GDPR and Brexit #2 – Privacy Policy For Authors

GDPR is a big deal and 2 years ago I wrote a post around helping people to become compliant. With the added complication of Brexit, I thought it was time to revisit that post.

GDPR (General Data protection Regulation) will affect everybody that deals with an EU (European Union) citizen, whether or not they themselves operate in the EU. In practice, this means that there will be no change if you, for example, have a mailing list with readers from within the EU, even if you live in the UK and are no longer an EU citizen.

***Disclaimer *** I am not a lawyer, or an expert in this field. I am just someone that has done some research and asked a lot of questions. The following information is just my guide, and I advise you to do your own research on this topic if you haven’t already. Nothing in this post should be considered as legal advice.

One of the first things you can do towards becoming compliant is take a close look at how you tell your readers what you’ll do with their data. In many countries (including the UK and United States), websites are required by law to disclose the information they collect about their visitors and how this information is used. You must let them know who you are and how you intend to use their information. This is usually done through a privacy notice (you should see examples of this on most company websites). You need to explain your lawful basis for processing the data, how long you’ll retain their data, and that they have a right to complain to the relevant authority in their country e.g. to the Information Commissioners Office (ICO) in the UK, if they think there is a problem with the way you are handling their data. 

In short, you should be able to show that you are taking every precaution with your reader’s data.

  • Privacy Policy

Below is my privacy policy. Please feel free to use it, but please make sure to adapt it  to make it relevant to your own site and circumstances.

Privacy Policy

GDPR privacy Policy

For some, reaching full compliance may be more difficult than others, which is why itgovernance.co.uk suggest having a privacy policy visible anywhere you collect personal information, to show you are making an effort to comply.

A privacy notice is a public statement of how your organisation applies data protection principles to processing data. It should be a clear and concise document that is accessible by individuals. – itgovernance.co.uk

I start by including my contact details, name, address, email address. This is something that should be on the bottom of any mail outs you currently send anyway.

Next up, is the introduction:

About this Policy

This policy explains when and why I collect personal information about people who use this website, how it is used and how it is kept secure.

It is written in line with EU General Data Protection Regulations (GDPR), replacing the previous Data Protection Regulations of 1995. Read an overview of GDPR.

All quite straightforward, but it does set out what I am doing, and why the policy is here.

What type of information will be collected from you?

This website uses cookies (see below) to collect information about visits, including pages visited, landing page, country the page is being accessed from, etc. This information is used for statistical analysis purposes only. A cookie in no way grants access to your computer or any information about you, other than the data you choose to share. You can choose to accept or decline cookies.

This information is used by Wix analytics, which records and reports user interactions on Wix customer websites (such as this one). For more information read the Wix Privacy Policy and the Wix statement on GDPR.

If you choose to opt in to receive my regular newsletter, the ‘Subscribe’ form requests a first name and an email address where I can send this newsletter and/or your free book. This information is collected by the provider of this service, Mailchimp, and is held on their servers, in line with their own Privacy Policy

The blog will collect details of people that leave comments, and this is provided by WordPress in line with their Privacy Policy.

You will probably have others. For example, you may use Google Analytics to capture statistical information. You may have a contact form where you collect comments and email addresses.

Spend some time thinking about all the ways in which you could be collecting information from your readers.

Who has access to this information?

This information is not held locally, but is held on the servers of the email list provider, Mailchimp, in accordance with their own Privacy Policy.

This information is used to send out a newsletter to the subscribers of that list.

This information will not be shared with third parties for advertising or marketing purposes.

This is the case for me, but does the information you collect go anywhere else? Do you use it for advertising campaigns? Twitter / Facebook campaigns?

How is your information used?
Your information will be used to:

Send you information that you have expressed an interest in receiving (Newsletter). This newsletter could include:
* Updates on what I am currently working on
* Details on existing and upcoming offers
* Information on new and upcoming projects
* Selected posts from my blog
* Free and reduced-price ebook deals
* Opportunities to get involved
Respond to comments and questions made through the website Contact Form.

This bit is important:

Personal data must be collected for ‘specified, explicit and legitimate purposes’ according to the GDPR.

What exactly is it that you are going to use the data for? Is it for email marketing? Newsletter? Responding to comments?

Part of being specific is ensuring that, where you are asking for consent as legal basis for processing, the purposes for processing are not confused and muddled together into one all encompassing checkbox. – Ecoconsultancy.com

So if people give you an email address in return for a free book, do they know what else they could be getting from you, for example? GDPR takes a granular approach, meaning individuals should be able to opt in to the bits they want, and not the others. For example, readers should be able to sign up to receive your free book offer, but opt-out of receiving your newsletter.

Third Party Service Providers

Any third party service you choose to use may be a data controller of your personal data. I advise you to familiarise yourself with their privacy policies before using any of their services. These policies are linked below.

Wix

This website is provided through Wix.
Wix’s Privacy Policy can be viewed HERE.
You can read Wix’s commitment to GDPR HERE.

WordPress
The Blog page is provided by WordPress.
You can read the WordPress Privacy Policy HERE.

Mailchimp
The mailing list provider that is used to send my newsletters.
You can read their privacy policy HERE.

Instafreebie
Instafreebie provides regular giveaways of ebooks, some of which you will learn about in my monthly newsletter. All giveaway links used in the newsletter are handled directly by Instafreebie. Read their GDPR compliancy statement,and their Privacy Policy.

​Bookfunnel
Bookfunnel provides services for safe and secure download of some of my books. Read their Privacy Policy.

Miscellaneous giveaways
Any other links to giveaways are handled directly by the relevant organising author(s), and I advise you to familiarise yourself with any relevant policies on those sites.

This list may be updated as new providers come on board, and this page will change to reflect that. Please check back for further details.

This list could be quite lengthy for some of you, I imagine. Some of you are a lot farther along in your writing career than I am. Spend some time thinking of all the 3rd parties that you use in selling / promoting  your books. It should be straightforward to find privacy policies for each of them, using the power of Google.

Those of you that use Instafreebie may already have noticed that they have removed the mandatory opt-in giveaways, so no more email address-for-book giveaways. People should be able to get your book without giving their email address to the author. They also encourage all authors to change their giveaways to optional opt-ins.

Links to other websites

Authorsteveboseley.wordpress.com may contain links to other websites run by other organisations / authors. This privacy policy applies only to this website‚ so I encourage you to read the privacy statements on the other websites you visit. I cannot be responsible for the privacy policies and practices of other sites even if you access them using links from this website.

 Your Choices

You have a choice about whether or not you wish to receive information from me. You will only receive contact from me if you get in touch using the form on the ‘Contact’ page, or if you select the check box to receive monthly newsletter updates when subscribing from one of the ‘Subscribe’ links

The first part here is basically a disclaimer, to say that I’m not responsible for other websites that people may find themselves on, via my website.

The second part relates to opting in to receive my monthly newsletter, as well as / instead of the free offer book. 

Use of ‘cookies’

Like many other websites, authorsteveboseley.wordpress.com uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. This helps me to improve this website and deliver a better, more personalised service.

For more information on cookies and how you can change your preferences, please visit http://www.aboutcookies.org/

GDPR cookie consent

As previously mentioned, Cookies can be considered personal data, according to cookielaw.org. An individual should have the right to accept some cookies and decline others. What I have suggested in my policy is currently the best I can offer. It is not compliant to simply tell a site visitor that they can alter their cookie preferences in their browser. I have visited several sites recently that have excellent cookie preference options. WordPress has several cookie consent plugins (paid site only) but there are also free solutions such as this one from Legal Monster, or this one from cookiebot.

To see if your site is compliant, you can visit cookiebot.com and enter your website details.

Here is a full and complete rundown of the complicated cookie consent issue.

Here’s another article with more info from DMNews.

Here is a site with a cookie consent solution or Cookiebot.

***Edit*** I’ve just come across THIS FREE consent software. Not tried it yet – let me know if you do. I notice it’s also listed HERE . **2021 update** Try this free cookie policy provider from Legal Monster

Under 16

I am concerned to protect the privacy of individuals under the age of 16. If you are under 16 years of age, please get the permission of your parent or guardian before making use of some of the facilities on this site and sharing personal information.

 Additional

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while I strive to protect your personal information, I cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

 Review of policy

This policy will be regularly reviewed. Date of last review: September 2020.

I finish off with a section on protecting under 16s and a final disclaimer about sharing information over the internet. The policy will be reviewed annually, and a visitor will be able to see when it was last reviewed.

Phew. And breathe.

If you want to see what it looks like over on my website, check it out.

If you don’t like my privacy notice at all, you can look at some other excellent templates:
Book Cave
Self Publishing Review
Termsfeed

As I mentioned at the start, I am not a lawyer and the above advice should not be considered as legal advice in any way.

I am keen to say, however, that I am learning as I go, and any comments you have to make about what I have written would be greatly appreciated. If you have anything you think should be added / ommitted, please let me know in the comments. 

person thinking

My Question to you:

Have I driven you to drink yet?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s