As you are aware, there are a lot of responsibilities for Data Processors and Data Controllers following the publication of GDPR (General Data Protection Regulation).
GDPR came into force in May 2018 and as the owner of this membership site, I wanted to summarise some of the key elements of how I comply with GDPR and how you can find out more. This is a complicated piece of legislation of which there is currently poor guidance for Membership Site owners so I hope this will help you understand further.
The official GDPR EU pulication is available to read at https://www.eugdpr.org/
Under GDPR you have the "right to be forgotten". This means that you raise a support ticket at any time and request that you are "forgotten" by our systems.
I store data in three separate systems of which one is under my direct control. These systems are WordPress, Stripe (our payment processor) and ActiveCampaign (our marketing system).
The data I hold for you enables me to do things like:
Process recurring payments with our payment processor and issue receipts/invoices to you.
Send you emails about products, services that I think you might be interested in.
Email, text or phone you about your progress through my courses.
Track your usage of the membership site, including pages visited and course content consumed.
Essentially you have the right to ask me:
To provide you with a copy of the data that I hold about you in these systems
To ask me to provide you with information about how I process your information and what I use it for
To ask me to delete all information about you that I am not required to keep by law for taxation or company accounting reasons. Typically a request to be forgotten would mean the deletion of your user account completely and the deletion of your information from our marketing systems, including the deletion of information I hold about you that pertains to pages you have visited on my site and course content that you have consumed. It would not include the deletion of your payments, subscriptions or orders held either in WordPress or Stripe as I need to keep this to comply with accounting and taxation laws.
This document is not an official document. I am not a lawyer and it is written in my own words. I wanted to give you a summary of how I understand how GDPR relates to you and I, in relation to this membership site.
If you have any further questions please contact me via the Support Ticket system once you are logged into your account.
I respect your data, your privacy and your security and endeavour to treat you and your information with respect, utmost care and protection.