GDPR STATEMENT OF COMPLIANCE
We have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. This document that follows explains how we comply.
If you have given us your email address you should read this to reassure yourself that we are looking after your data responsibly. We value the security of your information and will never intentionally breach the rules. However, as volunteers working for a non-profit organisation, we are trying our very best to understand and implement the rules.
Undiscovered Voices is run by a team of volunteers appointed by the SCBWI British Isles. We have made all members of the team and will make any future member of the team aware of these regulations if they are in contact with any personal data.
The information we hold:
- Email addresses and names of people who have signed up to our mailing list via the opt-in link on our website and held in MailChimp.
- Names, addresses, phone numbers and email addresses of people who have entered the UV competition, held in Dropbox. We share the names of those who enter the competition with other volunteers in the SCBWI to confirm their membership of the organisation to comply with the rules of the competition. We share contact information of longlisted and shortlisted entrants with members of the judging panel who ask for their contact details.
- Email addresses, names, positions and companies of industry professionals who work as agents, editors, art directors, or publishers in the field of children’s books. Held in MailChimp (or in Dropbox when collating attendance of the UV launch party).
Communicating privacy information
We are taking the following steps:
- We have put this document on our website, with a link from our sign-up section for new subscribers
- We will include a link to this document whenever we email our newsletter mailing list
- We contacted people on our mailing list who joined before 25/05/18 to show them this document and remind them of what they signed up to. We alerted them to any changes and reminded them that they can unsubscribe at any time and their data will be deleted
- An unsubscribe message is included in every mailing.
On request, we will delete data.
If they unsubscribe themselves from the MailChimp list, their data is automatically deleted.
We automatically delete the details of entrants to the UV competition a year after the publication of the UV anthology, except for the details of finalists, with whom we keep in contact.
Subject access requests
We aim to respond to all requests within one month and usually much sooner.
Lawful basis for processing data
If people have opted into our MailChimp list (by subscribing) they have actively opted in, in the knowledge that they will receive occasional emails.
We keep a record of current industry members (defined as agents, editors, art directors, publisher, scouts, journalists or booksellers who work with the children’s books) who would have a legitimate interest into the work of the SCBWI and the Undiscovered Voices anthology. Because of the dynamic nature of the industry we check these records every two years and update it in collaboration with other volunteers in the SCBWI. We also enable industry members to unsubscribe from our MailChimp list.
Once we’ve contacted everyone with a reminder about the T&C of us holding their data, we regard this consent as confirmed for the next anthology (two years), or until the person asks us to remove the data.
Consent is not indefinite, so we will make sure that we remind subscribers that they can unsubscribe or ask for their data to be removed.
Undiscovered Voices is only open to members of the SCBWI. Those under the age of 18 are not eligible for membership.
All our volunteers password-protect their computers and the cloud software they use. If any of the organisations whose software we use were compromised we would take steps to follow their advice immediately.
Data Protection by Design and Data Protection Impact Assessments
We have familiarised ourselves with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that we are using best practice.
Data Protection Officers
We have not appointed a Data Protection Officer.
Our lead data protection supervisory authority is the UK’s ICO.