Your privacy and how I protect it
I take your privacy and information security as seriously as I take my own. I never share your data with anyone else, and everyone on my mailing list has opted in fully, using double opt in: although because I only send newsletters when I have valuable information, you may not recall when you signed up. I have never bought in email addresses from a third party. You can, of course, unsubscribe at any time.
I use your email address only to send out information about my books, plus goal-setting, creativity and/or writing tools, ideas and courses.
NB: I do use affiliate links on my website which mean that if you decide to buy a book via Amazon or via The Book Depository, as an Associate, I get small payment for referring you. These links do not cost you anything extra.
I run my site and email list personally, so if I am travelling or away, it may take me time to respond. But I will try to respond within 72 hours.
A more detailed statement is below.
In this statement, I¡¯ll explain how I obtained and look after your data.
To create this scintillating document, I read reams of stuff and then used the ICO booklet, ¡°Preparing for the General Data Protection Regulation ¨C 12 Steps to Take Now.¡± Here are my answers: with huge thanks to awesome author Nicola Morgan whose statement I have taken as a model and adapted, though she cannot in any way be held responsible for my version!
I run my website and lists alone so it¡¯s only me who needs to be aware.
Information held by me
All the information has been obtained by double opt-in or via personal contact in the case of emails. I never will, and never have, buy email addresses or data from other sources.
Email addresses of people who have emailed me and to whom I have replied are held in contacts within Outlook and Gmail, which are my two email providers.
Email addresses, names and countries of people who have signed up to my mailing lists via Mailchimp and on the 5:2 website using the WordPress based mailing system.
Email addresses, names and postal addresses for people I¡¯ve sent free books or other items to e.g. for review purposes, competitions etc.
Communicating privacy information
I have put this document on my website, with a link from my sign-up section for new subscribers.
I have added a link to my contact page.
On request, I will delete data.
If someone asked to see their data, I would take a screenshot of their entry/entries.
If they email asking to unsubscribe, their data is deleted.
Subject access requests
I aim to respond to all requests within 72 hours and usually much sooner (allowing for holiday/travelling, as I am the only person holding/having access to the data).
Lawful basis for processing data
If people have emailed me, they have given me their email address. I do not actively add it to a list but Gmail and Outlook will save it. I will not add it to any database or spreadsheet unless someone asks me to or gives me explicit and detailed permission.
If people have opted into my Mailchimp or 5:2 WordPress lists (by subscribing to my new or old websites) they have actively opted in after downloading free resources, in the knowledge that they will receive the following:
For the 5:2 and the Dirty Diet site, occasional (no more than 4 x per year) emails with updates on intermittent fasting, new/updated resources around 5:2 and The Dirty Diet, and news about new books and podcast episodes.
For the Kate Harrison News, occasional email updates (no more than 12 x per year) with information about new books and other resources including the Goal Setting book.
For the Write with Kate lists, email updates (no more than 10 per year) with writing tips, new resources and information about talks and courses.
If I¡¯ve sent something e.g. free book to contacts by post, I keep their address in a Word document on my computer and also saved to Dropbox. Both are password protected and can be removed on request: I do not use these addresses for anything.
Once I¡¯ve contacted everyone with a reminder about the T&C of my holding their data, I regard this consent as confirmed until the person asks me to remove the data.
Consent is not indefinite, so I will make sure that I remind subscribers on every email that they can unsubscribe or ask for their data to be removed.
All my current books and free downloads are aimed at adults, though it¡¯s possible younger people can contact me via my website or register for mailing lists as I don¡¯t ask for proof of age and would have no way to police this. I do reply to any emails but do not store on databases, which means I am not processing data.
I have done everything I can to prevent this, by strongly password-protecting my computer, Mailchimp, Google, Outlook, WordPress and Dropbox accounts. If any of those organisations ¨C or my site ¨C were compromised I would take steps to follow their advice immediately.
Data Protection by Design and Data Protection Impact Assessments
I have familiarised myself with the ICO¡¯s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.
I have appointed myself as the Data Protection Officer, in the absence of anyone else!
My lead data protection supervisory authority is the UK¡¯s ICO.