The GDPR (General Data Protection Regulation) is a new set of European privacy laws that come into force in May 2018 and which protect the personally identifiable information of EU data subjects (typically EU residents). You can learn more about how we abide by these laws on this page.
Please note that this page only describes our GDPR compliance and policies in relation to our subscribers.
Personally identifiable information is any information which can be directly correlated to you as an individual. For example, this could include:
The information we store and process about subscribers is as follows:
If we hold personally identifiable information about you and you are a resident of the European Union, you are able to request that we provide you with a machine-readable copy of that information. In our case, that would typically be your email address and subscriptions, and potentially other information we may have collected such as your company name, social handles, etc.
You can email us at firstname.lastname@example.org to request access to this data. Please note that it is necessary for us to verify your identity for data protection reasons, although if you are requesting data assigned to the same email address from which you make the request, we will consider this “reasonable means” of verification.
You are able to request that we erase all information we store about you that is personally identifiable and which we are not required, by law, to keep (for example, we may need to keep customer information for tax purposes, but the GDPR allows this).
If you email email@example.com we will process your request. We can either erase all of your personally identifiable information (in which case you will also be unsubscribed from our publications) or erase part of your information, such as if we hold your name, company name, and similar details on file.
We have determined that for most uses of personal data, the “Legitimate Interest” basis is appropriate. Handling of personal data to send email newsletters to our subscribers passes the three relevant tests:
Further to the above, our universal use of the double opt-in process also affords us an audit trail of informed consent for each subscriber based upon the opt-in confirmation time and the IP address used.
It is a necessity of business that we share personally identifiable information with third parties under certain situations. We have tried to enumerate each opportunity this occurs below:
All of our third party provided above either have a presence in the EU and are subject to the GDPR themselves, or have asserted they comply to the EU-US Privacy Shield policy.