This is going to be the most interesting policy you’ve ever read.
Because I actually want you to read the dern thing. Before we dive into this lovely pile of roses…
Third Person Creative (thirdpersoncreative.com) will be referred to as ‘TPC’, and Third Person Creative Courses, or Creative Courseware, (courses.thirdpersoncreative.com) will be referred to as ‘TPC Courses’, and Third Person Creative Forums (florence.thirdpersoncreative.com) will be referred to ‘TPC Forums’ because I don’t want to type it all out every time.
I’m doing this because I’m terrified of of being fined 20m Euros.
For privacy, and for General Data Protection Regulation (GDPR) compliance, ‘personal data’ is defined as any information that can be used to identify a person, and must be acquired with clear consent.
I’m also afraid of being fined 20 million Oreos, for the record.
I capture two ‘groups’ of data:
In the case of TPC I capture email, and metrics associated with Google Analytics.
In the case of TPC Courses, I capture Email, Name, Address, Country, Phone Number, and Credit Card Number.
In the case of TPC Forums I capture a user-created username, email, and custom profile information.
For all sites I operate, I capture data that’s relevant to site security (IP address, country, and connection profile information). This information is not used for marketing.
Why do you need all that?
In the case of TPC…
I need your email to send out the weekly RSS feed, which consists of all of the recently published blog posts, any additional content such as when I send out an email directly to the list for entertainment, enrichment, marketing, or site news (i.e. when I take breaks from content-creation, or if the site goes down).
I need the Google Analytics (GA) information to create content intelligently. The GA information helps me optimize what articles do well, which one’s don’t, who reads them, and why. This helps me make informed business decisions like what time should I schedule my posts? Do journal-style articles do better than stories? Should I spend more time optimizing for phones and tablets? (for example). I specifically go into some more details about what I do with the GA metic data in the ‘What do you do with it?’ section below.
In the case of TPC Courses…
Email – General course communication such as lesson follow up, checking in, billing communication, or account dialogue.
Name – Knowing a student’s name is important to me. I’m in this business to help people, not obfuscated strings of characters with an ‘@’ symbol attached to them.
Address – I capture your address to help me differentiate between students (read: verify your identity), to determine you time-zone to help schedule online conference calls, and because my payment gateways won’t let me process your course subscription payment without it.
Phone Number – This gives me a way to reach out to you directly if there’s a problem, and is sometimes used for billing purposes.
In the case of TPC Forums…
Name – Knowing a student’s name is important to me. I’m in this business to help people, not obfuscated strings of characters with an ‘@’ symbol attached to them (same as above, I just copy-pasted the line because I’m trying to be explicit here).
username – Because you need this to log in, and I need to know it’s you and not some punk h4x0r.
Forum Profile Information – This is expressly for the benefit of other site members and exists as space for your own self-promotion. You can put as much or as little as you want in your TPC Profile.
What do you do with it?
TPC promises to never sell your personal data. Full stop.
I also promise to never share your email address without your consent.
In fact, I will never share your Address, Country, Phone Number, or Credit Card information to an outside source without your consent for any reason.
- Using Google Analytics to decide to invest more time in social media marketing.
- Sharing your email with another blogger in a ‘list swap’ without your consent.
- Selling your personal address to an advertising company.
- Storing any of your information on a computer without encryption.
What about all that tracking stuff?
While Google records your Internet Protocol (IP) address, it explicitly prevents me from seeing it in ANY of my reports. This means, that I can say “okay, out of 100 people who visited my site, 10 of them are really into News and Politics”, but I can’t say “Matthew, Mark, and Luke are really into News and Politics”.
The first statement is an example of aggregate data, and Google doesn’t give me any tools (nor should they) to identify who those people are, thus protecting their identify while still being useful to me as a business owner and content creator. I did try to find a list of all the stuff that Google tracks in their GA acquisition process, but it’s actually hard to come by. I imagine that it’s probably going to be a few lawsuits before a hard and fast list comes out. Until then, the best I can do is be crystal clear on what I do with it, and the best way to do that, is to provide some real-world examples:
Data Breach Notifications
TPC promises to comply with the GDPR (and to, ya know, remind you I’m a decent human) by pledging to inform users of any data breaches via email as soon as possible, but not longer than 72 hours. Easy peasy.
Where is all this data kept?
TPC, TPC Forum, and TPC Courses, login information, email, and account information is kept on my hosting provider’s server. Email information is also kept on MailChimp’s servers, and all billing information is saved to Stripe’s servers.
I will mention here that information is briefly passed to a content delivery network, but they’re GDPR compliant too. I’ll make a list at the end of this ‘policy’ of all the companies I use and links to their individual policies when I go over the flow of data at the end.
GA Analytics information is kept on Google’s servers.
How long do you plan on keeping it?
In the case of TPC, Emails are kept until you don’t want us to keep them anymore. At the bottom of every email I send is an option to unsubscribe. From there, you can choose to what level you want your information erased.
For TPC Courseware users, you can reach out to me directly if you want all of your info deleted (averyATthirdpersoncreative.com).
Security and Flow of Control.
Yes. All information across all TPC websites is encrypted using SSL (between you and my servers). It’s also locked up in transit. Let’s look at the flow of things by demonstrating which companies come into play and when:
You visit the site:
After you connection is secured via an SSL certificate (this is security for both of us), your computer’s information is processed by my security suite to determine if you’re legit, or a hacker.
I’m in! Now what happens?
And the email?
What if I buy a course?
NOTE: All of the companies I interface with have upped their privacy game and are GDPR compliant. Everyone is on the same page in believing that your personal data is…well, personal. It’s yours – even as it lives on our servers. It’s our job to take care of it while it’s visiting, and not abuse the fact you’re choosing us to do what you do.
Thanks for reading!
Hey you missed something!
Great! Let me know: averyATthirdpersoncreative.com