STATEMENT OF PRIVACY AND GDPR COMPLIANCE
This document explains how we comply with Information Commissioner’s Office guidelines for compliance with the General Data Protection Regulation (GDPR) rules. If you have given us your email address (by emailing us or subscribing to the website, for example) you should read this to reassure yourself that we are looking after your data responsibly.
We value the security of your information extremely highly and will never intentionally breach the rules. Please let us know if there is anything else we can be doing to ensure this is so.
JCA Consult is a small company with one owner and two associates who are aware GDPR guidelines.
2. The information JCA Consult holds:
Email addresses of people who have emailed me and to whom I have replied – automatically saved in Gmail.
Email addresses, names and self-identified descriptors (eg “headteacher”, “owner”, “manager”) of people who have signed up to my mailing list via the opt-in link on the website – held in Mailchimp
This information is not shared with anyone. If someone randomly asks for another person’s email address, I always check with the other person first.
3. Communicating privacy information
JCA Consult is taking 3 steps:
This document has been put up on the website with a link from my sign-up section for new subscribers.
A link has been added to my email signature.
A link has been added to my contact page.
4. Individuals’ rights
On request, I will delete data. If someone asked to see their data, I would take a screenshot of their entry/entries and forward it to them.
If they unsubscribe themselves from the Mailchimp list, their data is automatically deleted.
4. Subject Access Requests
I aim to respond to all requests within 24 hours and usually much sooner.
5. Lawful basis for processing data
If people have emailed JCA Consult, they have given me their email address. I do not actively add it to a list but Gmail will save it. I will not add it to any database or spreadsheet unless someone asks me to or gives me explicit and detailed permission.
If people have opted into my Mailchimp list (by subscribing to my website) they have actively opted in, in the knowledge that they will receive the following: newsletters (between 4 – 6 per year), occasional event announcements and intermittent news updates
Once someone has signed up for my newsletter, I regard this consent as confirmed until the person asks us to remove the data. I do not harvest email addresses and will not.
Consent is not indefinite, so we will make sure that we remind subscribers that they can unsubscribe or ask for their data to be removed.
We do not work with children so not store any data from them or about them.
8. Data breaches
I have done everything I can to prevent this, by strongly password-protecting our computer, Mailchimp, Google accounts. If any of those organisations were compromised I would take steps to follow their advice immediately.
9. Data Protection by Design and Data Protection Impact Assessments
JCA Consult has familiarised itself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that it is using best practice.
10. Data Protection Officers
Jane Anderson, owner is Data Protection Officer for JCA Consult.
Our lead data protection supervisory authority is the UK’s ICO.