Melissa’s Copy is committed to the privacy of all our customers. All client information is collected and processed in accordance with the UK’s data protection legislation, including the General Data Protection Regulations (GDPR).
Changes to this Policy
We may update this policy from time to time. You should check this page occasionally to ensure you are happy with any changes to this policy.
1 Basic terminology
1.1 Personal Data
Any information relating to an identifiable person who can be directly or indirectly identified.
1.2 Special Category Data
(Sensitive Personal Data) Personal data that reveals racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data / biometric data; data concerning health; and data concerning a person’s sex life or sexual orientation.
1.3 Data Subjects
Individuals that we process Personal Data about e.g., employees, end consumers, employees of third parties we engage with (including customers and subcontractors).
1.4 Supervisory Authority
The Information Commissioner’s Office (ICO).
1.5 Data Controller
An organisation that controls the purposes and manner of processing.
1.6 Data Processor
An organisation that processes personal data on behalf of the data controller e.g., an IT system.
2 GDPR Principles
2.1 Lawful Basis for Processing
There must be a legitimate Interest for the processing of your data. Clear consent to processing the data will need to be provided by the data subject. The personal data will be used in such a way that the data subject would expect which has minimal privacy impact. If we can achieve the same result in another way, legitimate interest will not apply, consent will not be requested, and data will not be used.
Personal information will only be collected and stored for the purposes of completing copywriting and marketing services on your behalf or responding to your enquiries.
If you have signed up to receive our e-newsletter, we will send emails to you offering copywriting advice and occasional information about our services. You always have the opportunity to unsubscribe from these emails by clicking the unsubscribe link on the email itself or by emailing firstname.lastname@example.org with the heading Unsubscribe.
We will never spam you, sell your email address to anyone or share your contact details with anyone else.
The only information we collect about you is the information that you supply to us yourself through enquiry, publicly available data, email correspondence or opt-in to our e-newsletter. Such information will be treated in accordance with the Data Protection Act 1998 and General Data Protection Regulations (GDPR).
2.1.1 Sensitive Personal Data
We will not ask you for this.
2.1.2 Contact Data
We may process contact details that you provide to us which may include your name, address, telephone number, and email address. We may use this contact data to contact you to confirm consultations, issue invoices and provide any other relevant information.
2.1.3 Website Data
We may process data about your use of our website and services. The website data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency, and pattern of your service use. The source of the website data is our analytics tracking system. This website data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
2.1.4 Enquiry Data
We may process data contained in any enquiry you submit to us regarding our products or services to help better improve our website and services, but we will always ensure that your identifiable details will not be used within this process.
2.1.5 Payment Data
We will not ask you for this. Please do not supply yours or any other person’s payment data to us unless we have entered into a written data processing agreement with you.
2.2 Stored for No Longer than is Necessary
Our data retention and disposal policy ensures that the data is deleted once it is no longer required for the purpose for which it was obtained.
2.3 Accurate and Up to Date
Our policy ensures that personal data is rectified and deleted when it is not accurate and up to date. Data subjects have the right to be informed, and therefore you may ask us to provide you with any personal information we hold about you on the condition of valid provision of proof of your identity (a certified copy of your passport or driving licence by a solicitor or bank, plus an original copy of a utility bill showing your current address). You may inform us at any time not to process your personal information for marketing purposes. We may withhold personal information that you request to the extent permitted by law.
In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes. You may request a copy of the information we hold about you and exercise your rights in relation to your personal data at any point by written notice to us at email@example.com.
We have robust security measures in place to protect against loss, misuse, and alteration of your user data whilst under our control. Whilst we cannot guarantee that loss, misuse, or alteration to data will not occur, we endeavour to make every effort to guard against any such occurrences.
We take active steps to protect against viruses, spyware, and other malware. Our computers are password protected and only used by the sole employee(s). All sensitive information such as usernames and passwords are stored in a password-protected document, which only Melissa’s Copy can access. Our mobile devices are pin protected and have anti-virus and internet security software in place.
All data stored within copywriting and marketing documents is backed up automatically to an external encrypted drive every day. The data within these documents is usually destined to be published in the public domain when the copy goes to print or is published online.
3 ICO Registration
According to the ICO Registration assessment, we are only processing personal data for the core business purposes of administration, accounts and records, advertising, marketing, and public relations in connection with our own business activity. This means that we are not required to register with the ICO.
4 International Transfers
Data will not be transferred to countries outside the EEA without adequate protection.