In Accordance with General Data Protection Regulation (GDPR)
Personal data means any information relating to an identifiable person, either directly or indirectly. Such information can be a name, email address, an IP address, and location data.
Data subject is any identifiable natural person, whose personal data is processed by the controller.
Processing is an operation which is performed on personal data, such as collecting, recording, organizing, structuring, storing, altering, retrieving, use, restriction, erasure, or destruction.
Controller is the legal person who determines the purposes and means of the processing of personal data.
Third party is a legal person, agency, or body other who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, such as opting-in to a newsletter, signifies agreement to the processing of personal data relating to him or her.
2. Name and Contact Details of the Controller
Anne E. Johnson
Cookies are used by Internet pages to ‘remember’ you and your preferences to personalize your experience, which can allow the displaying of advertising from third party networks.
4. Collection of General Data and Information
Anne E. Johnson's website and blog collect general data and information when a data subject visits these sites, which is then stored in the server’s log files (Blogger and Wordpress). The information that may be collected is (1) the browser type, (2) language preference, (3) referring site, (4) the date and time of access to the Internet site, (5) operating system, (6) Internet service provider, (7) other similar data and (8) IP address.
· a) Social Media Plugins
Interaction with external social networks and platforms, such as Facebook, Twitter, Instagram, and Goodreads plugins and buttons, and all “share” buttons on Anne E. Johnson website, blog, and in her newsletter collect usage data.
If the data subject clicks on one of the social media buttons integrated into Anne E. Johnson's website, blog, or newsletter, such as the “like” or “share” buttons or plugins, the respective social media site then matches this information with the personal account of the data subject and stores the data.
Anne E. Johnson does not have control over these social media components or what data they store, how, or where.
If a data subject is logged into a social media platform (such as Facebook) at the time of visiting Anne E. Johnson's website, the social media network can collect information from the data subject due to the apps that use their services, such as a “like” button. This information, which includes websites and apps you visit, is collected by the respective social media component, even if you don’t click on these plugins or buttons.
You can prevent transmission of information by social media components by logging off from social media accounts before visiting other websites.
5. Links to Other Websites
Anne E. Johnson’s website, blog, newsletter, or social media platforms may contain links to other websites of interest. However, once a data subject uses these links, Anne E. Johnson does not have any control over that other website, their cookies, or collection and usage of data.
6. Subscription to Newsletter
On the website and blog of Anne E. Johnson, users are given the opportunity to subscribe to her author newsletter, which is a MailChimp form located on a page they can navigate to while visiting her website or blog. The entire process is optional.
Anne E. Johnson informs her subscribers regularly by means of a newsletter about book releases and other author updates. The author newsletter may only be received if the data subject has entered a valid e-mail address and completes the double opt-in confirmation process.
During the registration for the newsletter through a MailChimp opt-in form, the data subject’s IP address, first name (if supplied), and email address are stored, as well as the date and time of the registration. Only the data subject’s email address will be actively used to send out newsletters. All other information is stored by MailChimp as the legal protection of the controller.
The subscription to Anne E. Johnson’s newsletter may be terminated by the data subject at any given time. For this purpose, an unsubscribe link is found in each newsletter. Once a data subject unsubscribes, all information is deleted. A link to update the information a data subject supplied at the time of subscription can also be found in each newsletter, too, and used by the data subject.
MailChimp participates in Open Tracking, which tracks the date and time a recipient opens a newsletter. This information is stored on MailChimp.
MailChimp also uses sub-processors to process data on behalf of the controller. MailChimp transfers and processes data anywhere in the world where MailChimp, its Affiliates, or its Sub-Processors maintain data processing operations. MailChimp implements security measures to protect data from security incidents.
7. Blog Comments
Anne E. Johnson’s blog, which is hosted by Blogger, offers users the possibility to leave personal comments. If a data subject leaves a comment on Anne E. Johnson’s blog, the comment is stored and published, along with the date of the comment and the data subject’s name and avatar (image), which are both previously chosen by the data subject. In addition, the IP address assigned to the data subject is also logged by Blogger/Google for security reasons.
8. Rafflecopter Giveaways
Anne E. Johnson may host Rafflecopter giveaways on her blog or website. Entering one of these giveaways is completely optional and no purchase is necessary. Each Rafflecopter giveaway has a FREE ENTRY option as well as optional entry options for additional points and chances to win. Terms and Conditions are linked within each option for entrants to click on and read more about the giveaway and terms.
By entering, the entrants consent to their data being used only for the purposes of the giveaway. All information will be kept 100% private. The only data that will be used will be the winner’s data for the purposes of notification and shipping the prize(s). The Rafflecopter form will display the winner’s name. All information will be deleted after the giveaway ends, a winner is selected, and the winner receives his or her prizes. For all future giveaways dated 2018 or later, no information from any entrant will be stored longer than is necessary for the purposes of the giveaway.
Winners will be randomly chosen by Rafflecopter’s generator. Anne E. Johnson will notify the winner by using the email address provided by the entrant when logging in to enter the giveaway. The prize will be shipped within 24-48 hours after receiving the winner’s mailing address through email contact. Anne E. Johnson will not be held liable for prizes that are damaged or lost in transit. All prizes are mailed in excellent condition.
9. Google Forms
Anne E. Johnson
may host Google Forms
on her blog for the purposes of getting participants for a book blog tour (a virtual book tour that occurs on blog sites). Filling out such a Google Form is completely optional. The information usually collected is (1) name, (2) blog URL, (3) email address, and (4) a date for Anne E. Johnson'
s guest post to appear on his or her blog. By filling out this form and submitting it, entrants consent to email contact for the purposes of scheduling and setting up a guest post on the entrant’s blog during the time specified.
All information entered and stored in the Google Form will be deleted once the blog tour is completed.
10. Linky Tools List
Anne E. Johnson
may host a Linky Tools
List on her blog for the purposes of getting participants for a blog hop (a virtual party that occurs on blog sites and invites participants to “hop” around and visit each other on a specific day). Filling out such a Linky Tools List is completely optional. The information usually collected is (1) name, (2) blog URL, and (3) email address. By filling out this form and submitting it, entrants consent to email for the purposes of reminding participants of the upcoming blog hop date and to provide them the necessary information required of each participant to include in their blog post. Such information could be for a book’s release: (1) book blurb, (2) book buy links (3) corresponding images, (4) author bio and links.
All information entered and stored in the Linky Tools List will be deleted once the blog hop is completed.
12. Rights of the Data Subject
Each data subject has the right to obtain from the controller confirmation if personal data concerning him or her is being processed.
Each data subject has the right to obtain from the controller information about his or her personal data stored being stored and at no cost to the data subject.
- c) Right to Rectification
Each data subject has the right obtain from the controller the rectification of inaccurate personal data concerning him or her, such as completing incomplete personal data.
- d) Right to Erasure (Right to Be Forgotten)
Each data subject has the right to obtain from the controller the erasure of personal data concerning him or her, and the controller has the obligation to erase personal data without undue delay.
- e) Right of Restriction of Processing
Each data subject has the right to request restriction of his or her personal information.
- f) Right to Data Portability
Each data subject has the right to obtain and reuse his or her personal data for his or her own purposes across different services.
Each data subject has the right to object to the processing of personal data concerning him or her. Once objected, the controller will no longer process the personal data for direct marketing (author newsletters), unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
- h) Automated Individual Decision-Making, Including Profiling
Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
- i) Right to withdraw data protection consent
Each data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time by contacting the controller.
13. Legal Basis for the Processing
Art. 6(1) lit. a GDPR states processing shall be lawful only if and to the extent that at least one of the following applies: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the controller is subject; (4) processing is necessary in order to protect the vital interests of the data subject or of another natural person; (5) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (6) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
14. Legitimate Interests of the Controller or Third Party
Processing of personal data is based on Article 6(1) lit. f GDPR and necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject.
15. Data Retention Period
Personal data processed for any purpose(s) is stored as long as it is necessary for the purpose the data was collected. When necessary, data will be reviewed, updated, or deleted, depending on whether the data needs to be retained, archived, or is no longer needed.
16. Automated Decision-Making
Anne E. Johnson does not use automatic decision-making or profiling.
17. Protection of Children
Anne E. Johnson does not specifically market to children under 13.