GDPR, the General Data Protection Regulation enacted by the European Union as of May 25, 2018 is upon us. It’s important because GDPR applies to information held or processed about any European Union resident, and I know many of my customers and blog followers live in the EU or UK.
I recently wrote about GDPR in these articles:
GDPR sets forth both rights of individuals as to the processing and storage of their information and responsibilities of processors.
DNAeXplain.com and DNA-Explained.com are a genetic genealogy consulting business and associated blog, respectively, located in the United States and owned by Roberta Estes. You’re receiving this notification because you are a blog follower or subscriber to explain how I process and/or handle your information.
The DNAeXplain Website
Customers can place orders on the DNAeXplain website for Y DNA and Mitochondrial DNA Personalized Reports, along with consultations. The website itself does not collect any information about customers other than payment information which is processed through our shopping cart at PayPal, including credit card transactions. DNAeXplain is never in receipt of your financial or credit card information. We can process a refund through PayPal, subject to their terms and conditions, through a unique PayPal issued transaction ID, but PayPal is the sole recipient of your payment/financial information.
DNAeXplain only receives notification confirmation from PayPal that you have made a purchase, the amount paid, for what item and your e-mail address that you used when making the purchase to enable us to communicate with you.
Reports and Consulting Information
The customer must provide enough information to DNAeXplain in order to complete the purchased report or answer the question(s) posed in the consultation. This is accomplished through e-mail communication.
This information exchange is completely private and is not shared either publicly or privately outside of DNAeXplain. The completed report is subsequently e-mailed only to the purchaser of record.
GDPR requires me to explain how you have granted consent for me to process your information and when processing starts and stops. You grant consent when you purchase a Personalized DNA Report or when you purchase consulting and subsequently provide me with the information necessary to write the report or answer your questions. I begin processing your information when I answer your questions or begin your report, and I’m finished processing your information when I finish the report or the consultation. I’m sure you’ve already figured that out, but I’m required to tell you.
Completed reports are retained by DNAeXplain for some time after completion in case a customer misplaces their report and requests a replacement of the original. Although we will attempt to provide a replacement of the original report, at no cost, we do not guarantee availability beyond 30 days after delivery. Industry standard backup and security procedures are in place to protect customer information.
Customers may request the deletion of all reports and correspondence by sending an e-mail to email@example.com and customer information will be entirely deleted within 30 days, except for the customer purchase record which we are required by law to maintain for accounting purposes.
The DNA-Explained.com Blog
You may simply be reading an article on the http://www.dna-explained.com blog, or you may be a subscriber.
DNA-Explained.com utilizes WordPress.com as our blogging platform, without any additional plugins like JetPack or others mentioned on the WordPress Resource site, here.
WordPress is owned by AUTOMATTIC. Their privacy notice for WordPress bloggers explains more about WordPress and how AUTOMATTIC uses information.
Comments made to the blog are public and are shown publicly if approved along with the name you use to comment, but not your e-mail or any other identifying information. Some comments may be caught by the blog’s spam filter, and others may not be approved, but once approved and displayed, comments are visible publicly.
You may request to be notified of comments to blog articles, and if you do, you will receive notifications from WordPress, not from DNA-Explained directly.
You may unsubscribe at any time by clicking unsubscribe at the bottom of any e-mail notification or you may unsubscribe by managing your subscriptions at WordPress.
Your e-mail address used to subscribe to the blog is available to me, the blog owner, at WordPress and in each comment notification, along with your IP address and website, if you are commenting through your own website. I do not store or otherwise utilize your e-mail or other identifying information, with the exception of occasionally replying to a commenter personally. In some cases, if personal information is exposed within a comment, I reply to the commenter privately and do not approve the comment. I delete all comment notifications immediately upon approving or otherwise processing the comment.
If a comment contains any type of threatening, emergency or potentially harmful verbiage, towards me, the commenter themselves or another commenter, I will retain the comment and identifying information and report to the proper authorities without delay.
I do not share, sell or otherwise utilize your personal information.
You may request deletion of all of your personal information from the blog and from WordPress by contacting me at Roberta@dnaexplain.com or WordPress directly at firstname.lastname@example.org.
Have you contacted me and WordPress both and you’re still unhappy? EU residents have the right to make a complaint to a government supervisory authority. I know that’s not going to happen, but I have to tell you just the same!
This information lives permanently on the Privacy tab on the DNA-Explained blog. In fact, it’s already there. Please refer to that location for updates and future developments.