GDPR Update: 5/24/18
- Data Processing Amendment
- List of Sub-processors
Welcome to the Kathryn M. B. Johnson family of Sites (as used herein, “Sites” shall include kathrynmbjohnson.com, kmbjohnson.com. We provide our services to you subject to the following conditions. If you visit or shop at any of our Sites, you accept these conditions. Please read them carefully.
With the exception of guest posts written by others (see Guest Posts below), we own the content on all of our Sites. It is copyrighted in Kathryn M. B. Johnson’s name. We want to strike the appropriate balance between getting our content widely distributed while at the same time protecting Kathryn’s intellectual property rights. Thanks in advance for your cooperation.
Without Our Permission
You are free to do the following:
– Link to our Sites or any specific post on our Sites.
– Extract and re-post fewer than 200 words on any other website, provided you link back to our original post.
– Print off our posts and photocopy up to 50 copies for internal distribution within your own company or organization.
– Print our posts in any non-commercial publication (e.g., company newsletter, personal newsletter, class syllabus, etc.), provided you include this copyright notice: ‘© 2018 Kathryn M. B. Johnson. All rights reserved. Originally published at www.kathrynmbjohnson.com.’
Only With Our Permission
You must have our express written consent to do any of the following:
– Use this content for commercial purposes, including selling or licensing printed or digital versions of our content.
– Alter, transform, or build upon this work.
– Re-posting and Translation Rights
We do not permit the re-posting of our posts in their entirety. This is because Google penalizes websites for publishing duplicate content. It often can’t tell which website hosts the original, so we risk getting penalized for granting permission.
In addition, we don’t allow the translation and publication of Kathryn’s work in other languages, as we don’t have the resources to validate the quality of the work.
Guest bloggers retain the copyright to the posts they write. The above permission guidelines do not apply to their work. If you are interested in re-posting or publishing their content, you must contact them directly. We do not serve as their broker, agent, or contact point.
If you have some use for our content not covered here, please email us.
Your privacy is important to us. To better protect your privacy we written up our policy explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested.
For all reviews, comments, feedback, postcards, suggestions, ideas, and other submissions disclosed, submitted or offered to kathrynmbjohnson.com, kmbjohnson.com (collectively known as the ‘Companies’) via our Sites, by e-mail or telephone, by mail, or otherwise disclosed, submitted, or offered in connection with your use of our Sites (collectively, ‘User Submissions’) you grant the Companies a royalty-free, irrevocable, transferable right and license to use the User Submissions however the Companies desire, including without limitation, to copy, modify, delete in its entirety, adapt, publish, translate, create derivative works from, and/or sell and/or distribute such User Submissions and/or incorporate such User Submissions into any form, medium, or technology throughout the world.
The Companies will be entitled to use, reproduce, disclose, modify, adapt, create derivative works from, publish, display, and distribute any User Submissions you submit for any purpose whatsoever, without restriction and without compensating you. The Companies are and shall be under no obligation (1) to maintain any User Submissions in confidence; (2) to pay to user any compensation for any User Submissions; or (3) to respond to any User Submissions. You agree that any User Submissions submitted by you to the Companies will not violate the terms of any rights of any third party, including without limitation, copyright, trademark, privacy, or other personal or proprietary right(s), and will not cause injury to any person or entity. You further agree that no User Submissions submitted by you to the Companies will be libelous or contain libelous or otherwise unlawful, threatening, abusive, or obscene material, or contain software viruses, political campaigning, commercial solicitation, chain letters, mass mailings, or any form of spam.
By using our Sites, you agree to the above terms regarding User Submissions.
If you are under 16 years of age, you should not provide any personally identifiable information on our Sites without the knowledge and permission of your parent or guardian.
The operator of each site is:
207 Fox Hill Pl
Staunton, VA 24401
When you visit kathrynmbjohnson.com, kmbjohnson.com or send e-mails to us, you are communicating with us electronically and consent to receive communications from us electronically. We will communicate with you by e-mail or by posting notices on our Sites. You agree that all agreements, notices, disclosures, and other communications we provide you electronically satisfy any legal requirement that such communications be in writing.
Copyright and Trademark
All content on our Sites, such as text, graphics, logos, button icons, images, audio clips, digital downloads, data compilations, and software, is protected by United States and international copyright and trademark laws.
License and Sites Access
Our Sites grant you a limited license to access and make personal use of these Sites but not to download (other than page caching) or modify it, or any portion of it, except with express written consent of the administrator. This license does not include any resale or commercial use of this site or its contents; any collection and use of any product listings, descriptions, or prices; any derivative use of any site or its contents; any downloading or copying of account information for the benefit of another merchant; or any use of data mining, robots, or similar data gathering and extraction tools. Our Sites or any portion of our Sites may not be reproduced, duplicated, copied, sold, resold, visited, or otherwise exploited for any commercial purpose without express written consent. You may not frame or utilize framing techniques to enclose any trademark, logo, or other proprietary information (including images, text, page layout, or form) of our Sites without express written consent. Any unauthorized use terminates the permission or license granted by our Sites. You are granted a limited, revocable, and nonexclusive right to create a hyperlink to the home page of JerryJenkins.com, so long as the link does not portray this store or its products in a false, misleading, derogatory, or otherwise offensive matter. You may not use any Jerry Jenkins Sites logos or other proprietary graphics or trademarks as part of the link without express written permission.
From time to time, our Sites may include featured product giveaways. Should we receive compensation as a result of giving away any such product, that fact will be disclosed.
In connection with the operation of our Sites, we feature on our Sites affiliate links, including links to Amazon.com and other websites (Affiliate Links). We earn a commission from the Affiliate Links, which commission is based on the number of sales made as a result of users of our Site clicking over to the Affiliate Link and purchasing from the Affiliate Link a product and/or service.
While we may suggest information for the reader’s convenience and consideration, we do not warrant or make any representation about the substance, quality, functionality, accuracy, fitness for a particular purpose, merchantability, nor do we make any other representation about any affiliate link or its content or any products, services, or other offerings made in any affiliate link. We make no representation or warranty as to any products or services offered on any affiliate link, and we assume no responsibility or liability for the actions, products, services, and/or content of any affiliate link.
Disclaimer of Warranties and Limitation of Liability
Our Sites are provided by us on an ‘as is’ and ‘as available’ basis, and we make no representations or warranties of any kind, express or implied, as to the operation of our Sites or the information, content, materials, or products included on our Sites. You expressly agree that your use of our Sites is at your sole risk. To the full extent permissible by applicable law, we disclaim all warranties, express or implied, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose. We do not warrant that our Sites, their servers, or e-mail sent from us are free of viruses or other harmful components. We will not be liable for any damages of any kind arising from the use of our Sites, including, but not limited to direct, indirect, incidental, punitive, and consequential damages. Certain state laws do not allow limitations on implied warranties or the exclusion or limitation of certain damages. If these laws apply to you, some or all of the above disclaimers, exclusions, or limitations may not apply to you, and you might have additional rights.
By visiting our Sites, you agree that the laws of the state of Virginia, without regard to principles of conflict of laws, will govern these Site Policies and any dispute of any sort that might arise between you and our Sites.
Site Policies, Modification, and Severability
These policies also govern your visit to our Sites. We reserve the right to make changes to our Sites, policies, and these Site Policies at any time. If any of these conditions shall be deemed invalid, void, or for any reason unenforceable, that condition shall be deemed severable and shall not affect the validity and enforceability of any remaining condition.
Our commitment to customers and service providers is governed by a separate Data Processing Amendment.
In all instances we are committed to transparency with our customers and protecting your data privacy.
An Overview of the Sources of Personal Data
We obtain information about individuals in these main ways:
– when you visit our Sites or contact us directly about becoming a customer or obtaining other information,
– when you become a customer,
– when individuals use a help desk function, and
– when you are a service provider to us.
Our Data Processing Amendment governs our processing of any information obtained as a result of the customer or service provider relationship. You can read our commitment to customers and service providers, and our fair information practices in the Data Processing Amendment.
“You” or “your” refers to the individual who uses this website, features, and services, or accesses available information, or engages with us directly by email or telephone.
We collect information from three types of individuals:
Our customers are individuals and businesses who have signed up for one of our online products. If you are a customer, we will handle information we receive from you under the terms of our Data Processing Amendment.
Subscribers are individuals that sign up for free coaching content from our Sites. If you submit your email address to download a PDF, or to sign up for our email list, you are probably a subscriber. We process “Subscriber Data” which means information about subscribers, which includes but is not limited to, the first name, last name, phone number and email address of a subscriber.
What information do we collect?
Depending on your use of the our Sites, or direct interactions with us, we collect two types of information: personal information and non-personal information.
Personal information identifies you or may be used in combination with other pieces of personal information to identify you. Examples of personal information include your name, company name, job title, address, e-mail address, telephone number, and billing and credit card information. Personal information can also include information that does not identify you, but could be combined with other information in a way that enables you to be identified. This includes information such as age, gender, profession, zip code, IP address, and current location.
Non-personal information is information that cannot be used or combined with other information to identify or contact you, including browser types, domain names, and statistical data involving the use of our Sites.
When do we use subscriber information from third parties?
We will collect Subscriber Data necessary to provide free content to our subscribers.
If you would like to opt-out of our collection of Subscriber Data, you may decline to provide Subscriber Data to us when we ask for it, though doing so may prevent us from being able to deliver our free coaching to you.
Subscribers may voluntarily provide us with information they have made available on social media websites. If you provide us with any such information, we may collect publicly available information from the social media websites you have indicated. You can control how much of your information social media websites make public by visiting these websites and changing your privacy settings.
When do we use customer information from third parties?
We receive some information from the third parties when you contact us. For example, when you submit your email address to us to show interest in becoming a Help Scout customer, we receive information from a third party that provides us with your email address to contact you. We also occasionally collect information that is made publicly available on social media websites. You can control how much of your information social media websites make public by visiting these websites and changing your privacy settings.
Where and when is information collected from customers and subscribers?
We will collect personal information that you submit to us. We may also receive personal information about you from third parties as described above.
Registering for one of our Sites and in the Course of Using the our products.
Customers will be required to establish an account in order to take advantage of certain features of the our Sites. If you wish to establish an account you will be required to provide us with information (including personal information and non-personal information). In addition, we may obtain your personal information from you if you identify yourself to us by sending us an e-mail with questions or comments.
Cookies and Page Tags
Do we collect information from children under 16 years of age?
We are committed to protecting the privacy of children. Our products are not designed for or directed to children under the age of 16. We do not collect personal information from any person we actually know is under the age of 16.
What do we do with the information we collect from customers?
In general, we use the information collected to provide you with a great overall experience interacting with us and when using our Sites and to help us understand who uses our offerings, for internal operations such as operating and improving our Sites and our products, to contact you for customer service and billing purposes and to facilitate the delivery of our advertising in some cases, including using your email to send information to you about our products.
We use your information to send you a welcome e-mail after you create an account, when sign up for our email list, or when you download a content upgrade or webinar or to receive our newsletter. We also use your information to send other e-mail communication related to our Sites. We always give you the option to unsubscribe in any email we send you.
We may also use the information gathered to perform statistical analysis of user behavior or to evaluate and improve our products. We may link some of this information to personal information for internal purposes or to improve your experience with our Sites and our products, in these cases we will obtain your consent.
What do we do with the information we collect from subscribers?
We use Subscriber Data to identify you and to provide you with customer service. We will disclose Subscriber Data to the relevant team members so that they are better able to assist you. If you are interested in how we process the data on behalf of our customers, please read our Data Processing Amendment.
Third Parties Generally
Third parties may be able to independently directly collect personal and non-personal information without permission from us, and may include potential or actual advertisers, providers of advertising products or services (including vendors and website tracking services), merchants, affiliates and other actual or potential commercial partners, sponsors, licensees, researchers and other similar parties.
Outside Contractors and Third-Party Processors
Laws and Legal Rights
We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-U.S. or Swiss-U.S. Privacy Shield, we are potentially liable.
When do we disclose information to other third parties?
Is the information collected through our Sites secure?
We take precautions to protect the security of your information. We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your information. However, neither people nor security systems are foolproof, including encryption systems. In addition, people can commit intentional crimes, make mistakes or fail to follow policies. Therefore, while we use reasonable efforts to protect your personal information, we cannot guarantee its absolute security. If applicable law imposes any non-disclaimable duty to protect your personal information, you agree that intentional misconduct will be the standards used to measure our compliance with that duty.
We only work with credit card processors who maintain ongoing PCI compliance, adhering to stringent industry standards for storing, processing and transmitting credit card information online.
Could my information be transferred to other countries?
Our Companies are incorporated in the U.S. Information collected via our Sites, through direct interactions with you, or from use of our products may be transferred from time to time to our offices or personnel, or to third parties, located throughout the world, and may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such data. To the fullest extent allowed by applicable law, by using any of the above, you voluntarily consent to the trans-border transfer and hosting of such information.
Are we Safe Harbor and Privacy Shield compliant?
We are not currently in the process of certifying for the EU-US Privacy Shield Framework.
What choices do you have regarding the collection, disclosure and distribution of personal information?
Do Not Track
The term “Do Not Track” refers to a HTTP header offered by certain web browsers to request that websites refrain from tracking the user. We take no action in response to Do Not Track requests.
Can you update or correct your information?
The rights you have to request updates or corrections to the information we collect depends on your relationship with us.
You should be aware that it is not technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your information may exist in a non-erasable form that will be difficult or impossible for us to locate. Promptly after receiving your request, all personal information stored in databases we actively use, and other readily searchable media will be updated, corrected, changed or deleted, as appropriate, as soon as and to the extent reasonably and technically practicable.
If you are a subscriber and wish to update, delete, or receive any information we have about you, you may do so by contacting our Privacy Agent.
Whom do you contact if you have any privacy questions?
By postal mail or courier:
Attn: Privacy Agent
207 Fox Hill Pl
Staunton, VA 24401
If your browser is configured to accept cookies, we may collect non-personally identifiable information passively using “cookies” and “page tags”.
Last revised on July 04, 2018, effective as of May 25, 2018
What’s a cookie?
“Cookies” are small text files that can be placed on your computer or mobile device in order to identify your Web browser and the activities of your computer on our Sites and other websites.
What’s a page tag?
“Page tags,” also known as web beacons or gif tags, are a web technology used to help track website or email usage information, such as how many times a specific page or email has been viewed. Page tags are invisible to you, and any portion of our Sites, including advertisements, or e-mail sent on our behalf, may contain page tags.
Do you have to accept them?
You do not have to accept cookies to use our Sites or products. If you reject cookies, certain features or resources of the our Sites may not work properly or at all and you may have a degraded experience.
Although most browsers are initially set to accept cookies, you can change your browser settings to notify you when you receive a cookie or to reject cookies generally. To learn more about how to control privacy settings and cookie management, click the link for your browser below.
To learn more about cookies; how to control, disable or delete them, please visit http://www.aboutcookies.org. Some third party advertising networks, like Google, allow you to opt out of or customize preferences associated with your internet browsing. For more information on how Google lets you customize these preferences, see their documentation.
All cookies, on our website and everywhere else on the web, fall into one of four categories:
List of cookies we use on our website:
We collect non-personal information through our Internet log files, which record data such as browser types, domain names, and other anonymous statistical data involving the use of our Sites and products. This information may be used to analyze trends, to administer our Sites and products, to monitor the use of the our products and Sites, and to gather general demographic information. We may link this information to personal information for these and other purposes such as personalizing your experience on our Sites and evaluating our Sites and products in general.
Data Processing Amendment
Introduction to this Amendment
Processing personal data in a secure, fair, and transparent way is extremely important to us. As part of this effort, we process personal data in accordance with the EU’s General Data Protection Regulation (“GDPR”), the EU/US Privacy Shield principles (“Privacy Shield”), the laws of the US governing the handling of various types of personal data, and industry standards, such as PCI.
If you do not agree to this DPA, you may discontinue the use of our Sites and products and cancel your account.
It is important that all parties understand what data and whose data is protected under this DPA. Each party has respective obligations to protect personal; therefore, the following definitions explain the scope of this DPA and the mutual commitments to protect personal data.
kathrynmbjohnson.com and kmbjohnson.com are collectively referred to in this Data Processing Amendment as “we” or “us” or “our”.
“You” or “Customer” refers to the company or organization that signs up to use our products to advance your writing career.
“Party” refers to us and/or you depending on the context.
“Data Subjects” refers to those individuals residing in the EU who are consumers or users of a our goods or services (also “consumers”).
“Personal Data” is given the same meaning as in the GDPR which we summarize here as: any data relating directly or indirectly to an identifiable data subject. Personal data does not include any data that is anonymized, aggregated, de-identified and/or compiled on a generic basis and which does not name or identify a specific individual, directly or indirectly.
“Processing” is given the same meaning as in the GDPR, which we summarize as including: collecting, recording, using, storing, amending, adapting, disclosing, transferring or transmitting, structuring, using, combining, deleting or destroying, personal data (“Process” and “Processed” shall have similar meanings).
“Controller” is given the same meaning as in the GDPR, which we summarize as the party that determines the purposes and means of the processing of personal data – the customer is the controller with respect to consumer personal data. Each party may be the controller of personal data it processes about the other’s personnel.
“Processor” is the party that processes personal data on behalf of the controller – we are the processor of the personal data we process about you.
“Sub-processor” is a Third-party, independent contractors, vendors and suppliers who provide specific services and products related to our Sites and our products, such as hosting, credit card processing and fraud screening, and mailing list hosting (“third-party” or “outside contractor” shall have similar meanings).
“Incident” means: (a) a complaint or a request with respect to the exercise of an individual’s rights under the GDPR; (b) an investigation into or seizure of the personal data by government officials, or a specific indication that such an investigation or seizure is imminent; or (c) any breach of the security and/or confidentiality as set out in this DPA leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the personal data, or any indication of such breach having taken place or being about to take place.
For the sake of readability, we do not use initial capitalization of defined terms in this DPA. Defined terms are defined terms, irrespective of their format.
1. Undertakings regarding personal data
Each party agrees that personal data shall be treated as confidential information under this DPA. In addition, each party shall at all times comply with applicable laws relating to data protection in the relevant jurisdiction with respect to each other’s personal data.
Personal Data shall remain the property of the disclosing party. We acknowledge that customer is the controller and maintains control over data subject’s personal data.
We will process customer’s personal data only to the extent strictly necessary for the purpose of providing the services in accordance with the ToU and any further written instructions from the customer that are mutually agreed upon in writing. We agree that:
- We will implement and maintain a reasonable and appropriate security program comprising adequate security, technical and organizational measures to protect against unauthorized, unlawful or accidental processing, use, erasure, loss or destruction of, or damage to, customer personal data;
- We will not modify, alter, delete, publish or disclose any customer personal data to any third party, nor allow any third party to process such personal data on our behalf unless the third party is bound to similar confidentiality and data handling provisions;
- Only our personnel who “need-to-know” will be given access to customer personal data to the extent necessary to perform our obligations under the ToU. We shall provide adequate training to its staff and ensure that they comply with the obligations in this DPA; and
- We will only process customer personal data to the extent necessary to perform our obligations under the ToU, upon written instructions of the customer (only as mutually agreed upon), and in accordance with applicable laws.
Upon termination of your account, we will delete, destroy, or anonymize the personal data in accordance with our standard backup and retention policy per the ToU, normally, no later than 60 days, unless we are required to retain personal data due to Union, Member State or United States laws; in which case we reserve the right to retain personal data.
We are certified under the EU/US Privacy Shield Framework and, therefore, customer may transfer personal data from the EU to us, as this transfer mechanism is deemed to be adequate for the purposes of GDPR. We shall not transfer any customer personal data outside of the US or to other locations not deemed to be “adequate” under EU law without providing reasonable notice under the ToU to the customer.
- Customer undertakings and our assistance
Customer warrants that it has all necessary rights to provide to us the personal data for processing in connection with the provision of our Sites and products.
To the extent required by applicable law, customer is responsible for ensuring that any data subject consents that may be necessary to this processing are obtained, and for ensuring that a record of such consents is maintained, including any consent to use personal data that is obtained from third parties. Should such consent be revoked by a data subject, customer is responsible for communicating the fact of such revocation to us, and we remain responsible for implementing any customer instruction with respect to the further processing of that personal data, or, as may be in accordance with any of our legal obligations.
Customer understands, as a controller, that it is responsible (as between customer and us) for:
- determining the lawfulness of any processing, performing any required data protection impact assessments, and accounting to regulators and individuals, as may be needed;
- making reasonable efforts to verify parental consent when data is collected on a data subject under 16 years of age;
- providing relevant privacy notices to data subjects as may be required in your jurisdiction, including notice of their rights and provide the mechanisms for individuals to exercise those rights;
- responding to requests from individuals about their data and the processing of the same, including requests to have personal data altered, corrected, or erased, and providing copies of the actual data processed;
- implementing your own appropriate technical and organizational measures to ensure and demonstrate processing in accord with this DPA;
- notifying individuals and any relevant regulators or authorities of any incident as may be required by law in your jurisdiction.
We shall assist the customer by implementing appropriate technical and organizational measures, insofar as this is reasonably and commercially possible (in our sole determination and discretion), in fulfilling customer’s obligations to respond to individuals’ requests to exercise rights under the GDPR.
Customer may object to Help Scout’s appointment or replacement, provided such objection is based on reasonable grounds related to data protection. In such event, we will either not appoint or replace the sub-processor or if that is not possible, customer may suspend or terminate its access to our product or Sites.
- Incident Management
When either party becomes aware of an incident that impacts the processing of personal data, it shall promptly notify the other about the incident and shall reasonably cooperate in order to enable the other party to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident.
Both parties shall at all times have in place written procedures which enable them to promptly respond to the other about an incident. Where the incident is reasonably likely to require a data breach notification under applicable laws, the party responsible for the incident shall notify the other without undue delay of having become aware of such an incident.
Any notifications made under this section shall be made to our Privacy Agent (when made to us) and to our point of contact with you (when made to the customer), and shall contain:(i) a description of the nature of the incident, including, where possible, the categories and approximate number of individuals concerned and the categories and approximate number of records concerned; (ii) the name and contact details of the point of contact where more information can be obtained; (iii) a description of the likely consequences of the incident; and (iv) a description of the measures taken or proposed to be taken to address the incident including, where appropriate, measures to mitigate its possible adverse effects.
- Liability and Indemnity
Each party indemnifies the other and holds them harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the indemnified party and arising directly or indirectly out of or in connection with a breach of this DPA.
- Duration and Termination
This DPA shall come into effect on May 25, 2018 and shall continue until it is changed or terminated in accordance with the ToU.
Termination or expiration of this DPA shall not discharge the parties from the confidentiality obligations herein.
List of Sub-processors
Below is a list of Sub-processors we work with.
- Mailchimp.com – email marketing