KEY TERMS AND DEFINITIONS
- “I,” “our,” “us,” “we,” and “Owner” refer to the individual, Melodye D. Shore.
- “You,” “users,” and “visitors” refer to the person(s) using this website.
- “Website” and “blog” refers to this website: www.melodyeshore.com.
- GDPR is an acronym for the General Data Protection Act.
- PECR refers to Privacy & Electronic Communications Regulations.
- ICO refers to the Information Commissioner’s Office.
- Cookies are small files stored on a user’s computer or device.
PERSONAL DATA COLLECTED
When visitors post comments on our site, we collect the data they leave in our comments form, plus their IP address and browser user’s agent string, all of which help us detect and remove spam.
Visitor comments may be scanned by an automated spam detection service.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included, as visitors to the website can download and extract location data from images posted to the website.
We collect information from you when you subscribe to this blog or enter information on our website. Our opt-in subscription forms collect personally identifiable information that includes, but is not limited to your email address and first name.
In compliance with the GDPR, we use the “consent lawful basis” when sending notifications of new blog posts to email subscribers. We collect a narrow range of data about our subscribers, as detailed in “Personal Data Collected,” above.
Subscriptions may be handled through an EMS (email marketing service provider). An EMS is a third party service provider of software / applications that allows bloggers and marketers to send out email notices or marketing campaigns to a specific list of users.
If we send email marketing messages, they may contain tracking beacons, tracked clickable links, and/or similar server technologies that monitor subscriber activity related to those messages. When distributed, those marketing messages may also record a range of data (e.g., times, dates, IP addresses, opens, clicks, forwards, and geographic and demographic data). Such data, within its limitations, will disclose activity for each subscriber, specific to that email campaign.
Any email marketing messages we send will strictly conform to GDPR and the PECR mandates and regulations. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences and/or the information we hold about you at any time. Marketing messages will include instructions on how to unsubscribe or manage your preferences.
Our EMS provider is MailChimp.com. MailChimp holds the following information about you within its EMS system:
- Email address
- First name
- Subscription time & date
Your Personal Data is used only to send you notifications of new blog posts. You may unsubscribe from these communications by following the unsubscribe link provided in every email or by contacting us at firstname.lastname@example.org.
Under the GDPR (General Data Protection Regulation) we control and/or process any personal information about you electronically using consent as the lawful basis–meaning you have given us permission to do so.
Data Retention Period
We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used, if required. We shall stop processing your personal information if the lawful basis used is no longer relevant or appropriate.
We do not sell, trade, or otherwise transfer your personal information with third parties not affiliated with Melodye D. Shore or this website. This does not include website hosting partners and other parties who assist us in operating our website or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
Your Individual Rights
Under the GDPR your rights are as follows:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
If you have an account on this site, or have left comments, you can also request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
We handle subject access requests in accordance with the GDPR.
If you leave a comment on our site, you may opt-in to saving your name, email address and website as cookies. These are for your convenience: You won’t need to enter those details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your log-in will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded Content from Other Sites
Articles on this site may include embedded content (e.g. videos, images, linked articles, etc.). Embedded content from other websites will behave as if our website visitor has visited the sourced websites.
Third-party websites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. However, we are committed to protecting your privacy while preserving the integrity of our own site, so we welcome any feedback about your experiences with embedded content.
Do Not Track Signals
We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. You can enable or disable the DNT feature in your browser’s settings.
Data Security and Protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
If users register on our website, we may also store the personal information provided in their user profiles. Users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
This website uses the third-party analytics service Google Analytics to track and report activity. Google Analytics is a piece of software that captures various data about our website users, including but not limited to:
- Website or app that user originates from
- Geographic location of user
- Pages visited
- Length of stay
- Types of electronic devices used to browse our site (smart phones, tablets, etc.)
This tracking information allows us to better understand our user demographics, content preferences, and browsing habits, which we may then use to improve and customize our website content. This data is also shared with other Google services, which may use the collected data to contextualize and personalize the ads of its own advertising network.
To opt out of tracking…
California Online Privacy Protection Act (CalOPPA)
In Accordance with CalOPPA, we agree to the following:
Users can visit our site anonymously.
Users can request changes to their personal information by emailing email@example.com.
COPPA (Children Online Privacy Protection Act)
In accordance with the Children’s Online Privacy and Protection Act (COPPA), this website does not actively or knowingly collect personal information of children under age 18. However, the information, content, and videos on this website may be of interest to children and/or used in school projects. If you are a parent of guardian and are aware that your child has provided us with personal data (such as by leaving a comment or subscribing to this blog), please contact us to remove said information. If we independently become aware of such information having been provided by a child under the age of 18, we will take immediate action to delete said information.
Any photographs published on this site that include children have been done so with the explicit consent of a parent or guardian, or are stock photos for which we’ve purchased a usage license.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
To be in line with Fair Information Practices we will take the following responsive action, should a data breach occur: We will notify users via email within 1 business day.
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
Resources & Further Information
- Overview of the GDPR – General Data Protection Regulation
- Data Protection Act 1998
- Privacy and Electronic Communications Regulations 2003
- The Guide to the PECR 2003
- Small business GDPR policy template