My Indie Bookshelf takes its responsibilities with regard to the management of the requirements of the General Data Protection Regulation (GDPR) very seriously. This policy sets out how My Indie Bookshelf manages those responsibilities.

My Indie Bookshelf obtains, uses, stores personal data relating to author book submissions and newsletter signups, collectively referred to in this policy as data subjects. When processing personal data, My Indie Bookshelf is obliged to fulfil individuals’ reasonable expectations of privacy by complying with GDPR and other relevant data protection legislation (data protection law).

This policy therefore seeks to ensure that we:

1. are clear about how personal data must be processed and My Indie Bookshelf’s expectations for all those who process personal data on its behalf;

2. comply with the data protection law and with good practice;

3. protect My Indie Bookshelf’s reputation by ensuring the personal data entrusted to us is processed in accordance with data subjects’ rights

4. protect My Indie Bookshelf from risks of personal data breaches and other breaches of data protection law.

The main terms used are explained in the glossary at the end of this policy (Appendix 3).

Scope

This policy applies to all personal data we process regardless of the location where that personal data is stored (e.g. on an employee’s own device) and regardless of the data subject. 

Personal data protection principles

When you process personal data, you should be guided by the following principles, which are set out in the GDPR. My Indie Bookshelf is responsible for, and must be able to demonstrate compliance with, the data protection principles listed below:

Those principles require personal data to be:

1. processed lawfully, fairly and in a transparent manner (Lawfulness, fairness and transparency). 

2. collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes (Purpose limitation). 

3. adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data minimisation). 

4. accurate and where necessary kept up to date (Accuracy). .

5. not kept in a form that permits identification of data subjects for longer than is necessary for the purposes for which the personal data is processed (Storage limitation). 

6. processed in a manner that ensures its security, using appropriate technical and organizational measures to protect against unauthorized or unlawful processing and against accidental loss, destruction or damage (Security, integrity and confidentiality). 

Data Subjects’ Rights

Data subjects have rights in relation to the way we handle their personal data. These include the following rights:

1. where the legal basis of our processing is Consent, to withdraw that Consent at any time;

2. to ask us to erase personal data without delay:

Accountability

My Indie Bookshelf must implement appropriate technical and organizational measures in an effective manner to ensure compliance with data protection principles. My Indie Bookshelf is responsible for, and must be able to demonstrate compliance with, the data protection principles.