GDPR: Policy

GDPR – The General Data Protection Regulation is a new set of European laws that governs how you communicate, interact with and store personal data that came into force May 25, 2018.

  • personal data pertains to “any information relating to an identified or identifiable natural person” – like name, email, address or even an IP address; it is better to think that any piece of data can be considered personal data,
  • whereas processing of personal data refers to “any operation or set of operations which is performed on personal data”. Therefore, a simple operation of storing an IP address on your web server logs constitutes processing of personal data of a user.

The policy I have for storing personal data is:

  • I use a WordPress content management system. I am the sole person with access to this website. If I invite additional content editors to use my website, you will be informed.
  • I only have one data point on my website where I can collect personal data, and this is through email subscriptions. I do not add addresses without consent, it is through opt-in only.
  • I collect this information using a plugin called Email Subscribers

Email Subscribers creates the following tables in your database on plugin activation:
{prefix}es_emaillist: This has all your subscribers information
{prefix}es_notification: This has all the post notifications that you create to send new blog notifications

{prefix}es_sentdetails: This is a log which has information about post notifications and newsletter emails that you have sent
{prefix}es_deliverreport: This is a detailed log which has information about post notifications and newsletter emails that you have sent
Additionally, as Templates is a Custom Post Type, all the templates that you create (for newsletter or post notification) are stored in WordPress Post & Postmeta table.

  • You have the right to know what data I have collected on you. The personal data I have stored is the name and email address given on sign up, I have no other data stored.
  • You have the right to opt-out of receiving emails and removal of your data from my website. This can be done through direct email request, or using the unsubscribe link at the bottom of the emails you receive from me.
  • Should there be a breach of security, I will inform you within 48 hours of knowledge of this.
  • From 25/05/2018 I will collect hard copies of consent to publish photographs that include participants at my workshops. These could include children. The workshop posts will include the location at which they took place, and occasionally a date may be included. I will not publish any other details of the participants, such as name, age, or address.
  • My blog gets shared on my Facebook page, Instagram and LinkedIn. You can find the links to these pages here.

Consent form for photography copy, can be found here