We are very pleased that you are interested in our company. Data protection is of a particularly high priority for us, here at The Selkie Publications CIC. The use of our website www.theselkie.co.uk is possible without any indication of personal data. However, if a data subject wants to use special services provided by us via our website, processing of personal data becomes necessary. If processing of personal data is necessary and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the UK’s Data Protection Act 2018. By means of this privacy policy, we would like to inform you and the general public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.
As the controller, The Selkie Publications CIC has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
Definitions
The privacy policy of The Selkie Publications CIC is based on the terms used by the European Directive and Regulation (EU) when adopting the GDPR and the DPA obligations. Our privacy policy should be easy to read and understand for the public as well as for our users and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this privacy policy:
Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling
Profiling shall mean any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or data controller
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party.
Third party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
Consent
Consent shall mean any freely given specific and informed indication of the data subject’s wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
Name and address of the data controller
The controller within the meaning of the GDPR and the UK’s DPA is:
The Selkie Publications CIC
Unit 5, 241a Selbourne Road,
Luton, LU4 8NP, UK
contact [at] theselkie.co.uk
www.theselkie.co.uk
Place of business address:
Enterprise Hub
11 Crichton Street
Newington, Edinburgh, EH8 9LE
(hereinafter, ‘The Selkie’, ‘we’, ‘us’ or ‘our’)
Data Subject Rights
You have a number of ‘Data Subject Rights’. Below is some information on what they are and how you can exercise them. There is more information on each right on the Information Commissioners (ICO) website and you can simply follow the links provided to learn more.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website.
Please direct all requests for information, requests for information or objections to data processing to us.
What are the relevant legal bases for processing your data?
The following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
Contract – This is where we process your information to fulfil a contractual arrangement we have made with you.
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
Legitimate interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and services in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.
Vital interests – This is where we process your information for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights.
Accuracy
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Cookies
The Internet pages of The Selkie use cookies. Cookies are text files which are stored on a computer system via an internet browser. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID. You can learn more about cookies on the All about Cookies website and in our Cookie Policy.
Collection of general data and information
Our website collects a series of general data and information every time a data subject or automated system calls up the website. This general data and information is stored in the log files of the server of our Content Delivery Network provider, WordPress. The following data may be collected:
- the browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system accesses our website (so-called referrer),
- the sub-websites which are accessed via an accessing system on our website,
- the date and time of an access to the website,
- an Internet protocol address (IP address),
- the Internet service provider of the accessing system, and
- other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to:
- deliver the contents of our website correctly,
- optimise the contents of our website and the advertising for these,
- ensure the long-term operability of our information technology systems and the technology of our website, and provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
Subscription to our newsletter
On our website, users are given the opportunity to subscribe to our newsletter. The personal data transmitted to us when the newsletter is subscribed to is specified in the input mask used for this purpose and currently limited to the e-mail address of the data subject.
Our newsletter can only be received by the data subject, if:
- the data subject has a valid e-mail address, and
- the data subject registers for the newsletter mailing.
For legal reasons, a confirmation e-mail is sent to the e-mail address registered by a data subject when the newsletter is sent for the first time. (The double opt-in procedure). This confirmation e-mail serves to verify whether the owner of the e-mail address as the data subject has authorised the receipt of the newsletter.
When registering for the newsletter, we also store the IP address of the device used by the data subject at the time of registration, as assigned by the Internet service provider (ISP), as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later point in time and therefore serves as a legal safeguard for the controller.
The personal data collected in the context of the newsletter registration are used exclusively for sending our newsletter. No personal data collected as part of the newsletter service will be passed on to third parties. The subscription to our newsletter can be cancelled at any time using the corresponding link which can be found at the bottom of each newsletter. Furthermore, it is also possible to unsubscribe from the newsletter by e-mailing us directly.
Contacting us
If a data subject contacts us or individual members of our team via e-mail or the contact form, the personal data transmitted will be stored automatically. The personal data sent is in this sense, transmitted on a voluntary basis by a data subject and is stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.
Member account and registration
It is also possible for a data subject to register in our member area. For this purpose, a data subject can choose a password together with an e-mail address, both of which will enable you to log in more easily without having to enter your data again when you visit us at a later date. We store the data you enter to set up a membership account and will hold the data provided as long as the data subject maintains a subscription.
Online payments, donations, secure data transmission and credit card information
The transmission of personal information when purchasing a membership (an order transaction) is encrypted using industry standard Secure Socket Layer (‘SSL’) technology, (SSL encryption version 3). Any credit card information provided will not be stored by us, but will be encrypted and collected directly from our payment service providers PayPal and Stripe or in case of a donation Donorbox via hypertext transfer protocol secure (‘https’).
We may share information with PayPal, Stripe or Donorbox, and you may need to provide credit or debit card information directly to the provider in order to process payment details and authorise payment following a secure link. The information supplied in such cases is not within our control and is subject to PayPal’s, Stripe’s or Donorbox’s own Privacy Notice and Terms and Conditions.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Submissions
From time to time, The Selkie accepts work and written submissions. A data subject may be able to transmit certain information, share certain details and transmit relevant content to us. Content and data is then processed by us and may be made publicly viewable. When you send submissions to us, you have choices about the information you provide. It’s your choice whether to include sensitive information and to make that sensitive information public. Please do not share or submit personal data that you would not want to be made available.
Online meetings and events
We use Zoom, YouTube and Microsoft Teams to conduct our online meetings or events and various types of data are processed when using an online platform for meetings. The scope of the data depends on the information you provide before or during participation in an online meeting. If you contact us in electronic form (e.g. e-mail, fax, telephone, messenger, etc.), we store and process the data you have provided us with (e.g. name, contact information, content of the enquiry). The legal basis for this is our legitimate interest in effective customer communication and, insofar as it concerns an enquiry to enter into or fulfil a contract. You can request information about the purpose of processing, origin and, if applicable, recipients of your personal data from us free of charge at any time.
Applications
If you use our forms to apply for a volunteer role or job, we process the information we receive from you as part of the application process, e.g. through your letter of application, CV, references, correspondence, telephone or verbal details. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us.
Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used to carry out and terminate your employment and will be deleted in accordance with the rules applicable to personnel files. If we are unable to offer you employment, we will continue to process your data for up to six months after sending the rejection in order to defend ourselves against any legal claims, in particular alleged discrimination in the application process.
As a rule, we do not require any special categories of personal data for the application process. We ask you not to provide us with any such information from the outset. If such information is relevant to the application process, we process it together with your other data. Your data will not be used by us for automated decision-making or profiling, nor will it be passed on to third parties. Your data will be processed by us or on our behalf.
You are not obliged to provide us with personal data. However, we can only assess your suitability for the respective position under consideration if we receive information in particular about your education, work experience and skills, and we cannot include you in the application process without providing your contact details.
Retention, deletion and blocking of personal data
We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing in accordance with the GDPR and the UK’s DPA. If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
When do we disclose your personal data?
We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our online offer and our services. If you wish to learn more about how the relevant provider process your personal data, please follow the link embedded in the above-mentioned provider’s name.
Typically and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively). If we commission third parties to process data on the basis of a so-called ‘processing agreement’.
In relation to meta data obtained about you, we may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.
We may also disclose information in other circumstances such as when you agree to it or if the law, a court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
Integration of services and contents of third parties
We use within our online offer on the basis of our legitimate interests content or services offered by third-party providers in order to integrate their content and services.
This always requires that the third-party providers of this content are aware of your IP address, since the content or service could not send to your browser without the IP address. The IP address is thus required for the display of this content and we endeavour to use providers that only use your IP address for the delivery of the content or services. However, third-party providers may also use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. The ‘pixel tags’ can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.
Collection, processing and use of personal data for the purpose of advertising and market research
We use your personal data for advertising and market research purposes as follows:
- When you open our e-mails, click on links contained therein or submit a website form after clicking on a link, we record this and save this information.
- If you recommend information from us by e-mail or to social networks using our recommend functions, we detect this and, if applicable, record the networks to which the information was recommended as well as the use by third parties. Personal data of third parties will never be stored without their consent.
- If you call up images in e-mails or click on links, we determine the type of terminal device used.
- If you access our website via a link from a message from us, we integrate information about your website visit.
- If you call up images in e-mails or click on links, we determine the location from which the call-up is made by recording your IP address. Your IP address is not stored.
The legal basis for this is our legitimate interest in optimising our advertising products and our online presence is our legitimate interest.
Automated decision-making and profiling
We do not use automation for decision-making and profiling.
Children data
Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your child has provided us with personal data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
What are the categories of data subjects?
Customers, interested parties, visitors and users of the online offer, business partners. In the following, we refer to the data subjects collectively as ‘users’.
What are the purposes for processing?
- Provision of the online offer, its contents and functions.
- Provision of contractual services, service and customer care.
- Answering contact enquiries and communication with users.
- Marketing, advertising and market research.
- Security measures.
Social media plug-ins
We offer you the option of using so-called ‘social media buttons’ on our website. This means that these buttons are only integrated on the website as a graphic that contains a link to the corresponding web ite of the button provider. By clicking on the graphic, you are thus redirected to the services of the respective provider. Only then will your data be sent to the respective providers. If you do not click on the graphic, there is no exchange between you and the providers of the social media buttons. Information about the collection and use of your data in the social networks can be found in the respective terms of use of the corresponding providers.
Direct marketing
From time to time we may use the personal information we collect from you to identify particular services which we believe may be of interest to you. We may contact you to let you know about these products and services and how they may benefit you.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or relationship with us.
Direct marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing form sent or made by us or on our behalf should include a means by which customers may unsubscribe (or opt out) of receiving similar marketing in the future.
reCAPTCHA
We integrate Google ‘s ‘reCAPTCHA’ function to be able to recognise whether entries (e.g. in online forms) are made by humans and not by automatically acting machines (so-called ‘bots’). The data processed may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on websites, previously visited websites, interactions with reCAPTCHA on other websites, possibly cookies as well as results of manual recognition processes (e.g. answering questions asked or selecting objects in images).
Hosting
The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our relationship with them, please contact them as described in this privacy policy.
Content Delivery Network
For the purpose of a shorter loading time, we use a so-called Content Delivery Network (‘CDN’) for some offers. With this service, content, e.g. large media files, are delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. Our service providers work for us within the framework of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
Data breaches and notification
Databases or data sets that include personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose personal data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Confirmation of confidentiality
All company employees must maintain the confidentiality of personal data as well as company proprietary data to which they may have access and understand that that such personal data is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgement reminders annually attesting to their understanding of this requirement.
Changes
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.
Queries and complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then please contact us.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
This privacy policy is valid as of September 2022