This policy was last updated on 15 February 2023.
Latest change = Transfer of data from Mailchimp to Mailerlite.
Do you, the reader…?
If you are about to subscribe to my blog or join my Readers’ Club, comment on a blog post, fill in a ‘contact’ form, or follow me on social media (or if you have already done any of these things), you should read this notice. The general information about website security, links to third party websites and use of Google Analytics (‘Cookies’) applies to all visitors.
Please be assured that I take your privacy extremely seriously. That’s why I only ever ask you for the information I need and I never sell lists or email addresses.
Website security
My website was designed by The Curved House, whose registered office is Free Word Centre, 60 Farringdon Road, London EC1R 3GA. They also have an office located in Berlin at Oranienburger Str 26, Berlin 10117.
Plugins have been installed that perform certain tasks, for example, to make it easier to add images or include photo galleries, manage security, manage contact forms and so on. Reasonable measures have been taken to ensure that all plugins have a privacy policy in accordance with GDPR regulations.
My website is built using the open-source software WordPress which is run by automattic.com. For more information about how WordPress processes data, please see Automattic’s overview.
Hosting of the website is carried out by Catalyst2, who also arrange for back-ups and run monthly security scans. In order to do this, they have full administrator access to my website and any information stored on it, which will include any Personal Information that you enter. They take the security of your Personal Information just as seriously as I do. All services provided are within the EEA, and Catalyst2 operate security controls compliant with ISO27001. Please see their privacy policy for more information.
My website has an SSL Certificate. This activates the padlock you see as well as https protocol and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and is becoming the norm when securing browsing of social media sites.
Subscribing to my blog or newsletter
By subscribing to my blog, you consent to having blog posts delivered to your email address. My list of blog subscribers is managed via a plugin on my website, and information is not exported to a third party provider.
Information prior to 15 February 2023 – Mailchimp
By subscribing to my newsletter, whether directly or via a third party site such as Instafreebie or Book Sweeps, you consent to receiving details of newsworthy events and incidental information, including but not limited to a free eBook, details of new releases, special offers, competitions and giveaways. I do not store your Personal Information. Instead, my list of newsletter subscribers is managed on a third party site called MailChimp. Mailchimp is part of the Intuit group of companies. When you sign up to my newsletter, you consent that I can:
- Transfer your contact information to MailChimp
- Store you contact information in my MailChimp account
- Send you newsletters/emails from my MailChimp account
- Track interactions (e.g., click and open rates) so that I may assess the usefulness of the emails I send you.
- Transfer your contact information to an alternative email service provider should Mailchimp discontinue their service, or should an alternative provider provider preferable terms or services.
All MailChimp forms collect your email address, IP address, and evidence that you have provided consent. I don’t have access to the Distribution Lists of other MailChimp users and they don’t have access to mine. If you subscribe to my newsletter and use the ‘forward to a friend’ (FTF) link, this will allow you to share my email content with individuals who are not on my Distribution List. You can be assured that when you forward an email to a friend, MailChimp doesn’t store your friend’s email address, and it will not be added to my Distribution List. Mailchimp is fully compliant with EU data processing laws.
Read MailChimp’s Privacy Policy here.
Read Intuit’s Privacy policy here.
Information after 15 February 2023 – Mailerlite
By subscribing to my newsletter, either directly or via a third party site such as Instafreebie or Book Sweeps, you consent to receiving details of newsworthy events and incidental information, including but not limited to: a free eBook, details of new releases, special offers, competitions and giveaways. I do not store your personal details. Instead, my list of newsletter subscribers is managed on the secure site of a third party email management company called Mailerlite.
When you sign up to my newsletter you consent that I can:
- Transfer your contact information to Mailerlite (and any subsequent email management service I may subscribe to in the event that I no longer deal with Mailerlite).
- Store your contact information in my Mailerlite account.
- Send you newsletters from my Mailerlite account.
- Track interactions, e.g., click and open rates so that I may assess the usefulness of the information I send you.
Read Mailerlite’s Privacy Policy here.
If I meet you at an event and you provide me with your name and email address/other contact details on the understanding that I will sign you up to my blog or newsletter, you will receive an email asking you to confirm that you want to join my lists.
How can I unsubscribe?
If you subscribe to my blog, in which case posts will be delivered to you by email, simply respond with the subject-line ‘UNSUBSCRIBE’.
If you subscribe to my newsletter, simply use the unsubscribe button included at the foot of the newsletter.
Beta Readers and Advance Readers
If you have either asked to join or have accepted a personal invitation to join my teams of beta readers or advance readers, I will assume that your email is consent to process your Personal Information. In addition to your name and email address, I will also keep a record of your postal address so that I can send you your first edition book (thank you gift) on publication. If you volunteer any other Personal Information when commenting on or reviewing one of my books, I will assume that I have your consent to process it.
Fulfilment of a contract
If you employ me to provide self-publishing or creative writing mentoring services, I will need to process your Personal Information to fulfil my contract with you. I will retain a greater level of Personal Information, including a record of the advice I give you, but the level of detail will always be appropriate to the service provided. If you volunteer a greater level of Personal Information than I ask for, I will assume that you are happy for me to retain this.
If you ask me to visit your book club or give a talk, I may also store details of the location, even if I do not make a charge for the personal appearance. I will always ask for your permission to photograph the event and to store and make use of those photographs after the event.
If you order physical books from me directly on a one-off basis, I will not retain your postal address. If you pay me via PayPal, a record of that transaction will be stored on PayPal’s website. If you wire money directly to my bank account, my bank will retain a record of that transaction.
Legitimate business interest
If you leave a comment on a blog post, contact me via the contact form on my website or email me directly, I will simply reply, relying on lawful basis of processing (in other words, I will not ask for your consent before replying). I will not transfer your details to any database without your consent, but your Personal Information will be stored on my website. If you email me, your email address will automatically be stored as a ‘contact’ on Outlook. I may also store the email/email chain if it contains details I think I may need to refer back to, especially if it contains a review of my work.
Social Media
If you comment on my social media accounts or on You Tube, records of those transactions will be held by the relevant social media channels. I have access to databases of followers on Twitter and Facebook. In these instances, I am not the data processor. However, I use strong passwords and two factor authentication on these sites.
Minors
I do not knowingly collect or maintain Personal Information from individuals under 16 years of age, and no part of my website is designed or intended to attract people under the age of 16. Protecting the privacy of children is very important to me. If you are under 16, do not use or provide any information on the website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If I obtain knowledge that a user is under the age of 16, I will take steps to remove that user’s Personal Information from my databases.
How long will you keep my Personal Information for?
The answer is, that depends.
If you have subscribed to my blog or newsletter, but you do not open my emails, I may delete your Personal Information. You can unsubscribe at any time (see above).
If you are a beta reader or advance reader, I will retain your Personal Information until you advise me that you no longer wish to be a beta reader or advance reader.
If I provide you with mentoring or self-publishing consultancy services, I will need to keep a record of the advice I have given to refer back to. I will review whether I need to keep this information three years after advice is given.
Your rights
Can I ask to see what Personal Data you are holding about me?
You are entitled to ask me what information I hold about you and how I am processing that data. This is called a Subject Access Request. To file a request, simply use the contact form on my website. I aim to respond to all requests within 7 days.
If you ask to see your data, I will usually email you a screenshot/s of your entry/entries and the text from any emails. Information will be provided free of charge, unless your request is excessive or if you ask for duplicate information.
What if my Personal Information is wrong?
You can ask me to correct your Personal Information at any time.
Can I ask you to stop processing my Personal Information?
Absolutely. You can also exercise your right to request to be forgotten.
The right to be forgotten
If you unsubscribe from my blog or newsletter, your data will be automatically deleted.
You have the right to request to be forgotten. If you have used the contact form/emailed me, on receipt of your request, I will consider if it is appropriate for me to delete your data. (See ‘How long will you keep my Personal Information for?’) I will only decline to do so if there is a legitimate reason to retain it, in which case you will still have the right to object to use of your Personal Information, or to ask me to only use it in certain ways.
For social media, you have control of your own accounts and can change the settings so that I will no longer have access to your data. If you are an Instafreebie user, this step will not remove your details from their database and you will also need to contact them. I am happy to assist with this step.
Google Analytics
I use Google Analytics on my website. Google is the Data Processor and their system uses anonymised data. I have instructed them that they should only retain your Personal Information for the minimum period of time permitted, which is 14 months. You can read Google’s Privacy Policy here. As of 15 May 2018, they are “working hard to prepare for the EU’s General Data Protection Regulation.”
I use strong password-protecting on my computer, website and social media. If my computer, website or social media accounts were compromised, I would notify you at the earliest opportunity, seek advice and take steps to follow that advice immediately.
Links to other websites
My website, blog posts and newsletters contain links to other websites. Once you use these links, you will leave my website. I am not responsible for the protection and privacy of any information which you provide whilst visiting such sites. Please exercise caution and always read the privacy statement applicable to the website in question.
How to make a complaint
If you think your data has been misused or hasn’t been kept secure, please contact me and let me know.
If you’re unhappy with my response or if you need advice relating to the matter and are based in the UK you should contact the Information Commissioner’s Office (ICO).
ICO helpline
Telephone: 0303 123 1113
Find out about call charges
You can also chat online with an advisor.
You can also visit their website for information on how to make a data protection complaint.