Privacy Policy

In accordance with the requirements of GDPR, here is our privacy policy which is effective from 25th May 2018.


It is our policy to respect your privacy regarding any information we may collect from you or which you may provide to us, in the circumstances set out below. Accordingly, we have developed this privacy policy in order for you to understand how we collect, use, communicate, disclose, safeguard and otherwise make use of your personally identifiable information (“Personal Data”).

We have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. If you have given us your email address or other Personal Data (by emailing, subscribing to the website, entering a competition, buying books via our website, or providing your email at one of our events for example) you should read this to reassure yourself we are looking after your data responsibly. We value the security of your information and will never intentionally breach the rules.

We will only collect and use your Personal Data where:
         We have lawful grounds to do so, including to comply with our legal obligations;
         We are performing a contract with you for our services; and
     We have legitimate interests in using your Personal Data and your interests and fundamental rights do not override those interests.

For the purposes of the EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”), the Exeter Writers group is the “data controller”. If you have any questions about this policy or about how we use your Personal Data, please contact us via the contact details at the end of this policy.

This policy is effective as of May 2018. We review our privacy practices on an ongoing basis, and as such we may change this privacy policy from time to time. Please check this page frequently to ensure you are familiar with its current content.

1.       Personal Data we collect via our website exeterwriters.org.uk (the “Website”) or by other means

We only collect Personal Data where you choose to interact with us on the Website or by other means in the following ways:

Activity
Types of Personal Data Collected
When you become a member of EW
First name and last name
Email address and postal address
Phone number
Social media links
When you choose to get in touch via the contact page of http://www.exeterwriters.org.uk/
Name
Email address
When you enter our short story competition
Name
Email address
Postal address
PayPal or bank account details
When you buy a book directly from our website
Name
Email address
Postal address
PayPal or bank account details
When you have given us your email address during written or verbal communication
Name
Email address

2.       Use of your Personal Data
We will only use your Personal Data when the law allows us to. Most commonly, we use your Personal Data to:
         process and manage your use of our website;
         respond to your questions, comments and requests;
         manage our short story competition and communicate the results;
         where you have opted-in to receive marketing from us, deliver communications that are relevant to your preferences / may be of interest to you;
         improve our services and Website through analysis of information.

3.       Sharing of your Personal Data
We take your privacy seriously and will not share your Personal Data with others, except as permitted by applicable law or as set out below:
We share Personal Data as necessary with third parties who provide services or functions on our behalf and who require the information to provide those specific services to us. Please note that we have appropriate data privacy safeguards in place with third parties with whom we share Personal Data as described above and who are providing services or functions on our behalf.

4.       Keeping your Personal Data secure
We have implemented security policies and technical measures to safeguard the Personal Data we collect. We maintain physical, electronic and procedural safeguards that comply with applicable law, including the GDPR, to safeguard Personal Data from accidental loss, destruction or damage and unauthorised access, use and disclosure.
We have done everything we can to prevent data breaches, by strongly password-protecting the computers used, Mailchimp, Google and Dropbox accounts. If any of those organisations were compromised, we would take steps to follow their advice immediately.

5.       Retention periods for use of your Personal Data
We will use and store your Personal Data only for as long as necessary, bearing in mind the uses of your Personal Data as described in this privacy policy and otherwise as communicated to you. We review the Personal Data we hold at regular intervals and delete permanently or anonymise any Personal Data which is no longer necessary.

6.       Children
This Website and our services are aimed at adults, and we do not knowingly collect any Personal Data relating to children aged under 18 years old. If you are under the age of 18, please do not provide us with any of your Personal Data, including your email address.

7.       Access to and control over your Personal Data
You have legal rights under applicable law in relation to your Personal Data. You can ask the following questions, or take the following actions, at any time by contacting us via email or via our postal address, both of which are given at the end of this document:
• see what Personal Data we hold about you (if any), including why we are holding it and who it could be disclosed to;
• ask us to change/correct your Personal Data;
• ask us to delete your Personal Data;
• object to the processing of your Personal Data;
• ask us to restrict the processing of your Personal Data;
• withdraw any consents you have given us to the processing of your Personal Data; and
• express any concerns you have about third parties’ use of your Personal Data.
If you asked to see your data, we would take a screenshot of your entry/entries.
8.       Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to have an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.

9.       Data protection by design and data protection impact assessments
We have familiarised ourselves with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe we are using best practice.

10.   Data protection officers
We are not a major organisation, so we do not need to appoint a Data Protection Officer.

11.   International
Our lead data protection supervisory authority is the UK’s ICO.

12.   Communicating This Policy
We are taking the following steps:
We have put this document on the website.
We have contacted members of our database and reminded them of what they signed up to, alert them to any changes and remind them they can unsubscribe at any time and their data will be deleted.
Once we have contacted you with a reminder about the T&C of our holding your data, we regard this consent as confirmed for a year, or until you ask us to remove the data. We have never harvested email addresses, nor would we. Anyone on our list has contacted us either through the website or in person.
Consent is not indefinite, so we will make sure we remind you annually that you can unsubscribe or ask for your data to be removed.

13.   Contact Us
Please direct any questions for the attention of the Exeter Writers Chair and Secretary in the first instance.
Email for Privacy Questions: exeterwriters@gmail.com