In Accordance with General Data Protection Regulation (GDPR)
- a) Personal data
Personal data means any information relating to an identifiable person, either directly or indirectly. Such information can be a name, email address, an IP address, and location data.
- b) Data subject
Data subject is any identifiable natural person, whose personal data is processed by the controller.
- c) Processing
Processing is an operation which is performed on personal data, such as collecting, recording, organizing, structuring, storing, altering, retrieving, use, restriction, erasure, or destruction.
- d) Controller
Controller is the legal person who determines the purposes and means of the processing of personal data.
- e) Third Party
Third party is a legal person, agency, or body other who, under the direct authority of the controller or processor, are authorized to process personal data.
- f) Consent
Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, such as opting-in to a newsletter, signifies agreement to the processing of personal data relating to him or her.
- Name and Contact Details of the Controller
Cookies are used by Internet pages to ‘remember’ you and your preferences to personalize your experience, which can allow the displaying of advertising from third party networks.
- Collection of General Data and Information
Elaine Kaye’s website and blog collect general data and information when a data subject or automated system visits her website or blog, which is then stored in the server’s log files (Blogger/Google). The information that may be collected is (1) the browser type, (2) language preference, (3) referring site, (4) the date and time of access to the Internet site, (5) operating system, (6) Internet service provider, (7) other similar data and (8) IP address.
- a) Social Media Buttons
Interaction with external social networks and platforms, such as Facebook and Twitter buttons on Elaine Kaye’s website and blog collect usage data.
If the data subject clicks on one of the social media buttons integrated into Elaine Kaye’s website or blog, such as the “share” buttons, the respective social media site then matches this information with the personal account of the data subject and stores the data.
Elaine Kaye does not have control over these social media components or what data they store, how, or where.
If a data subject is logged into a social media platform (such as Facebook) at the time of visiting Elaine Kaye’s blog or website, the social media network can collect information from the data subject due to the apps that use their services. This information, which includes websites and apps you visit, is collected by the respective social media component, even if you don’t click on these plugins or buttons.
You can prevent transmission of information by social media components by logging off from social media accounts before visiting other websites.
- b) Contact Form
Elaine Kaye’s website contains contact forms created by WordPress. If a user sends a message to Elaine Kaye using the contact form, their name, email address, and message will be sent to Elaine Kaye’s email and stored in her inbox.
- Links to Other Websites
Elaine Kaye’s website, blog, and social media platforms may contain links to other websites of interest. However, once a data subject uses these links, Elaine Kaye does not have any control over that other website, their cookies, or collection and usage of data.
- a) Affiliate Links
This site uses affiliate links for Bookshop.org, which is an online bookstore that supports local, independent bookstores.
- Blog Comments
Elaine Kaye’s blog, which is hosted by Blogger, offers users the possibility to leave personal comments. If a data subject leaves a comment on Elaine Kaye’s blog, the comment is stored and published, along with the date of the comment and the data subject’s name and avatar (image), which are both previously chosen by the data subject. In addition, the IP address assigned to the data subject is also logged by Blogger/Google for security reasons.
- Rights of the Data Subject
- a) Right of Confirmation
Each data subject has the right to obtain from the controller confirmation if personal data concerning him or her is being processed.
- b) Right of Access
Each data subject has the right to obtain from the controller information about his or her personal data being stored and at no cost to the data subject.
- c) Right to Rectification
Each data subject has the right obtain from the controller the rectification of inaccurate personal data concerning him or her, such as completing incomplete personal data.
- d) Right to Erasure (Right to Be Forgotten)
Each data subject has the right to obtain from the controller the erasure of personal data concerning him or her, and the controller has the obligation to erase personal data without undue delay.
- e) Right of Restriction of Processing
Each data subject has the right to request restriction of his or her personal information.
- f) Right to Data Portability
Each data subject has the right to obtain and reuse his or her personal data for his or her own purposes across different services.
- g) Right to Object
Each data subject has the right to object to the processing of personal data concerning him or her. Once objected, the controller will no longer process the personal data for direct marketing (author newsletters), unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
- h) Automated Individual Decision-Making, Including Profiling
Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
- i) Right to withdraw data protection consent
Each data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time by contacting the controller.
- Legal Basis for the Processing
Art. 6(1) lit. a GDPR states processing shall be lawful only if and to the extent that at least one of the following applies: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the controller is subject; (4) processing is necessary in order to protect the vital interests of the data subject or of another natural person; (5) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (6) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
- Legitimate Interests of the Controller or Third Party
Processing of personal data is based on Article 6(1) lit. f GDPR and necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject.
- Data Retention Period
Personal data processed for any purpose(s) is stored as long as it is necessary for the purpose the data was collected. When necessary, data will be reviewed, updated, or deleted, depending on whether the data needs to be retained, archived, or is no longer needed.
- Automated Decision-Making
Elaine Kaye does not use automatic decision-making or profiling.
- Protection of Children
Elaine Kaye does not specifically market to children under 13. She markets to parents.