Privacy Policy for Judith Morris T/A Organised Chaos
NEWSLETTERS
If you decide to subscribe to my newsletters you are required to enter your name and e-mail address. The data you submit for this purpose will only ever be used to send you the newsletter. I use Mailchimp, a cloud based system, to store and manage this data and to send out the newsletters. When you subscribe via the link you will have the opportunity to read Mailchimp's own privacy policy and terms. Alternatively you can visit their website www.mailchimp.com. The Mailchimp service enables me to track your activity regarding newsletters in relation to "opens" and links clicked. My account with Mailchimp is password protected. You may unsubscribe at any time via the link in each newsletter.
CONTACT FORM
If you wish to engage with me personally and want to do this via the e-mail contact form you are required to supply your name and e-mail address. When your e-mail arrives in my inbox I have your name, e-mail address, and if supplied, your telephone number. I therefore conclude that you wish me to make contact with you. The contact form also supplies your IP address. The only reason for this is to manage a potential bulk spam situation and your IP address is not retained by me.
CLIENTS
If you decide to work with me I will ask for your permission to transfer your contact details to a cloud based contact management system, Sticky Prospect. My account is password protected. If you decide you no longer wish to work with me I will delete all your data from Sticky Prospect, (www.stickyprospect.com).
Here is Sticky Prospect's own policy in relation to privacy and GDPR:
Restricting access to confidential data - Data on our servers is password protected at both the database level and server level. Access to the databases is limited only to the personnel who require it, and likewise for the server maintenance. Each database uses a unique password to enhance security and minimise access in the unlikely event one database should ever be compromised.
Security arrangements - Data transfer between a client and our servers is encrypted using SSL. All data transfer between the web application and database occurs within the same server environment and is not accessed from other machines. Access to web systems is protected by a username and password combination using up to date Microsoft technologies on the back end. Data backups are taken nightly (full backup) and hourly (differential backup). This data is encrypted by password and stored in two locations - on an internal server protected by password, and on Amazon's S3 data servers which is protected by a key and secret combination and additionally encrypted at the file system level. These arrangements are reviewed and tested regularly.
Subject access request - On requesting information about the data stored about an individual, after verifying their identity, we will provide them with a detailed breakdown of what and how we store this data.