Privacy and Data Protection Policy (updated May 2018)
Jayne Avery respects the privacy concerns of the users of its website https://www.jayneavery.com This is the updated privacy and data protection policy for Jayne Avery.
I have implemented security policies, rules and technical measures to protect the personal data that I have under my control from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
The General Data Protection Regulation is European wide data protection legislation that comes in to affect 25th May 2018. It is designed to protect individuals in the European Economic Area and ensure organisations meet certain requirements with regard to the collection, processing, security and deletion of personal information.
You can access my Web site home page and browse my site without disclosing your personal data.
Full name: Jayne Avery
What personal data we collect and why we collect it
Personal data refers to any data collected that could directly or indirectly identify you. By providing us with your data, you confirm that you are over 13 years of age.
Jayne Avery only collects the minimum amount of personal data that is needed so we can properly, serve our clients, prospects and website visitors. If we need to hold particular information about certain individuals, we only collect the information for those individuals and nothing more. Life Coach Julie does not hold personal data on the off-chance that it might be useful in the future.
Jayne Avery has comprehensive marketing plans and operational procedures in place for initiating contact with prospects and generating sales in a manner that complies with the General Data Protection Regulation.
The purpose or purposes for which the information is to be used is made clear to individuals and they have a choice as to whether to provide the information.
Any communication that you send to us whether that be through the contact form on our website, through email, social media messaging or any other method will be processed for the main purposes of communicating with you. However, it may also be kept for record keeping and for the establishment, pursuance or defence of legal claims.
Individuals are provided with easy to read and understand privacy notices when information is collected.
Consent is required for certain types of information usage, generally relating to mailing lists and marketing communications.
When consent is required, it must be freely given, specific, informed and unambiguous. Requests for consent should be separate from other terms and be in clear and plain language. The individual’s consent to using their personal data must be as easy to withdraw as to give. Consent must be “explicit” for sensitive data. Get Real About Business is required to be able to demonstrate that consent was given.
Under the Privacy and Electronic Communication Regulations (PECR) there are specific requirements relating to unsolicited direct marketing communications. A solicited communication is one that is actively invited, either directly by the customer or via a third party.
An unsolicited communication is one that the customer has not invited but they have indicated that they do not, for the time being, object to receiving it. If challenged, businesses would need to demonstrate that an individual has positively opted into receiving further information from us.
Jayne Avery understands that it is unlawful to contact customers or organisations that have informed us that they do not wish to receive unsolicited marketing material.
Jayne Avery has appropriate security measures to prevent personal information held being accidentally or deliberately compromised. In particular, Jayne Avery: have designed and organised security to fit the nature of the personal information held and the harm that may result from a security breach;
Are clear about everyone’s responsibility for ensuring information security;
Make sure that the correct physical and technical security is in place, backed up by robust processes and procedures and reliable, well-trained staff; and are ready to respond to any breach of security swiftly and effectively.
Jayne Avery recognises that information security breaches may cause real harm and distress to the individuals if their personal information is lost or abused (this is sometimes linked to identity fraud).
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Managing and monitoring staff
Jayne Avery ensures that staff or those acting on their behalf are aware of, trained and comply with regulatory requirements and company policies on data protection and information security matters.
There are controls in place to ensure that those people handling customer or confidential business information are honest and trustworthy and do not disclose information about customers without checking the identity of callers and verifying that they are entitled to the information being requested.
There are controls in place to ensure that only authorised personnel can access, alter, disclose or destroy personal information and only act within the scope of their authority. All paper records containing customer information and commercially sensitive information are stored securely when not in use and desks are cleared at the end of the working day.
Jayne Avery has procedures in place if we use third parties to process information to ensure that we:
only choose a data processor that provides sufficient guarantees about its security measures to protect the information and the processing it will carry out;
take reasonable steps to check that those security measures are working effectively in practice; and
put in place a written contract setting out what the data processor is allowed to do with the personal information or business information.
Jayne Avery requires third parties that it works with to ensure that there are adequate security measures in place to secure the information that is being held.
Restrictions on transferring information to non-EEA countries
There are no restrictions on moving personal information within EEA countries. Jayne Avery considers the following factors when deciding whether or not to transfer information overseas:
the nature of the personal information being transferred;
how the information will be used and for how long
whether they are certified by the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework,
If personal information is accidentally lost, altered or destroyed, attempts to recover it will be made promptly to prevent any damage or distress to the individuals concerned. In this regard Jayne Avery considers the following:
containment and recovery – the response to the incident include a recovery plan and, where necessary, procedures for damage limitation.
assessing the risks – assess any risks and adverse consequences associated with the breach, as these are likely to affect how the breach needs to be contained.
notification of breaches – informing the Information Commissioner’s Office or other relevant Supervising Authority as necessary (within 72 hours), law enforcement agencies and individuals (whose personal information is affected) about the security breach is an important part of managing the incident.
evaluation and response – it is important to investigate the causes of the breach, as well as, the effectiveness of controls to prevent future occurrence of similar incidents.
Additionally, Jayne Avery would also look to ensure that any weaknesses highlighted by the information breach are rectified as soon as possible to prevent a recurrence of the incident.
Information Commissioner’s Office (ICO)
If you are not happy with how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would appreciate if you could contact us first if you do have a problem so that we work with you to resolve any concerns. To ensure the data we hold is accurate and up to date please let us know if at any time your personal information changes by emailing firstname.lastname@example.org
This policy will be reviewed periodically in light of changing business priorities and practices and to take into account any changes in legislation.