Your right to privacy is important to me. I keep your data private and secure. I do not sell or give your details to anyone else. I hold data about you because we have worked together, learned together, or campaigned together—or because you have asked to receive messages from me.
I am Walt Hopkins, doing business as Castle Consultants International, 9 Drummond Park, Crook of Devon, Kinross KY13 0UX, Scotland. In legal terms, I am the data controller for the database on my computer.
This policy is based on the requirements of the GDPR (General Data Protection Regulation). Here are my answers to the key GDPR questions:
What information do I collect?
My database is my Contacts file. Depending on how long we have been connected, I may have only an email address or a phone number—or I may have much more information. Here are some of the possibilities:
Your email address.
An alternative email address—in case the first one fails.
An old email address—in case the second one fails.
Your landline phone number at work.
Your landline phone number at home.
Your mobile phone number for work.
Your personal mobile phone number.
Your postal address at work—often because you asked me to send you something.
Your postal address at home—often because you asked me to send you something.
The name of your organisation.
Your job title.
Your former organisation—if that is where we originally met.
Your photo—more recently, this is usually from LinkedIn and assists my visual memory. Further back, this may be from the photos I used to take of people on my training courses.
Your birthday—often just the day and month, but sometimes also including the year.
The name of your spouse or partner, and possibly your children. If they are not over 18 I will remove their names as I update the database.
When and where we met (such as the date and name of a training course or when we were in school together).
When we connected on LinkedIn—usually including the date when you requested the connection or when I requested the connection.
Organisations we both belong to (such as SNP, NTL, etc.).
Schools we both attended.
Groups that you belong to so that I can send emails to specific people for marketing a course or for organising a political campaign.
I am reasonably certain that I do not have ALL this information on anyone. The key change now is that I must get positive consent from you to add you to my database, as well as giving you a clear way to remove yourself from my database.
Why do I collect the information?
To stay in touch. I connect regularly with people I met when we were in primary school, high school, college, on the first job, and then right on through fifty years of workshops and campaigning. I love being able to find out that we first met in a certain place at a certain time.
To offer you a newsletter—my almost-annual sharing of thoughts about what is happening in my world and the rest of the world.
To offer you an opportunity—to get a book or attend a workshop.
How do I secure the information?
Although nothing that you or I send over the internet is 100% secure, when I get your data I keep it in a password-protected database. I am working with MacAce, my wonderful ISP, to make the data even more secure with encryption. Here is my commitment:
I will keep your data secure and private.
I will never sell your data or share it with third parties.
I will allow you to unsubscribe at any time.
I will provide a file containing all the date I hold on you—if you so request.
You have rights—called Data Subject Rights—and you can find out more about them at https://ico.org.uk Among those rights is the right to be forgotten. If you want me to remove some or all of the data I have about you, just email me with that request and I will remove that data.
Here is a list of your rights:
Right of access – to request access to your personal information
Right to rectification – to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased
Right to restriction of processing – to restrict processing of your personal information
Right to data portability – to electronically move, copy, or transfer your personal information in a standard form
Right to object – to object to processing of your personal information
Rights with regards to automated individual decision-making, including profiling
How long do I keep the data?
As you can imagine from what I’ve said above, I have been keeping data for a long time. But that is changing. Some of you have read the book that I wrote with George Simons: Seven Ways to Lighten Your Life Before You Kick the Bucket. In our search for other lists beyond the Bucket List, we came up with seven alternative lists.
The first is a Chucket List. Old and out-of-date data is now on my Chucket List and I have begun clearing and shredding old files of names and other data. That also means shredding stacks of DVDs—I think the floppy disks and Zip disks have all been erased and dumped. Remember, you can ask me to delete all of your data now.
The second is a Shucket List. Data is also on my Shucket List as I shuck and prune the data I do hold to remove out-of-date or irrelevant information. I have a habit now of clearing a file folder of out-of-date papers whenever I add something new. The next challenge is to build that habit with digital files! Remember, you can ask me to shuck some of your data.
My current process for managing my database includes these steps:
1. When you ask to be added to my mailing list, I add your email and other information such as when and where we met.
2. When you ask to connect on LinkedIn, I add your email, your photo, and other information such as when and where we met.
3. When I send out a message, I get a list from MacAce (my brilliant and highly recommended ISP!) with the automatic deletions from the latest version of the mailing list. If I can reach you some other way, I check to see if you have a new email. Otherwise, I delete your entire file.
4. My offsite backup goes to Backblaze. That backup is continuous so that new data overrides old data. When I delete your information on my computer, it will be deleted with the next Backblaze backup.
5. My onsite backups include several setups. Backups last about two years on the Time Capsule before the space gets used up and I start over. Backups on my three other external hard drives get updated at least once a month and so remove anything I’ve deleted. I also have some old DVD backups which, assuming they still work, I will check, erase, and then shred.
6. When you ask me to delete some or all of your data, I will do so within 30 days and the backups will disappear eventually. My goal is to clear all the old backups within the next three years.
7. When I die, all the data will be destroyed—after my executors email you one last time to let you know I’ve gone.