Send a message to Adam & Charlotte
If you are a publisher, our agent is Penny Holroyde. Penny is at the Holroyde-Cartey Agency and can be contacted via email – email@example.com
Our EU GDPR Statement of Data Protection Compliance
We have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. This document that follows explains how we comply. If you have given us your email address (by emailing us, for example) you should read this to reassure yourself that we are looking after your data extremely responsibly. We value the security of your information extremely highly and will never intentionally breach the rules. However, the rules are designed for organisations and so authors like us are just doing our best to keep up.
Our business is a Limited Company, Guillain & Guillain Ltd. Both company directors are aware of the GDPR.
The information we hold:
Email addresses of people who have emailed us and to whom we have replied – automatically saved in Gmail and iCloud.
We do not share this information with anyone. Ever. If someone randomly asks for another person’s email address, unless both are known closely to me, we always check with the other person first.
We have access to databases of followers on Twitter, Facebook and Instagram. We are the data controllers but not the data processors of these databases – we use strong passwords and two-factor authentication on these sites.
Communicating privacy information
We are taking these steps:
- We have put this document on our website, with a link on the main about menu.
- We have made a link to this document on Twitter.
- We have made a link to this document on Instagram.
- We have made a link to this document on Facebook
On request, we will delete data.
If someone asked to see their data, we would take a screenshot of their entry/entries and send it to them.
For all other databases above, Data Subjects have their own accounts and can move themselves and we will no longer have access to their data which is controlled by the data processor. We understand that the data processor will remove data that is made no longer available to me by the data subject.
Subject access requests
We aim to respond to all requests within 24 hours and usually much sooner.
Lawful basis for processing data
If people have emailed us, they have given us their email address. We do not actively add it to a list but Gmail and iCloud will save it. We will not add it to any database or spreadsheet unless someone asks us to or gives us explicit and detailed permission.
Young people sometimes email us but we don’t know their age unless they tell us – and we only have their word for that. We would not deliberately keep their email address (but Gmail and iCloud would save it in our accounts.) Since we are not “processing” their data, we are not required to ask for parental consent. We reply to the email and don’t contact them again.
Young people can also comment on Facebook, Instagram or Twitter. We don’t know their ages unless they tell us. If they mention their ages we immediately delete their comment. otherwise – not knowing their ages, but maybe guessing, we answer their questions honestly.
We have done everything we can to prevent this, by strongly password-protecting my computer and website as well as Google, Dropbox, Twitter, Facebook and Instagram accounts with two-step authentication. If any of those organisations were compromised we would take steps to follow their advice immediately.
Data Protection by Design and Data Protection Impact Assessments
We have familiarised ourselves with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party and believe that we are using best practice.
Data Protection Officers
We are not a major organisation so we do not need to appoint a Data protection Officer.
Our lead data protection supervisory authority is the UK’s ICO. And after Brexit? Who knows!