K O’Donnell Proofreading Privacy Policy

The General Data Protection Regulation (or GDPR) consists of data-protection rules that became enforceable on 25 May 2018. The first principle of GDPR requires that I process all personal data lawfully, fairly and in a transparent manner. 

I’m Karen O’Donnell at K O’Donnell Proofreading. You can contact me on kodproofreading@gmail.com


What data I need and why

Any personal data I collect is minimal.

  • Contact details: I need your email address (and phone number where appropriate) to communicate with you, in response to a query you have made to me, about the job you have asked me to quote on or to carry out.

  • Contact form on my website: I will ask for your email address on the form, solely for the purpose of replying to your message.

  • Address: I will ask for your postal address when creating your invoice as required by the HMRC.

  • Cookies: Cookies are small pieces of data that your web browser uses to record some settings relevant to each website you visit. My website uses cookies in order to function properly. You can find more information about these via WixI use Google Analytics to see how users find and use my website. This requires the use of cookies too. I don’t collect or store personally identifiable data via cookies.

The text you send me to work on may contain personal details, but I will not extract these from the text or use them in any way. These will remain within the document until I dispose of it.

Where your data is stored and how it’s kept secure

  • My email account is password protected.

  • All of my files are kept on a password-protected PC and cloud. I also have antivirus software running on my PC.

  • My website uses HTTPS, which allows website authentication and protects the privacy and integrity of data exchanged while it is in transit.

My lawful basis for processing your data

  • I need your contact details and any specifics about the job for contract: that is, fulfilment of my contractual obligations to you.

  • I need your address for legal obligation: that is, to comply with the legal obligation I am subject to under HMRC’s rules on processing invoices.

What else happens to your data?

I won’t sell or rent your data to third parties or share your data with third parties for marketing purposes and I won’t use your data for the purposes of automated decision-making.

My retention period for your personal data

The HMRC requires that I keep relevant business records for a minimum of five years. Based on this, my retention period for all files relating to any particular job is six years. At the end of my six-year retention period, all files related to the job, including emails, will be deleted from my systems.

Your rights in respect of my data processing

You can:

  • request information about how I use your personal data

  • ask for a copy of your personal data in a form that is usable elsewhere

  • ask that I immediately rectify anything inaccurate in your personal data

  • request that your personal data is deleted from my systems

  • ask that my processing of your personal data is restricted in certain circumstances

  • raise an objection about how I use your personal data.

Your right to lodge a complaint with a supervisory authority

If you have a complaint you can contact me using the information at the start of this policy, or you can contact the independent regulator, the Information Commissioner’s Office.