Hi everyone. Details below about how I look after the information that you give me when you email me, or leave a note on this website. Please have a read! Holly xx
MY GDPR STATEMENT OF COMPLIANCE
I have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. This document that follows explains how I comply. If you have given me your email address (by emailing me, or leaving a comment on the Leave a note page) you should read this to reassure yourself that I am looking after your data responsibly.
I work by myself, so there is no one else in my organisation to make aware.
The information I hold
Email addresses of people who have emailed me and to whom I have replied – automatically saved in gmail.
Postal addresses of children or parents who have written to me by post. Letters from children are stored securely in my office. When parents or children have emailed me asking for a letter, their emails are automatically saved in gmail, including the address details they have included.
I do not share this information with anyone.
When I’m sent pictures and stories I ask permission before I share them on my website, and I share them with first names only.
The only information I keep deliberately is a list of names that children have suggested for my characters! These are not saved with any identifying details.
I have assistance with the design and upkeep of my website from a design company. They do not share information either.
Communicating privacy information
I have put this document on my website.
I will be adding a link to my contact page.
On request, I will delete emails and addresses from gmail.
Subject access requests
I aim to respond to all requests within 24 hours and usually much sooner.
Lawful basis for processing data
If people have emailed me, they have given me their email address. I do not actively add it to a list but gmail will save it. I will not add it to any database or spreadsheet .
Please ask if you would like me to remove your email or destroy your letter. Otherwise, I will regard this as consent to store the letters and emails I receive.
Young people regularly email me. I do not deliberately keep their email address (but gmail saves it in my account.) Since I am not “processing” their data, I am not required to ask for parental consent. I reply to the emails I receive, but I do not use the email addresses for further contact.
I have done everything I can to prevent this, by strongly password-protecting my computer, my website and my email account. If any of the organisations involved were compromised I would take steps to follow their advice immediately.
Data Protection by Design and Data Protection Impact Assessments
I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.
Data Protection Officers
I have appointed myself as the Data protection Officer.
My lead data protection supervisory authority is the UK’s ICO.