In compliance with the General Data Protection Regulation (GDPR), here is my privacy notice. This sets out how I process and store any data you share with me, including the third-party websites which store this data.
To begin: I only ask for the minimum in terms of data for you to sign up to my website or newsletter, which is maintained for the purpose of informing interested parties about writing news and new books. Most of the information is also available via Facebook or Twitter.
The information you are required to provide is is either an email address or, for my blog, clicking the Follow button which shares your WordPress profile with me. These are managed by third parties, and the information is held by them. That is all it is used for. I don’t store it myself or process it beyond occasionally consulting my stats, which are behind a login process on WordPress and MailChimp.
- I do not use any plug-ins on this site.
- If you comment on my posts, the data is held by this WordPress.com website and is visible to visitors. If someone shares the page or blog post via social media, your comments will be shared with it, at the bottom of the page.
- If you use the contact form to get in touch with me, the data you share, including your email address, will be shared with my email provider, Hotmail. Microsoft’s privacy statement is here: https://privacy.microsoft.com/en-GB/privacystatement. Your email address will remain stored within my Hotmail account, and will not be shared with anyone.
- If you follow my blog on WordPress, your WordPress profile name or your email address (depending on how you choose to follow the blog) is stored by WordPress in the Followers/Email Followers section of my admin. I do not export any of this information, or share it, or use it for any purpose. It’s just there.
- Any other data which WordPress collects about you is held by WordPress and only available to me in an anonymised form, for example as visitor stats.
- If you sign up for my MailChimp newsletter, I will only contact you through the newsletter. I will not send you emails apart from that, and I do not share my newsletter list with anyone else. I receive an email notification when people subscribe to my newsletter, which I delete, and your information is then held solely in MailChimp. I do not process your data in any other way, or use your email address for any other purpose.
- If you buy something from my Etsy shop, then for me to fulfil your order, you must provide me with certain information (which you authorised Etsy to provide to me), such as your name, email address, postal address, payment information, and the details of the product that you’re ordering. You may also choose to provide me with additional personal information, such as a personal dedication for a signed book.
- I will not use the information you provide on Etsy for anything except the purpose of fulfilling your order, and maintaining records of purchases for tax purposes. I don’t send further marketing emails, or run a mailing list from Etsy. The only exception would be if I was required to share your information to comply with the law.
- Regarding retaining your information, I will retain it on Etsy for seven years as this is the minimum time to keep financial information and part of my business.
- Transferring personal information outside the EU: my email provider, Microsoft, by which Etsy contacts me with alerts for purchases and conversations, adheres to the EU-US and Swiss-US Privacy Shield. I rely on this as the legal basis for the transfer.
- For any of the following queries, please get in touch using my contact form or the alternatives given at the end.
- The right to access: if you wish to know more about, or to see a copy of, the personal data I hold on you, you can. Just contact me and we’ll take it from there.
- The right to correct: if you think some of the information I hold is incorrect, you can ask for it to be amended.
- The right to erasure: if you want me to erase the personal data I hold on you, I probably can. You can always unsubscribe from my website/blog and my newsletter. If you require something more than that, contact me. NB I may not be able to erase your personal data if it would contravene the law. NB2 I have no idea when this would be the case, but it’s possible, I suppose.
- The right to restriction of processing: if you want me to stop processing your data, I probably can. In the meantime, I am still allowed to store your personal data. NB as I don’t process your data and third parties do, I’m not sure how this would apply but apparently I have to include this. You can unsubscribe from my blog and newsletter at any time.
- The right to data portability: apparently you can ask me to transport any personal data you have supplied to me to a new provider. I can’t think of any time when this would apply.
- The right to object: you have the right to object to me processing your personal data for several reasons, and if you do so and your reason is valid, I am required to stop.
- The right to complain: if you live in the EU and wish to raise a concern about my use of your information, you have the right to do so with your local data protection authority.
- If I become aware of a data breach via any of the third-party sites I use – WordPress, MailChimp, Hotmail, Etsy or PayPal – I will notify you as soon as I can (the GDPR standard is within 72 hours). It hasn’t happened yet, fingers crossed.
- If you have any questions about this Privacy Notice, please get in touch via my contact form. Alternatively, you can send me a message via my Facebook page: http://www.facebook.com/LizHedgecockWrites, or my Twitter account: http://twitter.com/lizhedgecock.