The General Data Protection Regulations (GDPR) Own Your Life Writing C.I.C. Policy

1) Under the GDPR individuals have the right to be informed about how their Personal Data is being processed. The Regulation clearly stipulates that this must be done in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.

2) The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) aims to harmonise data protection legislation across EU member states, enhancing the privacy rights for individuals. It applies to organisations processing Personal Data which have an establishment within the EU and also those organisations which operate outside the EU but offer goods or services to, or monitor the behaviour of, individuals in the EU. The GDPR is applicable from 25 May 2018.

3) Overall the GDPR provides the following rights for individuals, many of which apply whatever the basis of processing, although there are some exceptions:

a. The right to be informed how Personal Data is processed (Article 13)

b. The right of access to their Personal Data (Article 15)

c. The right to rectification (Article 16)

d. The right to erasure (Article 17)

e. The right to restrict processing (Article 18)

f. The right to data portability (Article 20) g. The right to object (Article 21)

h. Rights in relation to automated decision making and profiling (Article 22)

4) The GDPR sets out six lawful grounds for processing, and these are set out in Article 6.1 as follows:

a. CONSENT – the individual has given their Consent to the processing of their Personal Data.

b. CONTRACTUAL – processing of Personal Data is necessary for the performance of a contract to which the individual is a party or for the Controller to take pre-contractual steps at the request of the individual.

c. LEGAL OBLIGATION – processing of Personal Data is necessary for compliance with a legal obligation to which the Controller is subject.

d. VITAL INTERERSTS – processing of Personal Data is necessary to protect the vital interest of the individual or of another individual.

e. PUBLIC TASK – processing of Personal Data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

f. LEGITIMATE INTERESTS – processing is necessary under the Legitimate Interests of the Controller or Third Party, unless these interests are overridden by the individual’s interests or fundamental rights.

5) In addition to ‘Consent’ the options under which Own Your Life Writing C.I.C. can operate as a business allows the application of either (or both) of ‘Contractual’ and ‘Legitimate Interests’. Of these Own Your Life Writing C.I.C. has decided that the lawful ground of ‘Contractual’ best fits the business model.

WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

names

phone numbers

email addresses

mailing addresses

billing addresses

debit/credit card numbers

Sensitive Information. We do not process sensitive information.

Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by Squarespace. You may find their privacy notice link(s) here: https://www.squarespace.com/privacy.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We process the personal information for the following purposes listed below. We may also process your information for other purposes only with your prior explicit consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.

To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.

To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.

To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.

To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.

To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.

WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.

Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.

Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at becky@ownyourlifewriting.com.