Privacy Policy
In accordance with the requirements of GDPR, here is our privacy policy which is effective from 25th May 2018.
It is our policy to respect your privacy regarding any information we may collect from you or which you may provide to us, in the circumstances set out below. Accordingly, we have developed this privacy policy in order for you to understand how we collect, use, communicate, disclose, safeguard and otherwise make use of your personally identifiable information (“Personal Data”).
We have read the Information Commissioner’s Office guidelines
for compliance with the new General Data Protection Regulation (GDPR) rules. If
you have given us your email address or other Personal Data (by emailing, subscribing
to the website, entering a competition, buying books via our website, or providing
your email at one of our events for example) you should read this to reassure
yourself we are looking after your data responsibly. We value the security of
your information and will never intentionally breach the rules.
We will only collect and use your Personal Data where:
•
We
have lawful grounds to do so, including to comply with our legal obligations;
•
We
are performing a contract with you for our services; and
• We
have legitimate interests in using your Personal Data and your interests and
fundamental rights do not override those interests.
For the purposes of the EU General Data Protection Regulation
((EU) 2016/679) (“GDPR”), the Exeter Writers group is the “data
controller”. If you have any questions about this policy or about how we use your
Personal Data, please contact us via the contact details at the end of this
policy.
This policy is effective as of May 2018. We review our
privacy practices on an ongoing basis, and as such we may change this privacy
policy from time to time. Please check this page frequently to ensure you are
familiar with its current content.
1.
Personal Data we collect via our
website exeterwriters.org.uk (the “Website”) or by other means
We only collect Personal Data where you choose to interact
with us on the Website or by other means in the following ways:
Activity
|
Types of Personal Data Collected
|
When you become a
member of EW
|
First name and last
name
Email address and
postal address
Phone number
Social media links
|
When you choose to
get in touch via the contact page of http://www.exeterwriters.org.uk/
|
Name
Email address
|
When you enter our
short story competition
|
Name
Email address
Postal address
PayPal or bank
account details
|
When you buy a
book directly from our website
|
Name
Email address
Postal address
PayPal or bank
account details
|
When you have
given us your email address during written or verbal communication
|
Name
Email address
|
2.
Use of your Personal Data
We will only use your Personal Data when the law allows us
to. Most commonly, we use your Personal Data to:
•
process
and manage your use of our website;
•
respond
to your questions, comments and requests;
•
manage
our short story competition and communicate the results;
•
where
you have opted-in to receive marketing from us, deliver communications that are
relevant to your preferences / may be of interest to you;
•
improve
our services and Website through analysis of information.
3.
Sharing of your Personal Data
We take your privacy seriously and will not share your
Personal Data with others, except as permitted by applicable law or as set out
below:
We share Personal Data as necessary with third parties who
provide services or functions on our behalf and who require the information to
provide those specific services to us. Please note that we have appropriate
data privacy safeguards in place with third parties with whom we share Personal
Data as described above and who are providing services or functions on our
behalf.
4.
Keeping your Personal Data secure
We have implemented security policies and technical measures
to safeguard the Personal Data we collect. We maintain physical, electronic and
procedural safeguards that comply with applicable law, including the GDPR, to
safeguard Personal Data from accidental loss, destruction or damage and
unauthorised access, use and disclosure.
We have done everything we can to prevent data breaches, by
strongly password-protecting the computers used, Mailchimp, Google and Dropbox
accounts. If any of those organisations were compromised, we would take steps
to follow their advice immediately.
5.
Retention periods for use of your
Personal Data
We will use and store your Personal Data only for as long as
necessary, bearing in mind the uses of your Personal Data as described in this
privacy policy and otherwise as communicated to you. We review the Personal
Data we hold at regular intervals and delete permanently or anonymise any
Personal Data which is no longer necessary.
6.
Children
This Website and our services are aimed at adults, and we do
not knowingly collect any Personal Data relating to children aged under 18
years old. If you are under the age of 18, please do not provide us with any of
your Personal Data, including your email address.
7.
Access to and control over your
Personal Data
You have legal rights under applicable law in relation to
your Personal Data. You can ask the following questions, or take the following
actions, at any time by contacting us via email or via our postal address, both
of which are given at the end of this document:
• see what Personal Data we hold about you (if any),
including why we are holding it and who it could be disclosed to;
• ask us to change/correct your Personal Data;
• ask us to delete your Personal Data;
• object to the processing of your Personal Data;
• ask us to restrict the processing of your Personal Data;
• withdraw any consents you have given us to the processing
of your Personal Data; and
• express any concerns you have about third parties’ use of
your Personal Data.
If
you asked to see your data, we would take a screenshot of your entry/entries.
8.
Change of purpose
We will only use your Personal Data for the purposes for
which we collected it, unless we reasonably consider that we need to use it for
another reason and that reason is compatible with the original purpose. If you
wish to have an explanation as to how the processing for the new purpose is
compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated
purpose, we will notify you and will explain the legal basis which allows us to
do so.
9.
Data protection by design and data
protection impact assessments
We have familiarised ourselves with the ICO’s code of
practice on Privacy Impact Assessments as well as the latest guidance from the
Article 29 Working Party, and believe we are using best practice.
10.
Data protection officers
We are not a major organisation, so we do not need to appoint
a Data Protection Officer.
11.
International
Our lead data protection supervisory authority is the UK’s
ICO.
12.
Communicating This Policy
We are taking the following steps:
We have put this document on the website.
We have contacted members of our database and reminded them
of what they signed up to, alert them to any changes and remind them they can
unsubscribe at any time and their data will be deleted.
Once we have contacted you with a reminder about the T&C
of our holding your data, we regard this consent as confirmed for a year, or
until you ask us to remove the data. We have never harvested email addresses,
nor would we. Anyone on our list has contacted us either through the website or
in person.
Consent is not indefinite, so we will make sure we remind you
annually that you can unsubscribe or ask for your data to be removed.
13.
Contact Us
Please direct any questions for the attention of the Exeter Writers Chair and Secretary in the first instance.
Email for Privacy Questions: exeterwriters@gmail.com