It is your job to read this.
I am doing all I can to make it understandable and not incredibly dull for you.
In the end, you can understand what information we collect and why, where we store it and how you can get your data removed. I am also explaining, that your data is -for the most part - stored outside of the European Economic Area, because the systems I use are overseas. It is also important for you to know, who to contact if things go to shite.
So first you need to know about Irresistible Communications - that's me - I respect your privacy, and I take protecting it seriously. Exactly like I always have. This new GDPR is designed to keep our information safe and bring more protection to each one of us, and I am all for that. Too much weird shit goes around in the world so let's make sure to do what we know and can do to protect ourselves from any misuse of data.
Irresistible Communications is pretty much a one-woman show. Therefore I rely on services that make my business work like a well-oiled machine. Systems and automation are a big part of that. That means I buy services and tools from other companies that have made a promise to me; they are GDPR Compliant by the 25th of May 2018. The ones who couldn't promise me that, I had to let go and find new alternatives. And I have done that. It was and still is a shitload of work until I get it completed, but will eventually be done.
Data controller is me, myself and I
Since I am a one-woman show, I am the person who handles all the data. Any shit goes down, - not that it ever will, but so you know I am your first point of contact. Shoot email to firstname.lastname@example.org and also vice versa. If my third-party service providers have a data-breach, as soon as they let me know, you will be first to know.
Purpose for storing of the information
I store your information on four occasions:
On my website (once up and running again), you will be prompted with the cookie consent. If you want shit to work accurately, you say yes. If not, I have no clue what you are doing poking around my website. If you don't allow cookies, the site doesn't work the way it is supposed to, so there's that.
The situation with manual transfer of information on my CRM
(Customer Relations Management) software
Here is something you probably didn't know about my business. When you read my newsletter avidly, like 50 or more times (known to have happened), there is a distinct possibility that I take your name and email and add you into my client CRM software as a future client (or a hot lead). Doing that is my way of ensuring that you get the right attention and special treatment for reading my messages with such enthusiasm. (It may lead to exclusive offers, that no one else EVER sees.) I will keep doing that and when saying yes to this document (or in this case hell yes), I take notice and by you agreeing with this policy, I have your permission to do that. I would like that to happen automatically, but it doesn't so I do the transfer manually when I want to. There is no exact rule if and when this will happen, because I feel it in my toes, when you are warming up to me. If you don't want to receive those messages, no worries, each message you ever receive from me has a link below that allows you to unsubscribe. See how it works?
- When you subscribe to anything that I have put out there on the mysterious world of the interweb, you fill your information somewhere in the online form, typically that is your name and email, on occasion your phone number and address OR you come to see me when I give a radiant keynote, and I collect your first name, last name, email and phone number by circulating a paper form in the room. Then I come home and add you to my subscriber list. Even then you will receive the email asking for your permission to be added. The paper form then is sliced, diced and burned with a sacred ritual.
I don't collect data I don't need or intend to use for marketing and loving you up purposes. You give me your address I might send you a marketing letter, book or a candle or just something else just to brighten your day. You give me your phone number you may get a reminder of starting webinar or a smiley face or heart emojis. Personally I like receiving and sending hearts.
Your right to be forgotten
At any given time you can leave. I send you on your way with light and love and wish you well oh yeah and remove your data by pressing delete. No hard feelings. And hey, you can come back anytime. Unless you have done something that makes me want to block you.
The way to leave me is to click the link below any message and unsubscribe. To be completely removed from the systems I use, you need to send me an email to email@example.com with a request for me to see that happen.
- When you become my client, things get more serious... just kidding. The same thing as with subscribing continues, however with the different system, (I have the services I use listed later in the policy so you can see for yourself.) Only this time we also want to get your birthday, because I love my clients to bits and may want to surprise you on your birthday.
The payment information is stored in the deep servers of the electrical payment thingy, not with me, and I never see your credit card numbers. I can see your name, payment, address and whether you used Mastercard Amex or Visa and if the amount went through. The system then notifies me about that. To remove data from there needs to be dealt with the third party, not me.
If for some reason we are in a place where I need to return your money, I will need the account number to return the money to, makes sense? After that payment I will delete the account information.
Your access to your Client Information
The service I use to store your client information, my CRM is not only excellent for me. It also allows you to have a password-protected personal client portal that gives you access to your data. On the client portal, you can see the quotes you have received, invoices you have paid, the contracts you have signed, questionnaires you have answered and meetings we have had. You can update your personal information, add social profiles etc. Very hip, even if I say so myself. And from the sounds of it, it keeps getting better all the time.
Invoices sent to my accountant
- When we collaborate as business-partners, necessary information gets stored in my CRM under the contacts and projects, and then the project information will be the hub of all the data and the documenting. That allows us to handle the money streams, tracking the project etc. much better.
Dealing with other confidential information
So in my line of work, as a coach, consultant, facilitator and a trainer I take a lot of notes. When we have a meeting or are on the call, I keep writing in my big, fat, grey notebook about the things we discuss, your goals, hopes and dreams, let's say personal information provided by you. We can call that information "confidential information", and the notes are fragments of those conversations. The notebook lives on the shelf of a beautiful old wooden cabinet in my office with the lock on the door. If someone is in my office and wants to get in, well, I don't think that cabinet could keep a toddler out. However, that cabinet is restricted and private, and I do treat every piece of information that my notebook has in it with confidentiality. And we do keep our doors locked and people don't get to just go into my office.
Then there is this other thing. Sometimes we record our sessions. Now, how to store this data depends on the purpose of the recording. We agree on that in person at the beginning of each recorded meeting.
Things get traced when you are on internet
So you can be sure, that every time we interact over email, over online forms or you visit my website or send me anything online some something will always be traced by the different kinds of whatchamacallit ubermaflips. Data logs or some thingies like that. Some of them are essential for the services you are opting for to work. Now, these thingies no regular folk (like me) have a clue about, but they do work their magic and make our interaction smoother in the online realm. Call me crazy, but I kinda like things to work smoothly online.
All data about you is volunteered by you
You get to choose whether those thingies collect anything or not, but when you are in dealings with my business, I track the traffic on the website. Data moves from my systems to my service provider and back, and we need to do that to be able to utilise the services and tools my business uses. Sometimes it is your information you have volunteered and sometimes it is bits and pieces that are not related personally to you. They just make things work better.
I want to use tracking whenever I can (or know how), because that helps me find you in the crazy online maze, where there is too much noise, to begin with, and you - my fantastic tribe -are constantly distracted by all sorts of crap when you cannot see me in your feed. Meaning: I am able to serve you better with my free and paid content.
Then there is this thing about your testimonials and feedback etc. when you provide me with that type of information, by submitting it, I have a permission to store and use it. However, every time this happens typically we are personally in contact and together agree how we use your testimonial or feedback, (which I hope and firmly believe is riveting).
When you comment, like or engage somehow with my website, landing pages or social media profiles, be aware that those posts can be seen and used by others, and I am not responsible for any unauthorised use.
Three is not a crowd
So these services or third-party systems I have been on about...
I have chosen them based on their reputation, quality of work and usefulness to my business. I trust them, when these third-party service providers disclose their GDPR compliancy. In my opinion they have done so promptly with utmost respect and care to your right to privacy and to respect the law created for that purpose. I have read their privacy policies and in some cases had personal contact with their representatives to gather enough information to make well-educated decisions about choosing these services and tools. In other words, I have made every effort to not only be GDPR compliant but also to comply all sorts of other rules and policies to secure your information. My intention with this is always to have integrity about the way I collect, store and use your information. That is what I am about as a human being.
Disclosing the affiliation
It also means, that when I come across something special I want to share with you, even when someone else offers that, or if I am in affiliation with them, I will let you know. I am the one messaging you and do not provide your data to be used by someone else anywhere. Ever.
I will never share or sell your information to anyone. If you decide to give your information to the affiliated party, that is between you and the affiliated party and ultimately your responsibility.
However, there are two exceptions to this:
1. If I am for some reason legally obligated to disclose your data, which to me seems highly unlikely, I do it to the extent the law requires me to do. I retain the data also in situations where there are disputes or disagreements to be solved.
The list of services I am using to collect and store your data with
Services Irresistible Communications is in cahoots with:
My loyal friend for so many years. I use it to collect and store your email, name, IP address in purpose of adding you to my marketing list, so I can send you newsletters, offers and write you love letters when I feel lonely. I will know when you have read, what you have read, clicked or watched, which to me is vital so I can keep improving my content to be more useful for you.
Anti Spam: https://www.aweber.com/antispam.htm
My beautiful business-partner. My life would be a mess with daily hissy fits if I didn't have this gem in my collection of tools. 17hats has all my documentation and is a backbone of my business. It takes care of all the documentation and administrative data that gets created in my business. Including your client information.
There is also this big ass document called Data Protection Addendum and it is long as corridors of Hell and it really is meant for me, but if for some reason you have a need to study that, schedule a time and I will then read it to you over the phone. Shouldn't take more than five hours. (Oh shit, scratch that, imagine if you actually did that?) Or alternatively I send you the pdf.
Oh, what a magnificent beast this is - and so much work to set up, but mostly this will take a load of stuff off my plate in the near future. Eventually, even the newsletters will be sent via Kartra. It will contain my webinars, website, landing pages, online courses, membership sites and everything under the sun. It makes me happy and crazy simultaneously. When you sign up or subscribe to anything with me, this is where it happens. Kartra is the fulfilment on steroids for an online business and cannot wait to get it set up and running smoothly. It will blow your mind. Your data will be stored here (and depending on the sign up methods in Aweber and/or In 17hats as well.)
Billing Policy: https://www.kartra.com/_legal/billing.php
Out of all the scheduling tools out there, Timetrade has proved to be my favourite. There will be a time when 17 hats will take over this task for me as well, but until then, this is what I use for my "get acquainted calls", coaching appointments and business assessments.
Privacy Statement: https://www.timetrade.com/privacy-statement/
Software Service Agreement: https://www.timetrade.com/software-service-agreeme...
Terms and Conditions: https://www.timetrade.com/terms-and-conditions-use...
My domains are: mariuusitalo.com, irresistiblecommunications.com, and iczenith.com, these including my business emails are handled through Godaddy, which is GDPR compliant and secure company operating worldwide.
7. JJ-Net Group Oy
My Finnish webhost for my mariuusitalo.fi domain. GDPR Compliant.
8. Many Chat
Who knew I'd love me some bots, but oh I do. Bots are a great way to keep in touch with your tribe via Facebook Messenger. Manychat is a great partner for that with integrity and are GDPR compliant.
Other stuff you need to know
So here's the thing. All the above are GDPR compliant AF. I am proud to use their services to make my business run smoothly. However, whatever they write on their privacy policies is on them. I take responsibility for mine.
I want you to get, that you are responsible for all the aspects of your passwords. I need to know if something wonky is going on or someone has had an unauthorised use of things related to my business. I am in no way responsible or liable for any of the loss or damage due to your mishandling and not protecting your usernames, passwords or account information.
Other Agreements and Contracts you agree to agree with when working/collaborating with me
Don't think this ten-pager is the only document you agree to agree with when dealing with me, oh no, there are plenty more, for example: General Service Agreement, Coaching agreement, Pro Bono Coaching Agreement, Terms and Conditions of your Enrolment to my programs and Joint Venture agreement.
I firkin hate spam with a passion, do not do that crap. I don't do that shit. If you do that in any shape or form anywhere to my peeps, I'll kick you outta here.
I take good care of your data together with the services I trust and use, and I do that, to best of my ability. I ask your permission to store data outside of EEA (European Economic Area) when necessary. When you give me your consent, that means you also permit me to store your data outside of EEA. You need to understand, that for the most part, data is stored outside of European soil, because the systems I use have their hosting setup overseas. If for some reason shit hits the fan and we experience a breach of data, I will put my big girl panties on and let you know asap and promise to sort it out to the best of my ability in collaboration with the party that f-d up.
When I significantly change shit, I let you know, but it is up to you to come to this page and review this policy periodically. (Yeah, I thought so too...you are not coming are you?)
It's a no for kids
My business-stuff is no place for kids. We do not collect data from kids and if you are one, sweetie, it is time to go. Scram. We use bad language here.
Are you still here?
You are a champion.
Now, as a token of our mutual love, go subscribe something.
P.S. Any questions or something important missing from this fabulous document or just want to drop me a note? Email me at: firstname.lastname@example.org