Privacy Policy / GDPR

I, like thousands of other writers, have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules, and am completely baffled by the whole thing! Still, personal data is important, so this is my statement that explains how I collect, store, and process data.

I am a sole trader. There is just me. Only me. I’ve had to read up about GDPR and then brief myself on the subject. I operate this website:

Information I hold:
– Email addresses of people who have emailed me and to whom I have replied – this data is captured by my email program and stored on my computer and shared via my password-protected iCloud account to my other devices (smartphone/tablet/laptop). These devices are all password/fingerprint activated and only I have access to this data.
– If you contact me via the Contact Form on this website, the WordPress software I use stores a copy of your email address on their servers and forwards a copy to me. WordPress takes steps to keep its servers secure.
– Email addresses and names of people who have signed up to my mailing lists via the opt-in link on my websites. Email addresses collected by my News from the Welsh Borders mailing list are stored and processed by Mailerlite. Ways to opt out are available at the bottom of every newsletter that I send out (which isn’t that frequent). Email addresses collected by my Business of Writing newsletter are stored and processed by Substack.
– I have access to databases of followers on Twitter, Facebook, Instagram, Threads and LinkedIn. I am the data controller but not the data processor of these databases – I use strong passwords and two-factor authentication on these sites.
– My WordPress website holds a database of followers. This is held and run by Automatic with their JetPack plugin, which I believe to be fully compliant. I am not the data processor. Automatic has a privacy statement here.

Communicating privacy information

  • I have put this document on my website.
  • I have added a link to my contact page.
  • All newsletters issued contain reminders about how subscribers can unsubscribe/opt out of receiving future communications (which will also delete their data from these systems).

Individuals’ rights
On request, I will delete data. If you unsubscribe yourself from the Mailerlite or Substack mailing lists, their data is automatically deleted.

Subject access requests
I aim to respond to all requests within 48 hours and usually much sooner, although please bear in mind … I do go away sometimes and don’t always have access to the Internet. I will always respond as soon as is practically possible. (Please remember – I’m a sole trader. There’s just me. If I’m running a weekend workshop I may not get a chance to look at your request until I’m back at my office desk. But I will action your deletion request as soon as I can, and confirm it in writing.)

Lawful basis for processing data
If people have emailed me, they have given me their email addresses (usually so that I can respond to them). As stated above, my email program automatically saves this data and stores it on my iCloud account. If people have opted into my mailing lists (by subscribing) they have actively opted in, in the knowledge that they will receive occasional emails. Followers of my WordPress Website have opted in and are given unsubscribe reminders with each email.

Data breaches
I have done everything I can to prevent this, by strongly password-protecting my computer and website as well as my Mailerlite, Substack, Google, Twitter, and Meta accounts with two-step authentication. If any of those organisations were compromised I would take steps to follow their advice immediately.

Data Protection Officers
I am not a major organisation so I do not need to appoint a Data Protection Officer.

My lead data protection supervisory authority is the UK’s Information Commissioner’s Office.

Basically, if you have any queries or concerns, please get in touch, but bear in mind when doing so you are giving me your email address so that I can get back in touch with you. I will deal with any request concerning your data as quickly as possible.

Thank you!

(Updated February 2024)