I have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. If you have given me your email address or other Personal Data (by emailing, subscribing to the website, buying something from my website or providing your email at one of my events for example) you should read this to reassure yourself I am looking after your data responsibly. I value the security of your information and will never intentionally breach the rules.
I will only collect and use your Personal Data where:
- I have lawful grounds to do so, including to comply with my legal obligations;
- I am performing a contract with you for my services; and
- I have legitimate interests in using your Personal Data and your interests and fundamental rights do not override those interests.
For the purposes of the EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”), I am the “data controller”. If you have any questions about this policy or about how I use your Personal Data, please contact me via my contact details at the end of this policy.
1. Personal Data I collect via my website elizabethducie.co.uk (the “Website”) or by other means
Personal Data that you provide to me
I only collect Personal Data where you choose to interact with me on the Website or by other means in the following ways:
- When you sign up to receive regular email updates on my writing and my books (First name, Last name, Email address)
- When you choose to get in touch via the contact page (Name, Email address)
- When you have given me your email address during written or verbal communication at writers’ events (Name, Email address)
Data that I collect automatically
I may automatically collect certain information when you visit my Website—such as the type of browser and operating system you are using, and the domain name of your Internet service provider.
I do not link this information with any Personal Data.
2. Use of your Personal Data
I will only use your Personal Data when the law allows me to. Most commonly, I use your Personal Data to:
- process and manage your use of my website;
- respond to your questions, comments and requests;
- where you have opted-in to receive marketing from me, deliver communications that are relevant to your preferences / may be of interest to you;
- improve my services and Website through analysis of information.
3. Sharing of your Personal Data
I take your privacy seriously and will not share your Personal Data with others, except as permitted by applicable law or as set out below:
I share Personal Data as necessary with third parties who provide services or functions on my behalf and who require the information to provide those specific services to me. These third parties may include social media advertising platforms such as Facebook and Google Adwords for the purpose of custom audience generation and the development of targeting criteria for other audiences. Please note that we have appropriate data privacy safeguards in place with third parties with whom we share Personal Data as described above and who are providing services or functions on our behalf.
4. Keeping your Personal Data secure
I have implemented security policies and technical measures to safeguard the Personal Data I collect. I maintain physical, electronic and procedural safeguards that comply with applicable law, including the GDPR, to safeguard Personal Data from accidental loss, destruction or damage and unauthorised access, use and disclosure.
I have done everything I can to prevent data breaches, by strongly password-protecting the computers used, Mailchimp, Google and Dropbox accounts. If any of those organisations were compromised, I would take steps to follow their advice immediately.
5. Retention periods for use of your Personal Data
This Website and my services are aimed at adults, and I do not knowingly collect any Personal Data relating to children. If you are under the age of 18, please do not provide me with any of your Personal Data, including your email address.
7. Access to and control over your Personal Data
You have legal rights under applicable law in relation to your Personal Data. You can ask the following questions, or take the following actions, at any time by contacting me via email or via my postal address, both of which are given at the end of this document:
- see what Personal Data I hold about you (if any), including why we are holding it and who it could be disclosed to;
- ask me to change/correct your Personal Data;
- ask me to delete your Personal Data;
- object to the processing of your Personal Data;
- ask me to restrict the processing of your Personal Data;
- withdraw any consents you have given me to the processing of your Personal Data;
- and express any concerns you have about third parties’ use of your Personal Data.
If you asked to see your data, I would take a screenshot of their entry/entries.
If you unsubscribe yourself from the Mailchimp list, your data will be deleted within 7 days.
8. Change of purpose
I will only use your Personal Data for the purposes for which I collected it, unless I reasonably consider that I need to use it for another reason and that reason is compatible with the original purpose. If you wish to have an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact Me.
If I need to use your Personal Data for an unrelated purpose, I will notify you and will explain the legal basis which allows me to do so.
9. Data protection by design and data protection impact assessments
I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe I am using best practice.
10. Data protection officers
I am not a major organisation, so I do not need to appoint a Data Protection Officer.
My lead data protection supervisory authority is the UK’s ICO.
12. Communicating This Policy
I am taking the following steps:
- I have put this document on the website;
- I have added a link to my email signature;
- I have contacted members of my Mailchimp database and reminded them of what they signed up to, alert them to any changes and remind them they can unsubscribe at any time and their data will be deleted.
Once I have contacted you with a reminder about the T&C of my holding your data, I regard this consent as confirmed for a year, or until you ask me to remove the data. I have never harvested email addresses, nor would I. Anyone on my lists has contacted me either through the website or in person.
Consent is not indefinite, so I will make sure I remind you annually that you can unsubscribe or ask for your data to be removed.
13. Contact Me
My full details are: Dr Kathleen E McCormick (writing as Elizabeth Ducie)
Email for Privacy Questions: firstname.lastname@example.org
Postal Address: The Granary, 3 Palace Mill, Rock Road, Chudleigh, TQ13 0JJ