8 December 2023
In order to work as a freelance writer, I may collect various types of personal information that relate to you. These may include:
• your name
• your email address
• your phone number
• your gender
• your job title and place of work
• your social media handle (for example, if you are active on Twitter or LinkedIn, particularly in a business capacity)
• your address (usually a business address)
• your financial information (for example, to pay you or be paid by you, if you are self-employed)
• your IP address (collected for security reasons by my web host, and by security services which I use), to the extent that this qualifies as personal data
• recordings and transcripts of phone calls if I interview you in the course of my writing business
• your opinions, to the extent that these qualify as personal data.
How this data is collected
I typically collect this data from you when you:
• meet me in person
• email me or phone me
• agree to be interviewed for a piece of writing
I also collect personal data in other ways, for example:
• In order to find business partners or clients, I may gather data that is publicly available online. This may involve gathering data about contacts on social networking sites or company websites, on a small scale, and/or using this to check the accuracy of information I hold.
• I may receive data about you that is passed to me by a client or prospective client, for example:
– if I am to write or edit an article or case study that mentions you (as I am a B2B copywriter, this will typically be in a work context)
– if I am given your contact details as a possible source of expertise or comment
– if I am to work on content that you have written, made comments on, or participated in in some way.
Why I collect data
I collect data for the following reasons, which I rely on as legitimate bases for collecting the information:
• to market my business (including direct B2B marketing via email, post and phone)
• to identify, and keep records of, prospective or existing clients or partners
• to ensure the accuracy of anything I write or publish
• to check the accuracy of anything I have written or published
• to retain evidence in case of a dispute or investigation
• for website security as above
• as backups, for the purpose of business continuity.
What I do with the information
I keep data on encrypted devices, in accounts with reputable cloud services, and in offline formats. I may transfer the data between these formats.
I may store your data on email servers and with operators of reputable cloud software services. I seek to keep these as far as possible within the UK or the EU. Where data is held outside the UK or EU, I seek to use providers who comply with rules to ensure the adequacy of data protection measures.
I may share specific data with subcontractors (for example, if I have agreed to supply a case study about your organisation, mentioning your name, and I contract out this work to another writer).
In the course of my work, I often share personal data with other people at the same organisation from whom I received it in the first place.
I plan to keep your data for as long as I need it for a specified legitimate purpose:
- Typically, I will retain most data for up to 7 years, for the purpose of retaining evidence in case of dispute or investigation: this includes data held in emails and attachments, and data related to projects I work on. However, please note the following:
- For audio/video recordings made for marketing articles (e.g. marketing case studies), my standard retention period is 2 years. Notes/transcripts related to these recordings will still be retained for up to 7 years. Recordings made for journalism (e.g. newspaper articles) or compliance reports (e.g. annual reports) will be retained for up to 7 years.
- I may retain invoices and financial contact information for longer than 7 years.
- I will clear IP address logs on a regular basis.
- If you contact me about a prospective project but we do not end up working together, I will delete records about you after a period of 2 years (with the exception of data held in emails/attachments, which will be deleted after 7 years).
- In practice I may store data in backups and archives for longer than the specified period, until data is destroyed or overwritten.
- I may need to retain a piece of data indefinitely if I judge that there is a legitimate reason to do so, including the likelihood of the data being required as evidence in the event of a dispute.
Keeping data accurate and up to date
I make reasonable efforts to keep data accurate and up to date; for example, when writing an article or marketing my business, I may check your name, place of work and job title against your profile on a social media site or your company website. See the section on ‘what I do with your data’ for more information.
I make reasonable efforts to secure the personal data I collect; these include both technical and physical measures. Measures include:
• using the HTTPS protocol
• encrypting computer data
• using a VPN (virtual private network) when appropriate
• using anti-malware software
• using reputable cloud storage services
• reviewing cloud services I use in order to be satisfied, as far as is reasonable, that they have effective security measures and compliant privacy policies.
Exercising your rights
In order to exercise your rights under the UK General Data Protection Regulation, please contact me at the contact page of my website.
Specifically, if you don’t want me to contact you for marketing purposes, then please let me know by contacting me.