We have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. If you have given us your email address or other Personal Data (by emailing, subscribing to the website, entering a competition, buying books via our website, or providing your email at one of our events for example) you should read this to reassure yourself we are looking after your data responsibly. We value the security of your information and will never intentionally breach the rules.
We will only collect and use your Personal Data where:
• We have lawful grounds to do so, including to comply with our legal obligations;
• We are performing a contract with you for our services; and
• We have legitimate interests in using your Personal Data and your interests and fundamental rights do not override those interests.
For the purposes of the EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”), the Exeter Writers group is the “data controller”. If you have any questions about this policy or about how we use your Personal Data, please contact us via the contact details at the end of this policy.
1. Personal Data we collect via our website exeterwriters.org.uk (the “Website”) or by other means
We only collect Personal Data where you choose to interact with us on the Website or by other means in the following ways:
Types of Personal Data Collected
When you become a member of EW
First name and last name
Email address and postal address
Social media links
When you choose to get in touch via the contact page of http://www.exeterwriters.org.uk/
When you enter our short story competition
PayPal or bank account details
When you buy a book directly from our website
PayPal or bank account details
When you have given us your email address during written or verbal communication
2. Use of your Personal Data
We will only use your Personal Data when the law allows us to. Most commonly, we use your Personal Data to:
• process and manage your use of our website;
• respond to your questions, comments and requests;
• manage our short story competition and communicate the results;
• where you have opted-in to receive marketing from us, deliver communications that are relevant to your preferences / may be of interest to you;
• improve our services and Website through analysis of information.
3. Sharing of your Personal Data
We take your privacy seriously and will not share your Personal Data with others, except as permitted by applicable law or as set out below:
We share Personal Data as necessary with third parties who provide services or functions on our behalf and who require the information to provide those specific services to us. Please note that we have appropriate data privacy safeguards in place with third parties with whom we share Personal Data as described above and who are providing services or functions on our behalf.
4. Keeping your Personal Data secure
We have implemented security policies and technical measures to safeguard the Personal Data we collect. We maintain physical, electronic and procedural safeguards that comply with applicable law, including the GDPR, to safeguard Personal Data from accidental loss, destruction or damage and unauthorised access, use and disclosure.
We have done everything we can to prevent data breaches, by strongly password-protecting the computers used, Mailchimp, Google and Dropbox accounts. If any of those organisations were compromised, we would take steps to follow their advice immediately.
5. Retention periods for use of your Personal Data
This Website and our services are aimed at adults, and we do not knowingly collect any Personal Data relating to children aged under 18 years old. If you are under the age of 18, please do not provide us with any of your Personal Data, including your email address.
7. Access to and control over your Personal Data
You have legal rights under applicable law in relation to your Personal Data. You can ask the following questions, or take the following actions, at any time by contacting us via email or via our postal address, both of which are given at the end of this document:
• see what Personal Data we hold about you (if any), including why we are holding it and who it could be disclosed to;
• ask us to change/correct your Personal Data;
• ask us to delete your Personal Data;
• object to the processing of your Personal Data;
• ask us to restrict the processing of your Personal Data;
• withdraw any consents you have given us to the processing of your Personal Data; and
• express any concerns you have about third parties’ use of your Personal Data.
If you asked to see your data, we would take a screenshot of your entry/entries.
8. Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to have an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
9. Data protection by design and data protection impact assessments
We have familiarised ourselves with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe we are using best practice.
10. Data protection officers
We are not a major organisation, so we do not need to appoint a Data Protection Officer.
Our lead data protection supervisory authority is the UK’s ICO.
12. Communicating This Policy
We are taking the following steps:
We have put this document on the website.
We have contacted members of our database and reminded them of what they signed up to, alert them to any changes and remind them they can unsubscribe at any time and their data will be deleted.
Once we have contacted you with a reminder about the T&C of our holding your data, we regard this consent as confirmed for a year, or until you ask us to remove the data. We have never harvested email addresses, nor would we. Anyone on our list has contacted us either through the website or in person.
Consent is not indefinite, so we will make sure we remind you annually that you can unsubscribe or ask for your data to be removed.
13. Contact Us
Please direct any questions for the attention of the Exeter Writers Chair and Secretary in the first instance.
Email for Privacy Questions: email@example.com