This policy was last updated on 24 May 2018. 

Do you, the reader…?

If you are about to subscribe to my blog or newsletter, comment on a blog post, fill in a ‘contact’ form, or follow me on social media (or if you have already done any of these things), you should read this notice. The general information about website security, links to third party websites and use of Google Analytics (‘Cookies’) applies to all visitors. 

New General Data Protection Regulations come into force on 25th May 2018. Although they are designed primarily for large organisations, please be assured that I take your privacy extremely seriously. That’s why I only ever ask you for the information I need and I never sell lists or email addresses.

Website security

My website was designed and is managed by The Curved House, whose registered office is Free Word Centre, 60 Farringdon Road, London EC1R 3GA. They also have an office located in Berlin at Oranienburger Str 26, Berlin 10117.

As well as keeping my website looking spick and span by updating software and plugins and editing text or images, The Curved House arrange for back-ups and run monthly security scans. In order to do this, they have full administrator access to my website and any information stored on it, which will include any Personal Information that you enter. I have satisfied myself that they take the security of your Personal Information just as seriously as I do. 

My website is built using the open-source software WordPress which is run by automattic.com. For more information about how WordPress processes data, please see Automattic’s overview.

The Curved House have installed plugins to perform certain tasks and to add functionality, for example, to run additional backups, make it easier to add images or include photo galleries, manage security, manage contact forms and so on. They endeavor to ensure all plugins have an updated privacy policy in accordance with the new GDPR regulations.

The Curved House outsource hosting to a server provided by a third-party supplier: Catalyst2. All services provided are within the EEA and Catalyst2 operate security controls compliant with ISO27001 in order to help protect the data they hold. Please see their privacy policy for more information.

My website has an SSL Certificate. This activates the padlock you see as well as https protocol and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions (although I don’t conduct sales from my website), data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites.  

Subscribing to my blog or newsletter

By subscribing to my blog you consent to having blog posts delivered to your email address. My list of blog subscribers is managed via a plugin on my website, and information is not exported to a third party provider.  

By subscribing to my newsletter you consent to receiving details of newsworthy events and incidental information, which may include but will not be limited to a free eBook, details of new releases, special offers, competitions and giveaways. I do not store your Personal Information. Instead, my list of newsletter subscribers is managed on a third party site called MailChimp. When you sign up to my newsletter, you consent that I can:

  • Transfer your contact information to MailChimp
  • Store you contact information in my MailChimp account
  • Send you newsletters/emails from my MailChimp account
  • Track interactions (e.g., click and open rates) for email marketing purposes.
  • Allow The Curved House access to my mailing lists in order to perform certain functions.   

All MailChimp forms collect your email address, IP address, and add their own timestamp which serves as evidence that you have provided consent. I do not have access to the Distribution Lists of other MailChimp users and they do not have access to mine. If you subscribe to my newsletter and use the ‘forward to a friend’ (FTF) link, this will allow you to share my email content with individuals who are not on my Distribution List. You can be assured that when you forward an email to a friend, MailChimp doesn’t store your friend’s email address, and it will not be added to my Distribution List.  

Read MailChimp’s Privacy Policy here. 

Alternatively, if you obtain a free book via the third party site Instafreebie, at the point of download you will be given the option of signing up for my newsletter. Past campaigns have included the joint promotional giveaways, Book Club Gold (July 2016) Free Reads For Smart Women (March 2017) and Smart Fiction for Smart Women (August 2017). In all cases signup to my newsletter is optional and separate from the option of taking a free book. 

Read Instafreebie’s Privacy Policy here.    

In order to demonstrate that you have elected to sign up to my newsletter, either directly or via Instrafreebie, after you complete your details, you will receive an email asking you to confirm your intention. This process is known as ‘double opt-in.’

If I meet you at an event and you provide me with your name and email address/other contact details on the understanding that I will sign you up to my blog or newsletter, you will receive an email asking you to confirm that you want to join the lists. 

How can I unsubscribe?

If you subscribe to my blog, in which case posts will be delivered to you by email, simply respond with the subject-line ‘UNSUBSCRIBE’.

If you subscribe to my newsletter, simply use the unsubscribe button included at the foot of the newsletter. 

Beta Readers and Advance Readers

If you have either asked to join or have accepted a personal invitation to join my teams of beta readers or advance readers, I will assume that your email is consent to process your Personal Information. In addition to your name and email address, I will also keep a record of your postal address so that I can send you your first edition book (thank you gift) on publication. If you volunteer any other Personal Information when commenting on or reviewing one of my books, I will assume that I have your consent to process it.  

Fulfillment of a contract 

If you employ me to provide self-publishing or creative writing mentoring services, I will need to process your Personal Information to fulfill my contract with you. I will retain a greater level of Personal Information, including a record of the advice I give you, but the level of detail will always be appropriate to the service provided. If you volunteer a greater level of Personal Information than I ask for, I will assume that you are happy for me to retain this. 

If you ask me to visit your book club or give a talk, I may also store details of the location, even if I do not make a charge for the personal appearance. I will always ask for your permission to photograph the event and to store and make use of those photographs after the event.       

If you order physical books from me directly on a one-off basis, I will not retain your postal address. If you pay me via PayPal, a record of that transaction will be stored on PayPal’s website. If you wire money directly to my bank account, my bank will retain a record of that transaction. 

Legitimate business interest 

If you leave a comment on a blog post, contact me via the contact form on my website or email me directly, I will simply reply, relying on lawful basis of processing (in other words, I will not ask for your consent before replying). I will not transfer your details to any database without your consent, but your Personal Information will be stored on my website. If you email me, your email address will automatically be stored as a ‘contact’ on Outlook. I may also store the email/email chain if it contains details I think I may need to refer back to, especially if it contains a review of my work.

Social Media

If you comment on my social media accounts or on You Tube, records of those transactions will be held by the relevant social media channels.  I have access to databases of followers on Twitter and Facebook. In these instances, I am not the data processor. However, I use strong passwords and two factor authentication on these sites.  

Minors

I do not knowingly collect or maintain Personal Information from individuals under 16 years of age, and no part of my website is designed or intended to attract people under the age of 16. Protecting the privacy of children is very important to me. If you are under 16, do not use or provide any information on the website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If I obtain knowledge that a user is under the age of 16, I will take steps to remove that user’s Personal Information from my databases. 

How long will you keep my Personal Information for?

The answer is, that depends.

If you have subscribed to my blog or newsletter, but you do not open my emails, I may delete your Personal Information. You can unsubscribe at any time (see above).    

If you are a beta reader or advance reader, I will retain your Personal Information until you advise me that you no longer wish to be a beta reader or advance reader.   

If I provide you with mentoring or self-publishing consultancy services, I will need to keep a record of the advice I have given to refer back to. I will review whether I need to keep this information three years after advice is given. 

Your rights

Can I ask to see what Personal Data you are holding about me?

You are entitled to ask me what information I hold about you and how I am processing that data. This is called a Subject Access Request. To file a  request, simply use the contact form on my website. I aim to respond to all requests within 7 days. 

If you ask to see your data, I will usually email you a screenshot/s of your entry/entries and the text from any emails. Information will be provided free of charge, unless your request is excessive or if you ask for duplicate information. 

What if my Personal Information is wrong? 

You can ask me to correct your Personal Information at any time. 

Can I ask you to stop processing my Personal Information?  

Absolutely. You can also exercise your right to request to be forgotten. 

The right to be forgotten 

If you unsubscribe from my blog or newsletter, your data will be automatically deleted.   

You have the right to request to be forgotten. If you have used the contact form/emailed me, on receipt of your request, I will consider if it is appropriate for me to delete your data. (See ‘How long will you keep my Personal Information for?’) I will only decline to do so if there is a legitimate reason to retain it, in which case you will still have the right to object to use of your Personal Information, or to ask me to only use it in certain ways.   

For social media, you have control of your own accounts and can change the settings so that I will no longer have access to your data. If you are an Instafreebie user, this step will not remove your details from their database and you will also need to contact them. I am happy to assist with this step.  

Google Analytics 

I use Google Analytics on my website. Google is the Data Processor and their system uses anonymised data. I have instructed them that they should only retain your Personal Information for the minimum period of time permitted, which is 14 months. You can read Google’s Privacy Policy here. As of  15 May 2018, they are “working hard to prepare for the EU’s General Data Protection Regulation.” 

Google Analytics is a ‘Cookie’. Cookies allow the local temporary storage of details regarding your specific information and preferences when visiting a website. For example, it takes note of how many people visit my website, how they navigated it website, how long they spent on each page, etc. This is so that I can continue to improve the content I provide, bearing in mind that I want visiting my website to be a fun and enjoyable experience, so that readers will want to come back! I don’t  collect data on individual visitors (i.e. Personal Information), only a summary of statistics of visitors browsing my website.

How can I control and delete cookies?

If you wish to restrict or block the Cookie, you can do this through your browser settings. The ‘Help’ feature within your web browser should tell you how. Alternatively, you may wish to visit www.aboutcookies.org, which contains comprehensive information on how to manage privacy and security settings on a wide variety of web browsers and how to delete cookies from your computer (including those from this visit). For information on how to do this on your mobile device, you will need to refer to its user guide.

Data breaches

I use strong password-protecting on my computer, website and social media. If my computer, website or social media accounts were compromised, I would notify you at the earliest opportunity, seek advice and take steps to follow that advice immediately.

Links to other websites

My website, blog posts and newsletters contain links to other websites. Once you use these links, you will leave my website. I am not responsible for the protection and privacy of any information which you provide whilst visiting such sites. Please exercise caution and always read the privacy statement applicable to the website in question.

How to make a complaint

If you think your data has been misused or hasn’t been kept secure, please contact me and let me know.

If you’re unhappy with my response or if you need advice relating to the matter and are based in the UK you should contact the Information Commissioner’s Office (ICO).

ICO helpline 
Telephone: 0303 123 1113 
Find out about call charges

You can also chat online with an advisor.

You can also visit their website for information on how to make a data protection complaint.