Privacy Policy

We have re-written our privacy policy in order to ensure we follow best practice in protecting your privacy and comply with the EU’s General Data Protection Regulation (GDPR). Here you can find out about what data we collect, what we do with it and what you can ask us to do with your data.

What have we changed because of GDPR?

We have re-written this privacy policy in order to explain things better and we have also stopped collecting some personal data that we did not need about the job and organisation of Free Movement members. We have also implemented better ways for our users to request their data or request that we delete data and have added clear check boxes to comment forms. We have deleted historic user data and website submissions that we no longer require. We have re-written our cookies policy to make it clearer why we collect cookies and what we use them for. We have always taken privacy and data security seriously. We use a reputable hosting service called WP Engine to protect users against server-level data breaches and we have been using default encrypted SSL certificated https connections for several years to protect user privacy. Our email list has always been “double opt in”, requiring subscribers to explicitly agree for us to use their email address for correspondence.

Who are we?

Free Movement is a sole trader enterprise owned entirely by Colin Yeo. Colin is a practicing barrister based at Garden Court Chambers, 57-60 Lincoln’s Inn Fields, London WC2A 3JL. Free Movement is a completely separate entity to Garden Court Chambers and the views expressed on Free Movement are not necessarily those of Garden Court Chambers. Colin can be contacted at editor@freemovement.org.uk.

Who is the data controller?

The data controller is Colin Yeo.  Free Movement has no employees but does use contractors. Colin has an assistant who is trained in GDPR compliance and who accesses and amends user data. The website deputy editor is also trained in GDPR compliance and has access to user data.  Contractors, including Colin’s accountant, have agreed to comply with GDPR requirements. Authors and contributors to the site do not have access to user data.

Who are our data processors?

We use a number of services to handle and process user data. These are considered data processors:

– Mailchimp, a reputable email list provider service we use to manage most of our outgoing emails. Mailchimp stores and processes your email address, email preferences and name if you provide it (you do not have to).

– Optinmonster, software that helps users subscribe to our emails.

– Google, specifically Google Analytics. We use Google Analytics to assess how users find and then use our website so that we can improve our service. 

– Stripe, a leading payment gateway which processes payment information. We never see or store full credit card information. We use Stripe mainly for membership subscription payments.

– Paypal, another leading payment gateway. We see no payment or credit card information at all from Paypal. We use Paypal mainly for ebook sales and processing legal services sales for Seraphus Solicitors.

– Akismet, software that prevents spam comments from being posted by monitoring spam source IP addresses.

– Xero, accounting software used for billing and also for collating financial information for accounting purposes. Colin’s accountant has access to the information stored in Xero in order to prepare accounts.

– Free Movement partners with Seraphus Solicitors to provide legal services. Some of the data by Seraphus Solicitors customers is stored by Free Movement, as we describe below. 

What data do we collect and why?

We collect data differently depending on how you interact with our website.

All website visitors

Like most website operators, we collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Our purpose in collecting non-personally identifying information is to better understand how our visitors use our website so that we can better meet user needs and expectations.  We regularly look at internal reports on what people are reading on our website so we know what is popular, where people find out about our website (known as the referral source) and how people then use the website once they arrive. See our cookie policy for more information. If you interact with our website and services further we will collect more information from you, but only with your consent.

Website commenters

Obviously, the point of leaving a public comment on one of our blog posts is for it to be publicly seen and available. To achieve this, we store your comments including email address, name (if providers), comment content and your IP address at the time of making the comment. The IP address data is used to prevent spam comments being posted, which can be a huge problem on blogs. None of us want to see more Viagra adverts. Without the IP address data we would have to stop accepting comments, basically. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment. We use an unchecked “tick box” to ensure we have your consent.

Email subscribers

From our analytics reports we know that email is our main form of communication with our regular readers. We know that a lot of people open and click on our emails compared to industry averages. At the time of writing in May 2018 the open rate for our weekly newsletter was around 30% and the click rate around 5 to 10%. If you enter your email into one of our pop-ups or email collection boxes we will always email you back to confirm before adding you to our mailing list. Only if you confirm that you want to receive emails from us will we start emailing you. We store your email address and also track which of our emails you open and what links you click in our emails. We give you some choices about what type of emails to receive from us and how often and we store your preferences. The data is securely stored on our behalf by Mailchimp but we occasionally take back ups of data and store these locally (see below).

Paying members

Payment

We collect and store the information you provide when you sign up as a paying member including name, username, email address, payment address, and payment details. This includes the details of the credit or debit card you use including expiry date but not the full credit card number. We use your information to process your payment and to process any subsequent subscription payments. We use the expiry date information to remind you to update your payment details if your card has lapsed. We automatically process subscription renewals unless you cancel your subscription. We will always send at least one reminder to the email address we hold for you to tell you before we process a new payment. We need to store your payment details for a period of seven years to comply with VAT and tax requirements. We also record and store the IP address from which you register with us. We use this to apply VAT correctly.

Training courses

We store information on which members have taken which courses and we store this information for the whole period of your membership of the site. We continue to store information on which courses you undertook and completed if your membership lapses. This is so that we can verify with your regulator whether you did or did not undertake a particular course. We can delete your records at your request.

Forums

We store the information you post to our forums. This information is stored permanently on our servers until or unless you request deletion. We store the information permanently so that old forum topics can be of use to members.

Ebook buyers

We also collect information on which members download which ebooks for free. We collect information about you during the checkout process in our shop. This information may include your name, billing address, email address, credit card/payment details and any other details that might be requested from you for the purpose of processing your orders. Handling this data also allows us to: – Send you important account/order/service information. – Respond to your queries, refund requests, or complaints. – Process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. – Set up and administer your account, provide technical and/or customer support, and to verify your identity. Additionally we may also collect the following information: – Location and traffic data (including IP address and browser type) if you place an order, or if we need to estimate taxes and shipping costs based on your location. – Product pages visited and content viewed while your session is active. – Your comments and product reviews if you choose to leave them on our website. – Account email/password to allow you to access your account, if you have one. – If you choose to create an account with us, your name, address, and email address, which will be used to populate the checkout for future orders. We also collect this information on members who download ebooks for free.

Seraphus Solicitor customers

We process payments and collect customer information on behalf of Seraphus Solicitors. This information is used by Seraphus to provide a legal service and we store the data securely on our servers so that it is accessible by Seraphus. See the privacy policy for Seraphus Solicitors for further details.

How do we store your data?

We store your personal data in two ways:
  • Firstly, on our website servers. These are secure servers and your data is send to us securely via SSL encryption
  • Secondly, we store some backups of data such as customer and email subscriber lists locally on personal computers. These computers are encrypted and password protected to prevent data theft if the computers themselves were stolen.
We delete local backups when they are replaced by a newer version.

How you can request a copy of your data

You can email us at editor@freemovement.org.uk to request a copy of your personal data or use the form below. [wpgdprc_access_request_form]

How you can request that we delete your data

You can email us at editor@freemovement.org.uk to request data deletion. We will delete as much of your data as we are permitted to: if you are a paying customer we cannot delete all of your personal data for a period of seven years because we are obliged by law to retain payment information for that period for tax and VAT purposes.
Login
Or become a member of Free Movement today