Data processing
My clients are not-for-profit and for-profit organizations. As “data controllers,” my clients collect personal information from their constituents in a GDPR-compliant way. This process includes notifying individuals that their data may be used for the type of processing I am contracted to provide. I use the basic biographical details collected and shared securely with me by my clients to help them identify potential sources of funding that could support their charitable work.
Once a client transfers this personal data to me using secure electronic means, I use it as a starting point for research, which also includes the use of publicly-available sources, such as newspaper articles and public company filings. I do not use any automated methods for profiling using the personal data I receive from my clients. I return my research results to my clients using secure electronic transfer methods. Upon project completion, I delete all related personal data.
Data collection
Through my website, I collect contact information from visitors who voluntarily ask to join my email list or request a consultation. This data is used purely for the user’s intended purpose and is never given to a third party for any reason. Email list subscribers can opt out at any time.
When visitors to my website leave comments (for instance, on a blog post), I collect the data they submit through a comments form along with their IP addresses and browser user agent string. This information is used to detect and control spam.
Blog posts on my website sometimes include embedded content from other websites, such as videos. Accessing these materials on my website is equivalent to visiting the original site from which the material was embedded. These websites may collect data about you when you view these materials. Please see the relevant websites’ privacy policies for details.
If you leave a comment on my website, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies last for one year.
Individuals who use the Gravatar service and leave a comment on my website may generate an anonymized string created from his/ her email address (also called a hash) that may be provided to the Gravatar service. Once I have approved a comment submitted by a Gravatar user, that comment will be displayed with the user’s Gravatar profile picture. The Gravatar service privacy policy is available here: https://automattic.com/privacy.
I also use Google Analytics to get a broad overview of the general location of visitors to my website and the pages they view there. This information does not reveal the identities of individual visitors. I used these details to help improve my services and identify possible topics for blog posts based on user interest.
Review process
I conduct weekly reviews of the personal data I process and the security of electronic file transfer methods I use with my clients. I update my practices and procedures regularly based on this review.
Contact me
As Principal and Data Protection Officer for my firm, you can contact me at any time to request access, correction, or deletion of data I may have about you and to restrict any processing activities that may be in progress. I can be reached at:
Beth Bandy
Beth Bandy Research & Consulting LLC
PO Box 36
Shelburne Falls, MA 01370 USA
+1 413-824-2593
beth@bethbandy.com