I have long been an advocate of digital privacy, often urging people to take their privacy more seriously. Thus, it should not be a surprise that respecting your privacy is more than just an online policy statement for me, it is a principle by which I conduct my online activities (whether for profit or not). However, simply stating that I respect your privacy is not sufficient to meet legal obligations and, realistically, not enough to answer reasonable concerns you may have. Therefore, the following policy outlines the details about how I handle your personally identifiable information ("Personal Data"). If you have questions or other input about this policy, please contact me.
I will only collect and use your Personal Data when:
For the purpose of the EU General Data Protection Regulation (GDPR), I, Stuart J. Whitmore, am the "data controller" for the data that I collect. I may employ the services of various "data processors" to achieve various purposes, such as using Amazon Web Services to send you my newsletter if you request to receive them. Other data processors that I regularly use, which may or may not be involved in handling data that I collect from or about you, may include (but may not be limited to) pair Networks, IFTTT, Dropbox, Facebook, BookFunnel, and Google (i.e., Google Drive).
This policy is in effect as of the date shown at the bottom of this document.
I collect some information automatically as a result of the design of the technologies that you and I have chosen to use. This data collection occurs on every site you visit before you see the site; my site is no different. Such information typically includes what browser and operating system you are using, what technological capabilities your Web browser supports, a very general (and often inaccurate) location associated with the Internet Protocol (IP) address associated with your online activity, etc. I make no effort to link this information to your Personal Data, but making such links may be technically feasible. You may employ technologies to subvert the accuracy of the automatically-collected data, and doing so will rarely (if ever) have a negative effect on your use of my site. I leave to you the research on how to accomplish this.
I collect information that you knowingly and willingly provide. Such information could include your email address, your name, how you know or heard about me, what genre of books you prefer to read, and any other information for which you are prompted as well as additional information that you provide without being prompted.
Third-party cookies are those cookies stored by your browser at the request of a third party, i.e., an entity other than you or me. For example, if I display ads on my site and those ads are inserted by an ad service, the code from that ad service may request your browser to store information in a cookie for later retrieval. The third-party services and companies that may request information storage in cookies via code included on my sites may include, but may not be limited to, the following:
These and other third parties have separate privacy policies and should be contacted separately if you have questions or concerns about the data they store about you. They may offer tools to help you manage, undo, and/or prevent that storage of personal information. For GDPR purposes, the role of the third-party services in collecting this data may be "data processor" or "data controller" depending on the context of usage.
I will only use your Personal Data when I believe doing so is lawful. Common uses of your Personal Data include:
The simplest explanation for my policy on sharing your data is that I try to avoid it in all cases. That is the easiest way to respect your privacy. However, there are situations when sharing your data is necessary. It is never necessary to share your information with third parties for the purpose of them contacting you to promote their products, services, or ideologies, and I will never do that.
Situations that require sharing of your personal data include doing so as directed under a valid order from a lawful court with applicable jurisdiction and doing so to complete a service that you have requested from me. Situations that require sharing to complete a legitimate business interest include sharing data with third parties who provide services to me and who require data to provide those services. When such sharing occurs, I ensure (to the extent possible) that the service provider has policies in place that are no less restrictive than my own.
I implement technical measures to safeguard your Personal Data. This includes physical, electronic, and procedural safeguards that comply with applicable law to safeguard Personal Data from unauthorized access, disclosure, or use.
Your data will be stored on servers in the United States. The location of those servers within the US may change without notice, but generally will be located in Washington (State, not DC), Oregon, and/or Pennsylvania.
I store and use your Personal Data for as long as it is necessary as described within this policy document. If you request deletion of the data I have collected from you, I will comply with your request within the constraints and requirements of applicable law, the moral obligation to secure and respect your privacy, and technology. In some cases deletion may take the form of anonymization if doing so respects your intent more than actual deletion. Completely deleting all information may be impossible due to technical restraints; for example, deleting every server access log ever generated from your activity, including in all backup files, would likely be impossible due to the difficulty or impossibility of accurately finding those log entries due to insufficient reliable data about you to make the correct association. Put simply, if the only identifying information is an IP address and your IP address has ever changed (which is extremely likely) there is no way to know that a log entry with an IP address you have used is actually you versus another (prior or subsequent) user of that same address. This is only one example of how technical constraints could prevent me from completely removing every trace of your data.
You may have the right under applicable laws and/or treaties to ask the following questions or take the following actions by contacting me as described later in this document:
If there is a self-service feature, you are advised to use that instead of asking me to manually process your request, as this will give you the desired result much more quickly. An example of a self-service feature is an "unsubscribe" link in an email newsletter. Note that a self-service tool should not be assumed to do more than it states; continuing the previous example, an "unsubscribe" link should not be assumed to delete your data, only to unsubscribe you from the list. If you are at all concerned that you will not get the desired results from a self-service tool, please contact me for assistance.
Different jurisdictions specify different ages under which Personal Data may not be collected or used, or may only be collected or used in a strictly regulated manner. In the US, this is apparently age 13, while in the EU it is apparently age 16. While I intend to comply with such laws, they are redundant in my view because I do not intend to provide services to children and therefore nothing that I provide online is targeted toward children. If you have not reached the age of 13 (US), 16 (EU), or 18 or the age of majority in your jurisdiction, whichever is higher, please do not provide me with any Personal Data including your email address.
You may contact me (Stuart J. Whitmore) via:
Email: author /at\ just-stuart.com
Postal mail: Stuart J. Whitmore, PO Box 33, Sumner, WA 98390
Policy version: 2.1
Effective: 18 FEB 2019