Introduction
William Cornelius Harris Publishing (W.C.H.P) takes your privacy seriously. We are committed to protecting your personal information. New data protection legislation, known as General Data Protection Regulations {GDPR) come into effect in May 2018. W.C.H.P already takes great care with your data and ensures that all your personal information is held securely, fairly, and only ever used for the purposes for which you have given it to us.
However, we are taking steps to ensure that we ‘go the extra mile’ in line with the new legislation, which is designed to make sure that your data is used in a clear, transparent, and fair way. This policy sets out how W.C.H.P uses the information that you provide us with in order to help further our work in building community and supporting vulnerable people.
This policy forms a key part of how we work with people’s personal information at William Cornelius Harris Publishing. We also have a more practical set of guidelines and internal processes for staff and volunteers, and regular training to ensure that staff understand.
Tern of Services
updating to take into account the new General Data Protection regulation
What personal data we collect and why we collect it
Handling Information: Our Principles
We sets out our privacy policy as a whole, focusing on the specific and most common uses of data at WCHP at present. As time goes on, the information, and how we will use it will change, and the policy will need to adapt. Therefore, we want to start by setting out our general principles of data use and privacy:
- We will not unduly prioritise our interests over your interests as an individual – we will always balance our interests (needs) with your rights
- We will only use personal information in a way, and for a purpose, that you would reasonably expect in accordance with this Policy
- We will always act with fairness, transparency, equity and in good faith
- We will always recognise the trust you have put in us by sharing any of your personal data – and that even accidental misuse or mishandling of your data could have serious effects on individuals
About GDPR
What the Law says about protection of personal information
The Law on Data Protection is derived from various pieces of legislation (which can be found in a number of places). These include the Data Protection Act and the General Data Protection Regulation (the ‘GDPR’) which became enforceable from May 2018. The GDPR states that personal data (information relating to a person that can be individually identified) can only be processed if there is a legal ground to do so. Activities like collecting, storing and using personal information would fall into the GDPR’s definition of processing. The GDPR provides six legal grounds (reasons) under which personal information can be processed (used) in a way that is lawful. For the processing to be permitted by law (lawful), at least one of the legal grounds must apply.
The six legal grounds relevant to William Cornelius Harris Publishing’ use of your personal information are:
- Consent
- Vital Interests
- Public Task
- Legitimate Interest
- Contract
- Legal Obligation
How the law applies to William Cornelius Harris Publishing use of personal information
We will only process (use) your personal information when we have:
- Order processing, refund, returns,delivery address
- asked you and have a record of your express and recent consent for us to do so;
- a ‘Legitimate Interest’ to do so in order to support our charitable mission, or to provide you with help or support you have requested
- a contract with you that we can only fulfil by using your personal information – this would include your making applications to volunteer or work with us, or supply of a service
- a legal obligation to use or disclose information about you, e.g. we are required by law to keep records of gifts that are given to us with Gift Aid for 4 years, and we are compelled to disclose information relating to safeguarding incidents
- there is a vital interest in doing so – your life or someone else’s is in danger. This could also apply in the case of safeguarding issues
- on occasion, to undertake a public task
There are times when it is not practical to obtain and record consent – if we asked for your consent every single time you spoke to us, this would be impractical for you and us! At those times, we will only process personal information if that processing would meet another legal ground e.g. Legitimate Interests, in which case we would only process in accordance with the law’s strict rules on legitimate interest processing.
Below we have set out some ways we use your data in accordance with the above, so you can see clearly what we do, and why.
Your Information – what we collect and how we use it
WCHP collects information from the public in a number of different ways. To help you understand this, we have set out the most common uses.
We collect names addresses, contact details for order processing ie delivery, returns and product request
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
Keeping in touch via email
We regularly send out emails like newsletters or announcements. Some emails that we send you have no tracking in at all e.g. service emails with invoices attached. Other emails we send we can track whether the user has opened and clicked on the email. We don’t use this information at a personal level -we just use it to understand open and click rates on our emails to try and improve them. If nobody opens an email, we go back to the drawing board on what to include in future. If you want to be sure that none of your email activity is tracked then you should opt out of our emails which you can do via the unsubscribe link at the bottom of every email we send.
We use an industry standard email tool, MailChimp, to send bulk emails. Mailchimp’s servers are in the US, so you need to be aware that in principle, when you sign up to a newsletter, your information is being stored in the US. Again, this is in common with many other websites across the world.
Mailchimp have rigorous privacy and data protection policies, have readied themselves for GDPR, and are signed up to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
You can see their data protection policy here:
GDPR Compliance
Database
Our user database is stored ‘in the cloud’ (that means it isn’t stored on our own computers, but with a larger company in a secure internet ‘data warehouse’). This is generally much safer for small companies, helping us avoid hacking, viruses, and so on.
Cookies
Because cookies are such an integral part of the internet, we assume you consent to cookies by using our site. However, you can always choose to remove or refuse them.
Cookies are little bits of information stored in your browser (Chrome, Firefox, Edge, etc) to make browsing between pages in a site work better, or to make sure a site remembers you when you come back. Most websites use them – without cookies, pages tend to be quite limited in what they can do.
We use two specific types of cookies on our website:
- Session cookies, which are temporary cookies that remain the cookie file of your computer until you close your browser (at which point they are deleted); and
- Persistent or stored cookies that remain permanently on the cookie file of your computer.
We will use the session cookies to keep the continuity of your session while you navigate the website (eg. so that if you click an action on one page, the next page knows what action has been taken). We will use the persistent cookies to enable our website to recognise you when you return to the site.
We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated related to our website is used to create reports about the use of the website. Google will store this information. Find out more about Google’s position on privacy as regards its analytics service.
Most browsers allow you to reject all cookies. For example in Internet explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy” and selecting “Block all cookies” using the sliding selector. As with all websites, locking all cookies will make the website much less easy to use.
Third Party Cookies are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site which allow visitors to share content onto social networks such as Twitter and Facebook. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts (little snippets of programmers ) from domains outside of our website. We include these links because most other sites do, and it makes it easier for you to share our content with your friends online, if you wish to.
You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
Office systems
Our email, calendar, and general office IT uses Microsoft Office technology, which meets GDPR requirements. They have extensive privacy terms which you can find here http://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31 Our cloud servers store data in the UK/ EU, and are fully GDPR compliant.
Analytics
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Visitor comments may be checked through an automated spam detection service.