have replied – automatically saved in Gmail, hotmail and B.T.mail
•Email addresses, postal addresses and names of people who I’ve worked with over the years, in my professional capacity. These are held as lists in my email servers as above.
•My Facebook Author page has subscribers who have liked the page. But I hold no personal information about these followers. These are managed and processed by Facebook as per their own policies of usage.
•My Instagram page has subscribers who follow my posts. But I hold no personal information about these followers. These are managed and processed by Instagram / Facebook as per their own policies of usage.
•My YouTube account may contain viewer comments. But I hold no data about viewers or commenters. These are managed and processed by YouTube as per their own policies of usage.
•I have access to the followers of my Twitter account @paperdragon59. While I’m the data controller of this account, I do not process this data. Anyone who do not wish to follow, can un-follow at any time as per Twitter’s regular procedures.
•As a professional writer, I do not share any of the above information with anyone.
Communicating privacy information
•This document will be available as a document to download from my websites. Link at the bottom of the page
•I will post a link to my website statement on YouTube, Twitter, and Facebook accounts as well. If anyone unsubscribes / unfollows, their data is automatically deleted.
•On request, I will delete any data held.
•If someone asked to see their data, I would take a screenshot of their entry/entries and send to them.
Subject access requests
•I’m a sole trader, freelance writer who often travels for work. I will aim to respond to all requests within a reasonable timeframe – not more than 7 days and usually much sooner.
Lawful basis for processing data
•If people have emailed me or contacted me via the website, they have given me their email address. If anyone followed me on any of the social media platforms they have actively opted in, in the knowledge that I will contact them occasionally.
•I do not actively add it to a list except for the various instances listed above and will not do so without valid permission.
•Once I’ve communicated my privacy terms of holding data, I regard this consent as confirmed for a year, or until the person asks us to remove the data. I will remind my subscribers/followers to review their subscription / follows regularly.
•Young people sometimes email me but I don’t know their age unless they tell me – and I only have their word for that. I would not deliberately keep their email address (but B.T.mail /Gmail /Hotmail would save it in my account.) Since I am not “processing” their data, I am not required to ask for parental consent. I reply to the email and don’t contact them again.
•I’m not normally contacted by children on social media. However I do not know the ages of my followers on social media platforms and will rely on the platform to apply their parental consent policies.
•Any request for parental consent will be handled by the data processor in each case.
•I protect the data I hold by strong passwords across the digital platforms I use. If any of those platforms were compromised I would take steps to follow their advice immediately.
Data Protection Officers
•I’m not a major organisation and so do not need to appoint a Data protection Officer.
•As I’m a UK citizen and based in the UK, my lead data protection supervisory authority is the UK’s ICO as of 25th May 2018.