1. Who we are and how you can contact us
M/OTHERWORDS is an unincorporated partnership operated by Rebecca Kirk and Elizabeth Crowe. We are the data controllers and are responsible for your personal data (“M/OTHERWORDS”, “we”, “us” or “our”).
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
2. The data we collect about you
Personal data means any information about an individual from which that person can be identified.
We may collect, use, store and transfer the following kinds of personal data:
- Identity Data such as first name, last name, username or similar identifier, marital status, title, demographic data, date of birth and gender.
- Contact Data such as billing address, email address and telephone numbers.
- Financial Data such as bank account and payment card details.
- Transaction Data such as details about payments from you and services you have purchased from us.
- Technical Data such as your internet protocol (IP) address.
- Profile Datasuch as your username and password, feedback and survey responses and testimonials.
- Marketing and Communications Data, i.e. your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not collect any sensitive personal information about you except when you knowingly provide it (for example within a reading group or a comment you submit).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
3. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will/may use your personal data in the following circumstances:
- to register you as a member;
- to administer your involvement in a reading group or course (including processing your payment for the same), and identify you within that group;
- to process any comments you submit for publication on the website, or during a reading group, and identify you as the author of those comments;
- to enable you to partake in a prize draw, competition or complete a survey; and
- to otherwise manage your relationship with us;
- to improve our website, services and marketing;
- to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you; and
- to recommend products or services which may be of interest to you.
We will ask your consent before sending any third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
5. Disclosures of your personal data
We may share your personal data with third parties, such as payment service providers, for the purposes set out in How we use your Personal Data above.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. International transfers
The M/OTHERWORDS website is hosted by tsoHost. tsoHost data centres for the M/OTHERWORDS website are located in Europe so the processing of your personal data will involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. For further details, see tsoHost Worldwide datacentres.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
8. Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your personal data for a longer period in the event of a complaint, if we reasonably believe there is a prospect of litigation in respect to our relationship with you, or if we are required to by law.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal, regulatory, tax, accounting or other requirements.
9. Your legal rights
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data.
- Request access to your personal data (commonly known as a “data subject access request”).
- Request correction, or erasure of your personal data.
- Object to, or request a restriction of processing of your personal data.
- Withdraw consent to processing of your personal data (where we are relying on your consent to process).
If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org.
You will not have to pay a fee to exercise any of the rights set out above, unless your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.