From the first point of enquiry with Katie Lingo, your data will be treated sensitively, privately and in accordance with General Data Protection Regulation laws. Katie Lingo’s registered office is 21, Springfield Close, York, YO31 1LD. I am registered as a data controller with the Information Commissioner’s Office under registration number ZA397111.
The type of data I collect
I collect only the information that my website visitors/clients provide me with, which is usually:
- Full name
- Job title
- Business email address
- Business telephone number
Please note I do not collect any information on race, gender, religion, sexual orientation, organisation memberships or medical information. This is not relevant to my business and any information pertaining to this as provided by those who communicate with me will be destroyed.
Data processors and controllers
When you sign up to services with Katie Lingo, you are giving me access to personal information such as your name, email address and/or telephone number. Therefore, as the recipient of this data I can be classed as the data processor, as I process data on your behalf, and you would be the data controller.
Your personal data is used for:
- Communications between the data processor and controller
- Research for content marketing services, for example I may need to search for your company based upon a business address you have given me
Data is stored within a secure email network as operated by 1and1.
How your data is processed prior to agreeing a work contract
Those enquiring about my services can get in touch with me via email at firstname.lastname@example.org, via mobile at 07447233094 or via contact form. Any communications via social media will be classed as information that is in the public domain and therefore any profile names/handles etc. will not classify as ‘personal’ data.
When contacting me through a contact form, your personal details are sent to the abovementioned email address. These are then stored indefinitely and are classed as legitimate business interest as you, the data controller, have made the enquiry. Therefore it is lawful for me to contact you on the grounds that you have given consent by enquiring about my business. The same rules apply if you contact me via telephone or email; your details are stored and I will use these to contact you only in regard to forthcoming projects.
Please note, your name will not be added to any mailing lists, nor will any of your personal details, under any circumstances, be passed on to third parties. Your privacy is of paramount importance.
Working with agencies or handling third party data
Occasionally I work with agencies or other small businesses who may have to engage a third party in our communications. For example, an agency may have a copywriting brief for me on behalf of a client, or a small business owner might advise that I speak to an associate to assist with an article.
In these cases, when the processing of a third party’s personal data is required, you as data controller are also data processor for the third party personal data you are handling. This means that you are responsible for ensuring that the person whose details you are giving to me has given you his/her consent – it is your responsibility under GDPR to ensure you have consent to pass me this information. When using third party information to facilitate my work, for example seeing a client’s email address in a content brief, I cannot be responsible for the client’s consent to me having this information. All content briefs are stored indefinitely and can be deleted or retrieved upon request from my clients. Only data which has been previously provided to me by my client can be retrieved.
Cookies and Google Analytics
When you first visited this website, you will have seen a prompt to warn you that cookies are used on this website. It will also have asked you for your consent.
This is not the case for Katie Lingo. The information collected by Google Analytics is for trends only and in no way can be used to identify individuals.
Under GDPR law, Google have created a ‘data retention’ policy which allows webmasters to set their Google Analytics data to automatically expire after a given period of time. This can be set to ‘do not expire’, however I have chosen to retain data for 26 months.
Please note, under GDPR, you can now choose to have your user information deleted from Google Analytics. You can find out more about the user deletion tool here.
Recalling your data
Under GDPR, you are within your rights to ask for your data to be deleted and/or retrieved. I will honour all of these requests as I store all personal data provided to me over email indefinitely. You may also ask how this data has been used, how it was obtained and for how long it will be kept on record. I will respond to these requests within the timeframes set by the GDPR.
Occasionally I use Google AdWords marketing, which can also use tracking cookies to retarget website visitors at a later date. This would class as sending data to a third party. As of 23/05/2018, I do not use retargeting with Google AdWords.
Very occasionally I will seek the help of other individuals to help with projects, for example, web development. If I have to consult these individuals, I will always obtain your consent beforehand if I need to pass on your personal details, for example adding you to an email conversation.
As part of my ongoing commitment to your privacy and to conform to the laws of GDPR, I promise to:
- Retain only the personal data that I have been given with consent
- Update this personal data when it is needed
- Communicate only with those who have given me consent to do so (this does not include individuals/bodies whose contact details are in the public domain, for example if I have to email a charity about a quote for an article)
- Disclose to you how your information is being used
- Delete data on your request
- Delete Google Analytics data after 26 months
- Store data in secure systems such as email networks and use secure contact forms on a domain with a valid SSL certificate
- Ensure your data is never ‘leaked’ to third parties