This is going to be the most interesting policy you’ve ever read.
Because I actually want you to read the dern thing. Before we dive into this lovely pile of roses…
Third Person Creative (thirdpersoncreative.com) will be referred to as ‘TPC’, and Third Person Creative Courses, or Creative Courseware, (courses.thirdpersoncreative.com) will be referred to as ‘TPC Courses’, and Third Person Creative Forums (florence.thirdpersoncreative.com) will be referred to ‘TPC Forums’ because I don’t want to type it all out every time.
I’m doing this because I’m terrified of of being fined 20m Euros.
For privacy, and for General Data Protection Regulation (GDPR) compliance, ‘personal data’ is defined as any information that can be used to identify a person, and must be acquired with clear consent.
I’m also afraid of being fined 20 million Oreos, for the record.
Information Types
I capture two ‘groups’ of data:
In the case of TPC I capture email, and metrics associated with Google Analytics.
In the case of TPC Courses, I capture Email, Name, Address, Country, Phone Number, and Credit Card Number.
In the case of TPC Forums I capture a user-created username, email, and custom profile information.
For all sites I operate, I capture data that’s relevant to site security (IP address, country, and connection profile information). This information is not used for marketing.
Why do you need all that?
Great question!
In the case of TPC…
I need your email to send out the weekly RSS feed, which consists of all of the recently published blog posts, any additional content such as when I send out an email directly to the list for entertainment, enrichment, marketing, or site news (i.e. when I take breaks from content-creation, or if the site goes down).
I need the Google Analytics (GA) information to create content intelligently. The GA information helps me optimize what articles do well, which one’s don’t, who reads them, and why. This helps me make informed business decisions like what time should I schedule my posts? Do journal-style articles do better than stories? Should I spend more time optimizing for phones and tablets? (for example). I specifically go into some more details about what I do with the GA metic data in the ‘What do you do with it?’ section below.
In the case of TPC Courses…
Email – General course communication such as lesson follow up, checking in, billing communication, or account dialogue.
Name – Knowing a student’s name is important to me. I’m in this business to help people, not obfuscated strings of characters with an ‘@’ symbol attached to them.
Address – I capture your address to help me differentiate between students (read: verify your identity), to determine you time-zone to help schedule online conference calls, and because my payment gateways won’t let me process your course subscription payment without it.
Phone Number – This gives me a way to reach out to you directly if there’s a problem, and is sometimes used for billing purposes.
In the case of TPC Forums…
Name – Knowing a student’s name is important to me. I’m in this business to help people, not obfuscated strings of characters with an ‘@’ symbol attached to them (same as above, I just copy-pasted the line because I’m trying to be explicit here).
username – Because you need this to log in, and I need to know it’s you and not some punk h4x0r.
Forum Profile Information – This is expressly for the benefit of other site members and exists as space for your own self-promotion. You can put as much or as little as you want in your TPC Profile.
What do you do with it?
TPC promises to never sell your personal data. Full stop.
I also promise to never share your email address without your consent.
In fact, I will never share your Address, Country, Phone Number, or Credit Card information to an outside source without your consent for any reason.
Examples
Acceptable Uses
- Sending your credit card info to Stripe, my payment gateway, (click here for their privacy policy), and letting them process your payment with your credit card provider.
- Sending your email to MailChimp (click here for their privacy policy), so I can send out the RSS newsletter and mass emails.
- Using Google Analytics to decide to invest more time in social media marketing.
Unacceptable Uses
- Sharing your email with another blogger in a ‘list swap’ without your consent.
- Selling your personal address to an advertising company.
- Storing any of your information on a computer without encryption.
What about all that tracking stuff?
While Google records your Internet Protocol (IP) address, it explicitly prevents me from seeing it in ANY of my reports. This means, that I can say “okay, out of 100 people who visited my site, 10 of them are really into News and Politics”, but I can’t say “Matthew, Mark, and Luke are really into News and Politics”.
The first statement is an example of aggregate data, and Google doesn’t give me any tools (nor should they) to identify who those people are, thus protecting their identify while still being useful to me as a business owner and content creator. I did try to find a list of all the stuff that Google tracks in their GA acquisition process, but it’s actually hard to come by. I imagine that it’s probably going to be a few lawsuits before a hard and fast list comes out. Until then, the best I can do is be crystal clear on what I do with it, and the best way to do that, is to provide some real-world examples:
The important stuff is in the bottom left: 54% of all visits came from a desktop computer, 45% came from a mobile device, leaving a measly 8% from tablets. So…no I don’t need to optimize for tablets any time soon.
The important thing learned here? Readership spikes (8 whole visits!) whenever I post content. Shocker.
The month of May was kinda slow with only 113 sessions (to be fair, I didn’t post nearly as much content): 42.5% came from people directly navigating to the site from their address bar (uh…might have been me checking on stuff or showing people individual articles), 33.6% came from social media links (so…Facebook), and hey! 15% from people Googling things, finding my site, and clicking on something. Kinda cool! Oh yeah, and 10% from email!
This isn’t all that useful…turns out that people who read an art and creativity blog like…art…and creativity. And they occasionally buy things. *Sigh*.
Data Breach Notifications
TPC promises to comply with the GDPR (and to, ya know, remind you I’m a decent human) by pledging to inform users of any data breaches via email as soon as possible, but not longer than 72 hours. Easy peasy.
Where is all this data kept?
TPC, TPC Forum, and TPC Courses, login information, email, and account information is kept on my hosting provider’s server. Email information is also kept on MailChimp’s servers, and all billing information is saved to Stripe’s servers.
I will mention here that information isĀ briefly passed to a content delivery network, but they’re GDPR compliant too. I’ll make a list at the end of this ‘policy’ of all the companies I use and links to their individual policies when I go over the flow of data at the end.
GA Analytics information is kept on Google’s servers.
How long do you plan on keeping it?
In the case of TPC, Emails are kept until you don’t want us to keep them anymore. At the bottom of every email I send is an option to unsubscribe. From there, you can choose to what level you want your information erased.
For TPC Courseware users, you can reach out to me directly if you want all of your info deleted (averyATthirdpersoncreative.com).
Cookie Policy
TPC uses cookies to help improve website load-times. These can be blocked and disabled within your browser.
Security and Flow of Control.
Yes. All information across all TPC websites is encrypted using SSL (between you and my servers). It’s also locked up in transit. Let’s look at the flow of things by demonstrating which companies come into play and when:
You visit the site:
After you connection is secured via an SSL certificate (this is security for both of us), your computer’s information is processed by my security suite to determine if you’re legit, or a hacker.
The ones that compare your information to a third-party database are:
Akismet (anti-spam) – their privacy policy is here.
WordFence (anti-malware) – their privacy policy is here.
I’m in! Now what happens?
Now Google Analytics (their privacy policy here) does it’s thing, and the information you request by clicking on a blog link is requested from my content delivery network, Cloudflare (their GDPR privacy policy info here), and is returned to you.
And the email?
When you sign up for my newsletter it’s done via a MailChimp double-opt in form. This means that when you say ‘yes’ it sends you an email asking for you to click a link for confirmation. This demonstrates clear consent by you to be added to my email list. Once you confirm, your email is sent to the MailChimp servers (their privacy policy here), and added to my list.
What if I buy a course?
Great question. So because you wouldn’t want me to write the software to handle your credit card info, I hired the payment gateway company, Stripe, to do it for me (their privacy policy here). If you decide to pay via PayPal insteadĀ their privacy policy lives here.
NOTE: All of the companies I interface with have upped their privacy game and are GDPR compliant. Everyone is on the same page in believing that your personal data is…well, personal. It’s yours – even as it lives on our servers. It’s our job to take care of it while it’s visiting, and not abuse the fact you’re choosing us to do what you do.
Thanks for reading!
Hey you missed something!
Great! Let me know: averyATthirdpersoncreative.com