Eliza Grey Privacy Policy
Version 1.0
1. The contact details of the data controller
2. Introduction and scope of this policy
4. The information we collect indirectly from individuals
4.1 Cookies and similar technologies
5. The information we collect directly from individuals
5.1 Contact us form on our website
6. Cookies and similar technologies
7. Use of social media networks
8. Information we automatically collect
1. The contact details of the data controller |
The data controller responsible in accordance with the United Kingdom General Data Protection Regulation (UK GDPR) is:
Grey Publishing Limited
Unit 12, Acorn Business Park, Northarbour Road
Portsmouth, Hampshire, PO6 3TH
www.elizagrey.co.uk
Please email: michelle.sumecki@greypublishing.co.uk
2. Introduction and scope of this policy |
Grey Publishing is an independent publisher of fiction books. This policy describes how we collect, use, and manage personal data when you visit our website. In addition, we have described how we process personal data concerning to the material we publish, promote, and sell.
3. Version control and date of next review |
This policy was last published 10th February 2022
The current version number is 1.0
The date of our next formal review of this policy is: January 2023
From time to time, we may update the third-party links within this policy. For example, if they have changed. We may also correct grammatical errors or make minor cosmetic improvements. In this instance, we will adjust the version number and publish the new version.
When we review our policy in depth or introduce a change in processing, we will update the version number, publish the new version, and issue a communication (e.g., a blog update, note on website, email).
If you require access to previous versions of our privacy policy, please email: michelle.sumecki@greypublishing.co.uk
4. Rights of Individuals |
When your personal data is processed, you are subsequently a data subject under the definition of UK GDPR and have the following rights:
Your right of access
You have the right to ask us for copies of your personal information.
Your right to rectification
You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing
You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability
You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. However, if you make a request (Subject Access Request), we have one month to respond to you.
The complete guide of the UK GDPR, including your rights (Part 3, Chapter 3), can be found here:
https://www.legislation.gov.uk/ukpga/2018/12/contents
5. The information we collect indirectly from individuals |
5.1 Cookies and similar technologies
Purpose and the lawful basis for processing
Necessary cookies enable the essential performance of our website. Optional cookies aim to optimise the experience and content for our website visitors. Finally, plug-in’s allow the website to either perform, enhance the content, manage security, or facilitate compliance.
The lawful basis we rely on to process your personal data is Article 6 (1) (a), based on consent from the website visitor the first time they visit our website.
Where consent is not technically possible, the lawful basis we rely on to process your personal data is Article 6 (1) (f), which allows the necessary processing required for our website to perform.
The personal data collected
Please refer to the Cookies and similar technologies section in this policy for details regarding the cookies we collect, plus details of plug-in’s we use on our website.
How personal data is stored and processed
Please refer to the Cookies and similar technologies section in this policy for details regarding how we store this type of data, including duration periods.
Retention periods
Please refer to the Cookies and similar technologies section in this policy for details regarding duration periods.
Rights of individuals
You have the right to withdraw consent. Please note that our website will retain the consent preferences selected by you the first time you visited our website. Your consent will be requested again when the duration period you selected expires.
Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.
6. The information we collect directly from individuals |
6.1 Contact us form on our website
Purpose and the lawful basis for processing
We have a contact form on our website to allow individuals to contact us directly and respond. Depending on the nature of your enquiry, we may retain your contact information in a central database as a prospective customer. In addition, we may further process your data at a future date by contacting you regarding our products, which we consider of relevance and interest to you.
The lawful basis we rely on to process your personal data is Article 6 (1) (a), which allows us to process personal data based upon your consent.
The lawful basis we rely on to further process your data is Article 6 (10 (f), which allows us to process personal data based on a legitimate interest assessment.
The personal data collected
We collect the name, contact details, plus optional message of the individual submitting the contact form.
We use the data collected to receive and reply to enquiries submitted via our website.
We may also use your contact details to contact you at a future date.
How personal data is stored and processed
We receive your contact information via our email system (Microsoft Outlook). The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.
For information on Microsoft’s Privacy Policy here: https://privacy.microsoft.com/en-gb and in particular their pledge regarding storing and processing EU data in the EU
We use Dropbox to store documents containing personal data. In this instance, files are password protected. The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.
For information on Dropbox’s Privacy Policy here: https://www.dropbox.com/en_GB/privacy
Retention Periods
We retain your contact details in our contact database for as long as required to respond to your enquiry. In addition, we will retain your personal contact details for as long as necessary to facilitate communication.
We will add your personal data to a suppression file if consent is withdrawn or there is no legitimate reason to continue processing your data.
Rights of individuals
You have the right to withdraw consent at any time. We will transfer your data to a suppression file unless you request your personal data is erased. You have the right to portability of your personal data.
Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.
6.2 Facebook Marketing
Purpose and the lawful basis for processing
We manage Ad Campaigns via Facebook to promote our products, generate leads for our mailing list, and sell our products. We also encourage engagement via our Facebook Business Page.
Every individual is free to use Facebook, and engagement is based on consent.
When we collect personal data directly from an individual, the lawful basis we rely on to process your personal data is Article 6 (1) (a), based on consent.
The personal data collected
We only collect personal data from Facebook if we generate leads via the platform. In this instance, we collect first, last name and email address.
We can review high-level statistical information about the campaign in the Ad Manager dashboard, such as the demographic or age group of individuals who interacted with our campaign. However, we have no control over this data and cannot view any personal data belonging to an individual.
We may use a Bitly link to shorten long URLs and enable us to measure traffic. Please refer to Bitly under Third-Party products in this policy for more information.
Personal data is directly linked to our MailChimp account (first name, last name, and email). In addition, we assign a tag to each campaign for identification. The link ensures a welcome email is sent automatically, along with any promised communication, for example, a free short story.
How personal data is stored and processed
We store data within our Ad Manager account and Mailchimp Account.
We may also transfer the data from Facebook onto a central database, for example to segment data for a particular marketing campaign.
Retention Periods
We cannot control or influence the retention periods Facebook retains data within the Ads Manager platform.
We retain data within Mailchimp to continue promoting our products and interacting with individuals unless consent is withdrawn.
Rights of individuals
You have the right to withdraw consent at any time. We will transfer your data to a suppression file unless you request your personal data be erased. You have the right to portability of your personal data.
Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.
6.3 Mailing List
Purpose and the lawful basis for processing
We use Mailchimp as our mailing list platform. Personal data is submitted into our Mailchimp mailing list by individuals visiting our website (pop-up or form they complete and submit), newsletter form via our website, a Facebook lead generation campaign, or competition data.
We use Mailchimp to send emails to our mailing list group. Examples of communication include:
- Newsletter updates
- Promoting a new product or special offer
- Sending out a free short story
- Engagement (requesting feedback)
The lawful basis we rely on to further process your data is Article 6 (10 (a), which allows us to process personal data based on consent.
The personal data collected
We collect the following contact information:
- First name
- Last name
- Email address
- Address (in certain circumstances)
How personal data is stored and processed
The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.
For information on Mailchimp’s Privacy Policy please click here: https://www.intuit.com/privacy/statement/
Retention Periods
We retain your contact details in our contact database for as long as necessary to manage an ongoing relationship unless consent is withdrawn.
Rights of individuals
You have the right to withdraw consent at any time. We will transfer your data to a suppression file unless you request your personal data is erased. You have the right to portability of your personal data.
Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.
7. Cookies and similar technologies |
7.1 Cookies
Purpose and the lawful basis for processing
Cookies are text files placed on your computer by websites you visit. They are widely used to make websites work, work more efficiently, and provide information to the owners of the site. For example, our website uses cookies when a user accesses our website.
Please click on the link below for general information about cookies:
https://www.aboutcookies.org/cookie-faq
https://www.allaboutcookies.org
When users first visit our website, they are presented with options to manage their cookie preferences.
The lawful basis we rely on to process your personal data is Article 6 (1) (a), based on consent received from the website visitor the first time they visit our website.
Where consent is not technically possible, the lawful basis we rely on to process your personal data is Article 6 (1) (f), which allows the necessary processing required for our website to perform.
We use third-party software on our website. Please refer to section under ‘Third-party software’, WordPress and Google, in this policy for further information.
The personal data collected
When website users first visit our site, they are presented with options to manage their cookie preferences.
Cookie Category Overview:
The cookies on our website are described as essential, analytical, and functional, and split into these categories as follows:
Essential cookies
Necessary cookies are essential for the website to function correctly. These cookies ensure basic functionalities and security features of the website anonymously.
Analytical cookies
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics, the number of visitors, bounce rate, traffic source, etc.
Functional cookies
Functional cookies help to perform certain functionalities like sharing the website’s content on social media platforms, collecting feedback, and other third-party features.
Cookie | Type | Description | Duration |
_ga | Analytics | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. | 2 years |
.gid | Analytics | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. | 1 day |
_gat_gtag_UA_165037975_1 | Analytics | Set by Google to distinguish users | 1 minute |
_mcid .list-manage.com | Analytics | This is a Mailchimp functionality cookie used to evaluate the UI/UX interaction with its platform | 1 year |
1P_JAR _NID | Analytical | Google – To provide ad delivery or retargeting, store user preferences | 6 mths |
MCPopupClosed | Functional | Mailchimp – to store if a message has been dismissed | 1 year |
HU_Consent | Necessary | GDPR Compliance Consent | Never |
_abck .list-manage.com | Necessary | This cookie is used by Akamai to optimize site security by distinguishing between humans and bots | 2 hours |
.list-manage.com _abac sm_sz | Necessary | This cookie is set by the provider Akamai Bot Manager. This cookie is used to manage the interaction with the online bots. It also helps in fraud preventions. | 4 hours |
.list-manage.com ak_bmsc | Necessary | This cookie is used by Akamai to optimise site security by distinguishing between humans and bots | 2 hours |
Elementor WP-Settings-3 Wp-settings-times-3 | Necessary | This cookie is used by the website’s WordPress theme. It displays content in real-time. | Never |
Retention periods
When website users first visit our site, they are presented with options to manage their cookie preferences. The dashboard will store your consent preferences for 30 days.
Rights of individuals
You have the right to withdraw consent. Please note that our website will retain the consent preferences selected by you the first time you visited our website. Your consent will be requested again when the duration period you selected expires.
Please refer to the Rights of Individuals in this policy for further information about your rights concerning your personal data.
7.2 Plug-ins
Our site uses plug-in’s for the following purposes:
- To facilitate our contact form
- To provide a cookie notice to inform users that our site uses cookies and to provide them with control options
- Protect and secure our website (Anti-virus, Firewall and Malware Scan)
- Super-fast caching
- SEO solution, including on-page content analysis, XML sitemaps
Where consent is not technically possible, the lawful basis we rely on to process your personal data is Article 6 (1) (f), which allows the necessary processing required for our website to perform.
We have not provided the plug-in authors within this policy, as we may change or review the website plug-ins we use to manage our website. If you have any questions about the plug-ins we use, or would like further information, please contact michelle.sumecki@greypublishing.co.uk
8. Use of social media networks |
8.1 Instagram
Data Controller for Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
Purpose and the lawful basis for processing
The purpose of our corporate presence is for communication and information sharing with existing and potential customers regarding our products and services.
We generally have no influence or control of your personal data by Instagram; therefore, we cannot make any clauses or statements regarding the purpose and scope of the processing of your data.
The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.
For information on Instagram’s Privacy Policy here:
https://help.instagram.com/519522125107875/?maybe_redirect_pol=0
Refer to the section: ‘how do we operate and transfer data as part of our global services’ for Instagram’s reference to International Transfers.
Every individual is free to use Instagram and engagement is based on consent.
The personal data collected
Generally, we only use Instagram to engage with people interested in our products, share content, and promote the books we sell.
We may provide information and communicate with individuals via Instagram, which may also display on our company website. If you carry out an action on our Instagram account (e.g. comments, liked, contributions, etc.), you may make personal data (e.g. name, photo, user profile, comments) public.
How personal data is stored and processed
We generally do not influence or control your personal data managed by the data controllers, Instagram.
Personal data stays within the platform unless we agree to pursue mutually agreeable communication outside the online environment. In this instance, we may transfer your contact details to our central contact database as a prospect with the possibility of maturing to a customer.
Retention Periods
We generally have no influence or control of your personal data stored by the data controller, Instagram.
If we continue communication beyond the Instagram platform, we will only retain your personal data to facilitate communication regarding our products and services.
Rights of individuals
For further information on how Instagram processes your personal data, including your rights using the Instagram platform, please click here:
https://help.instagram.com/519522125107875
8.2 Twitter
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland
Purpose and the lawful basis for processing
The purpose of a Twitter presence on our website is for communication and information sharing with our readers, to attract new readers, and as an engagement/networking tool.
For information on Twitter’s Privacy Policy here: Please refer to Twitter’s Privacy Policy, ‘Our global Operations and Data Transfers’.
The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.
For information on Twitter’s Privacy Policy here:
https://twitter.com/en/privacy
Every individual is free to use Twitter, and engagement is based on consent.
The personal data collected
We may provide and share information and communicate with individuals via Twitter, which may also display on our company website. If you carry out an action on our Twitter account (e.g. comments, likes, contributions, etc.), you may make personal data (e.g. name, photo, user profile, comments) public.
How personal data is stored and processed
We generally have no influence or control of your personal data by the data controller, Twitter; therefore, we cannot make any clauses or statements regarding the purpose and scope of the processing of your data.
Retention Periods
We generally have no influence or control of your personal data stored by the data controller, Twitter.
Rights of individuals
For further information on how Twitter processes your personal data, please click here:
https://twitter.com/en/privacy
8.3 Facebook
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
Purpose and the lawful basis for processing
The purpose of a Facebook presence on our website is for communication and information sharing with our readers, to attract new readers, and as an engagement/networking tool.
The personal data collected
We may provide and share information and communicate with individuals via Facebook, which may also display on our company website. If you carry out an action on our Twitter account (e.g., comments, likes, contributions, etc.), you may make personal data (e.g., name, photo, user profile, comments) public.
We generally have no influence or control of your personal data by Facebook; therefore, we cannot make any clauses or statements regarding the purpose and scope of the processing of your data.
The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.
For further information on how Facebook processes your personal data, please click here: https://en-gb.facebook.com/policy.php
Please also see our policy regarding marketing which includes Facebook.
How personal data is stored and processed
We generally have no influence or control of your personal data by the data controller, Facebook; therefore, we cannot make any clauses or statements regarding the purpose and scope of the processing of your data.
Retention Periods
We generally have no influence or control regarding your personal data retention periods by the data controller, Facebook.
Rights of individuals
For further information on how Facebook processes your personal data, please click here: https://en-gb.facebook.com/policy.php
9. Information we automatically collect |
When you visit our website, we automatically collect information from your web browser to retrieve the page from the server (unless disabled/masked by third party software). Information about your devise is required to display the correct format (e.g., mobile pages). The information we collect:
- Your IP address and location derived from the IP address
- Internet or other electronic network activity information, like the referring websites or services
- The time and date of each access
- Device settings, such as browser type, operating system, and language
- Cookie information (please refer to our ‘Cookies and similar technologies section’)
10. Third-party software |
We use third-party software and providers to process personal data.
10.1 WordPress
Our website is built using WordPress, which uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
Please see complete information on WordPress cookies here:
https://wordpress.org/support/Article/cookies/
10.2 Google
Google maintains servers around the world and your information may be processed on servers located outside the UK/EU/EEA. In such a case, the appropriate safeguards to protect personal transfer and processing of personal data is required. For information on Google’s Privacy Policy here: Please refer to Google’s Privacy Policy, and specifically Google’s Legal Frameworks for Data Transfers
To opt out of being tracked by Google Analytics across all websites, visit:
https://tools.google.com/dlpage/gaoptout
10.3 Amazon
We use Amazon to sell and promote our books. Amazon operates globally and we currently focus on the UK and US markets.
We do not process personal data when you purchase directly from Amazon. We may gather statistical information via the Amazon platform, but this relates to sales performance (not based on an individual’s personal data).
For information on how Amazon processes your personal data, please click here for UK visitors and US visitors.
10.4 Dropbox
We use Dropbox to store and share personal data and information. Personal data files are password protected.
We use Dropbox to store documents containing personal data. In this instance, files are password protected. The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.
For information on Dropbox’s Privacy Policy, please click here:
https://www.dropbox.com/en_GB/privacy
10.5 WhatsApp
On our website we share the link to WhatsApp to allow website visitors to share our website information with their contacts. We do not store or share any personal data.
For information on WhatsApp’s Privacy Policy, please click here:
https://www.whatsapp.com/legal/updates/privacy-policy/
10.6 Goodreads
On our website we share the link to Goodreads to allow website visitors to find our products on the website, Goodreads. We do not store or share any personal data.
For information on WhatsApp’s Privacy Policy, please click here:
https://www.goodreads.com/about/privacy
10.7 Microsoft 365
We use Microsoft Office 365 to process personal data, for example Outlook. The processing of your personal data outside the UK/EU/EEA may occur. In such a case, the appropriate safeguards to protect personal data the transfer and processing of personal data are required.
For information on Microsoft’s Privacy Policy here: https://privacy.microsoft.com/en-gb and in particular their pledge regarding storing and processing EU data in the EU
11. Website Hosting |
We have considered the safeguarding and security of our website as follows:
Backups
Back-ups are incremental and archived. Data sent to and from the back-up system is always encrypted.
Monitoring
All systems are monitored using PRTG and Pingdom.
PRTG is an enterprise monitoring suite – designed for large businesses and data centres. It reports in real-time and alerts of any developing issues or current issues. For example, if a server starts to run slow, or a hard drive begins to develop a fault we will know about it.
Pingdom is a third-party service that monitors uptime and performance of systems. We have various rules set up to check our systems every 60 seconds. SMS messages and emails and sent to us if a fault is detected.
Secure Datacentre
The servers and hosting infrastructure feature military-grade security, based in the UK.
Management
All systems feature ‘lights-out management’. This means our server can be accessed remotely. For example, if a server shuts down (owing to hardware failure). Servers can also be shut down and powered on remotely.
12. How to complain |
If you have any concerns about our use of your personal information, you can make a complaint to us by emailing: michelle.sumecki@greypublishing.co.uk
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org
