GDPR – Why your privacy is important
If you live in the European Union you have probably heard of GDPR: General Data Protection Regulation.
It’s a new set of laws that regulate how organisations collect, control and keep your data.
In this Blog post I describe how Our Wide Sky is responding to the new rules.
GDPR applies to the data of European Union Citizens, known as data subjects. Our Wide Sky is based in Australia and has subscribers all over the world, including in the EU.
GDPR doesn’t apply to the data we keep about US citizens, Canadians, Australians, New Zealanders etc. Just European Union Citizens.
I believe that everyone's data is important. The EU rules are strong, the Australian rules are good, and there are also other anti-spam and privacy rules around the world.
By making Our Wide Sky compliant with GDPR I am applying them to everyone.
I've thought carefully about this and there is no reason why good privacy protection should not apply to everyone, and there is no reason why this is a barrier to the operation of Our Wide Sky. There might be some teething problems, but I am committed to working through those as they arise.
GDPR applies to any data that might identify you individually, either by that datum or as combination of data.
If you are a subscriber, Our Wide Sky only has your name, email address, and sometimes what hemisphere you live in. We don’t keep your location or any data that might point to your location (unless you expect hemisphere will do that).
Why do we need to collect data?
The mission of Our Wide Sky is to spread the joy of astronomy. The best and most effective way of doing that is through emails and online content. We provide free services such as a regular astronomy email newsletter, astronomy lessons delivered by email, and irregular bonus tools and resources. To deliver these to you we need a minimum of your email address. We also request your name to help us improve your experience. Sending things to nameless people (Dear ,) does not meet our mission.
We will be offering paid for services that will include memberships. This will require additional data, and a special contract with you to deliver our (amazing) membership services.
What do the new rules require?
In summary the new rules require Our Wide Sky to:
- collect the minimum data required to deliver the service
- tell you what we will use your data for
- get your consent to use your data for those activities
- use your data for only those activities
- make it easy for you to request a change to consent, your data, or the existence of your data in our database.
Before we can use your data, you have to provide Our Wide Sky with consent to use that data. Our Wide Sky will tell you what is going to happen with your data before you give that consent, and we will not use that data for anything other than what you consented to.
We have always done this.
You have the right to know what data we are collecting, why we are collecting it, and how it is being used. This includes telling you the kinds of systems we use to “process” your data. Things like our email system, survey systems, our accounts system if you make a purchase.
You have the right to change your data, such as to send to a different email address, or revoke consent (unsubscribe).
We’ve always included an unsubscribe in the emails we send. You could, and still can, email me with your changes and I will make them in our systems and confirm them to you.
You have the “forget me” right. This means that you can ask for your data to be removed from our systems. All you need to do is ask and I will remove your records from our systems. Due to other regulations to retain proof that I have taken action, I may retain your request, and my response.
We already have consent
If you are on the Our Wide Sky newsletter list, I already have your consent to continue to send this newsletter, bonuses and special updates. These items were listed on the sign-up form and formed part of the offer for the checklist download.
If you are in the EU you will probably get a lot of “please provide consent” emails from lists you have subscribed to.
I have decided not to send such a message to everyone on our list. This is for the following reasons:
- The Our Wide Sky list is new. The first subscribers were last October. This means that the original consent is still fresh.
- Most of the list subscribed with a form that contained all the tells you exactly what we will send. When you clicked to download our checklist, you knew that email lessons, monthly updates and early access to resources would follow. We believe that this is consent.
- Every email sent as part of our list (bonus downloads, email lessons, newsletters, special updates) are all related to astronomy and stargazing.
- Every email we send has an unsubscribe button.
“In my long career in Information Technology I have always been an advocate for privacy and I believe that good regulation on how organisations manage individual’s data is at the centre of a civilised digital society.
Too often data breaches, carelessness, corruption and greed have resulted in adverse effects for individuals and institutions.
The data Our Wide Sky collects will be the minimum needed to deliver high value, astronomy related resources, offers and products to you, and only after you have provided consent to send these to you by email. We usually ask only for email address and first name.
The data we hold is yours and you may revoke consent, make a change, or ask to be forgotten at any time. Your data will be kept securely, managed with care and stored in the minimum number of places necessary.
Letter Galaxies by Galaxy Zoo.