The law relating to data protection is changing on 25th May 2018 when the General Data Protection Regulation (GDPR) comes into force. It is a new piece of EU legislation (Regulation (EU) 2016/679) that will replace the Data Protection Act 1998 and will be in force in the UK until the UK leaves the EU. A new Data Protection Act (DPA), currently going through Parliament, will apply post-Brexit although any business in the UK which collects and/or processes data belonging to any EU citizen will still be required to comply with the GDPR irrespective of the provisions of the projected DPA.
Under the GDPR, organisations are required to provide individuals with information about the use and processing of their personal data. Note 1: ‘Personal data’ means any information relating to an individual who can be identified from that data. This note is intended to help you understand how you can maintain control of your information. GDPR is about protecting individuals and their rights in respect of their personal information. It is designed to ensure that an individual can maintain control over their information. Under GDPR you can:
- Request access to, deletion of, or correction of your personal data.
- Request your personal data be transferred to another person.
- Complain to a supervisory body.
Who We Are
Our website address is: https://treeofsapphires.com. The website is owned by Rev. Maggy Whitehouse and is for the purpose of her teaching of Kabbalah.
Your Personal Data: Collection And Usage
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Data Used: If Akismet is enabled on the site, the contact form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, website, and message.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor has visited the other website.
Sharing Your Data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so that we can recognise and may approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except that they cannot change their username). Website administrators can also see and edit that information.
Your Data: Your Rights
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
If you are located in certain countries, including those that fall under the scope of the European General Data Protection Regulation (AKA the “GDPR”), data protection laws give you rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:
- Request access to your personal data;
- Request correction or deletion of your personal data;
- Object to our use and processing of your personal data;
- Request that we limit our use and processing of your personal data; and
- Request portability of your personal data.
You can usually access, correct, or delete your personal data using your account settings and the tools offered but if you aren’t able to do that, or you would like to contact us about one of the other rights, contact the Data Controller, Peter Dickinson, at email@example.com. EU individuals also have the right to make a complaint to a government supervisory authority.
Where We Send Your Data
Visitor comments are checked through Akismet, an automated spam detection service.
This website is secured behind the ‘Wordfence’ firewall which is a very effective measure of protection for this website and for any data of any kind which may be stored on it. In the unlikely event of website data being downloaded by the Data Controller, such data is downloaded to an encrypted computer situated behind a firewall. There is no long-term storage of personal data taken from this website.
Data Breach Procedures
See ‘Data Protection’ above.
Third Party Data
We do not receive data from third parties.
Automated User Data Decision Making and/or Profiling
Appendix 1: Personal Data Collection For Astrological Purposes
General Data Protection Regulation
We take your privacy seriously and will only use your personal information to provide the products and services you have requested from us. By submitting your birth data (your name, birthdate, time and place of birth), either verbally, by email, by letter or any other form of transmission, you confirm that you have understood the information below and consent to the use of your data as described.
The notes below clarify how your data is handled in the course of our contact with you and in our work in general.
GENERAL – THE SHORT VERSION !
- Data held by StarLightAstrology (Maggy Whitehouse and Peter Dickinson) is never sold, shared or passed on to anyone else for any reason.
- No other person has access to your data, in whatever form it is held.
- All or any specific items of data can be erased on request.
- No data is acquired from any source other than personal communication.
- Only necessary data is held to enable fulfilment of requests for astrological work.
A LITTLE MORE DETAIL
- Data necessary for the agreed consultation will initially consist of birth data (date, time, place) and email address. Additionally, some of the following may be requested: postal address, phone number(s), Skype name, biographical information.
- All data is kept entirely confidential, is stored securely and is never sold or passed on to anyone else, for any reason.
- Access to your data, in whatever form, is limited to StarLight Astrology only (apart from the unlikely event of compulsory disclosure to legitimate and warranted law-enforcement officers).
- Your horoscope will never be used publicly for any purpose whatsoever without your permission.
- Birth data only (name, date, time, place) are archived indefinitely in astrological software, for the following purposes:
- Private astrological research.
- To enable rapid response to urgent requests for astrological work at short notice
- StarLight Astrology does not use online webmail services (for example GMail or similar). In the normal course of events any email sent to StarLight Astrology passes through our email hosting service from which it is immediately deleted as soon as it is downloaded to our computers. These computers are encrypted and are not available to anyone outside StarLight Astrology. Only emails which may be relevant to current and any future requests for further work are stored; all others are deleted, usually within sixty (60) days of receipt.
- As records are held electronically, all printed copies of notes, emails, astrological charts and information sheets are shredded following their use.
- Uploads of recordings are available on Dropbox for a period of 28 days, after which they are deleted from the server. These recordings are then archived in our computers (password-protected) for a period of up to approximately one year, to ensure that you have downloaded your copy. They are then securely deleted and unrecoverable.
- This is for your convenience (as backup in case of loss or reformat of your computer, for example) and for that of StarLight Astrology, to review a session if necessary.
- You may request deletion at any time.
- If you have further questions, please email the Data Controller, Peter Dickinson, at firstname.lastname@example.org.
Issued May 23 2018 by Peter Dickinson (Data Processor/Controller) for the purpose of GDPR compliance.