On 25 May 2018, the EU regulation on the protection of personal data will become applicable – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data data and repealing Directive 95/46 / EC (referred to as “GDPR”).
- The data controller is [Piers Midwinter] with its registered office in [Best Language, ul. Wladyslawa Reymonta 1/12, Opole 45-065, Poland], entered in the Register of Entrepreneurs under KRS number: , for which the register is kept by the Court [name of court, place, name of the department], Economic Department of the National Court Register, NIP: , Regon: . Data protection is carried out in accordance with the requirements of the generally applicable law, and their storage takes place on secured servers. Contact with the website administrator is possible via the contact form
- The service provider is also the administrator of people subscribed to [Mailchimp] newsletter.
- Every data subject has the right to access data, rectify, delete or limit processing, the right of opposition, the right to file a complaint to Piers Midwinter
- Contact with the person supervising the processing of personal data in the organisation of the Service Provider is possible by electronic means via the contact form
- I have the right to process your data after the termination of the Agreement or withdrawal of consent only to the extent of the need to seek possible claims before the court or if national or EU regulations or international law oblige us to retain data.
- The Service Provider has the right to share personal data of the User and other his data with entities authorised under the applicable law (eg law enforcement authorities).
- The removal of personal data may occur as a result of the withdrawal of consent or filing a legally admissible objection to the processing of personal data.
- Personal data is processed only by persons authorised or processed by us, with whom we work closely
- I operate two websites
- I direct and update both of my websites. I have created all the content (Youtube video’s, Graphics, HTML 5 adverts, text and hyperlinks etc.).
- I am the GDPR Data Protection Officer
- There is no management board etc – I am a sole trader.
- This GDPR Policy was originally created on 18th May 2018
- This policy is reviewed at least once a month. The next review will be before 18th June 2018
- I am committed to safeguarding the privacy of all my website users and anyone contacting me
Best Language ensures the security of personal data through appropriate technical and organizational measures to prevent unlawful data processing and their accidental loss, destruction and damage.
Best Language makes special care that personal information is processed in accordance with the principles of personal data processing specified in art. 5 GDPR, i.e .:
- Principle 1 – legally, reliably and transparently,
- Principle 2 – collected for specific and legitimate purposes and not further processed in a manner inconsistent with these purposes;
- Principle 3 – adequate, relevant and limited to what is necessary for the purposes for which it is processed;
- Principle 4 – correct and updated as necessary;
- Principle 5 – stored in a form that permits the identification of the data subject for no longer than is necessary for the purposes for which the data are processed;
- Principle 6 – processed in a manner that ensures adequate security of personal data;
- Principle 7 – in a manner that ensures the implementation of the rights of data subjects;
- Principle 8 – not transferred without adequate protection to countries outside the European Economic Area or international organizations.
GDPR requires security of storage as well as transmission of personal data. If you have a contact form, then an SSL certificate is required. Without going into the technological details one can say that SSL encrypting data ensures the privacy of transmitted data. Personal data can be viewed only by your browser and the final recipient, thanks to which it is not possible to overhear and decrypt data from such transmission.
- I respect the right to privacy and I care about data security. For this purpose, among others, secure communication encryption protocol (SSL) is used.
I use Anti-spam software – software that protects your computer from spam, which is unwanted or unnecessary e-mail. Advanced software also protects against phishing, ie messages from fraudsters impersonating subcommittees such as Poczta Polska, PGE. There are many anti-spam programs on the market. Such programs will work on hand computers in the entertainment selection.
This website also uses CloudFlare. This protects my web services from DDoS attacks through 23 Data Centers scattered around the world
- The use of the Site involves the transmission of queries to the server on which the Site is stored.
- Each query addressed to the server is saved in the server logs.
- Logs saved and stored on the server, data stored in the server logs are not associated with specific people using the Site and are not used by the Administrator to identify the User.
Sharing videos from the web is legal
For a long time, there has been a discussion whether the so-called embedding on the website of multimedia files made available elsewhere is compliant with the copyright law. This file usually contains a song, so its distribution should be obtained by the creator of the author. The situation seems to be even more complicated when “embedded” file, was previously placed on the network without the author’s consent. In this situation, is the responsibility for the unauthorised dissemination of the work only to the person sharing the work, or also the person who embedded it on their website? This issue was discussed at the end of 2014 by the Court of Justice of the European Union.
- I have created the videos that are on my Youtube channel. I have embedded some of them on this website
Consent of the child to data processing – it is lawful to process personal data of a child over 16 years of age. If the child is under the age of 16, such processing is lawful only in cases where the consent has been expressed or approved by the person having parental authority or custody of the child and only in the scope of expressed consent.
- I thus have no Facebook friends who are under the age of 16
- I will NOT accept friendship requests from children under the age of 16 UNLESS they have parental consent to be Facebook Friends with me.
Comments and GDPR
Especially on blogs, but also on web portals, you can leave comments on articles. It can be done by any user who has the will and does so voluntarily.
But to add a comment you have to enter your details. These are usually the first name (or nickname), email address and commentary. If you use an external Disqus application, the data is collected on the application’s side.
Any user who wants to leave a comment in this way accepts the Disqus regulations. You display these comments only on your site.
I use a built-in comments system in WordPress. The system thus asks you to agree to the processing of this data.
Summary of actions taken
- I opened my company on April 1st, 2014
- I signed the Power of Attorney on 24th May 2017. I thus have a lawyer that represents me. Information on who my Lawyer can be requested by email.
- I have an Accountant that looks after all of my companies paperwork. I have had my current Accountant since May 2015. I also have records from my previous Accountant too. My Companies paperwork is full and complete. It resides with my Accountant. Information on who my current Accountant or Accountants can be requested by email.
- I have created a computerised newsletter called “GDPR Consent form” which asks all recipients of my newsletter service to update their subscription settings. This newsletter was sent out to the clients on my e-mail list on the 20th May 2018. A link to the newsletter was also published on Facebook in order to give clients every opportunity to change the personal data I have on them within my Mail-chimp newsletter service. A copy of this newsletter can be requested by email.
- I have heavily updated my website to comply with GDPR legislation. This includes:
- A new toolbar that automatically appears at the bottom of the screen every time a visitor visits my website. This toolbar contains information about Cookies containing the following message “I am using cookies to give you the best experience on my website. You can find out more about which cookies I am using or switch them off in .” It also contains a button that lets users “Accept” my cookies policy.
- A new checkbox that is integrated into every single contact form on this website. The checkbox relates to the message “By using this form you agree with the storage and handling of your data on this website.”
- Deleting Google Analytics tools
- I created and sent a “Client engagement document” – this aimed to gain permission to use personal data (name, address, telephone number, email address etc – as well as parental consent to contact any clients under the age of sixteen and to teach them etc.).
- This document was last updated on 2nd June 2018
This section details the risk of data-leaks after the implementation of GDPR.
- In terms of website safety: This website is extremely secure – (please read the section above on security). There is an extremely low risk of a personal data breach as calculated by HR-ON
- In terms of my phone number: My phone number has a verified Samsung “Hiya” Business Profile. This forces any caller to identify themselves before a call is accepted. This thus blocks calls from any parties under the age of 16, spammers and marketers etc.
- In terms of my mobile phone: My phone uses a biometric fingerprint scan or a unique combination swipe to open it.
- In terms of my computer: My computer requires a unique password to open it
- In terms of my office space (where personal data is kept): My flat has Birmingham bars to secure the front door. It also has two locks etc. The building has an active neighbourhood watch scheme
- The last and MOST important point – I am a Sole Trader and have very few clients! I think it is extremely unlikely anyone would want to steal my data!!!!
- The risk of a breach of data is thus effectively ZERO
At the bottom of this page, you will find the Privacy Centre. This includes tools on:
- Your right to be forgotten
- Copyright infringements
- Contacting the Data Protection Officer
- Data Rectification
- Media Credits
- Requesting a copy of all your personal data used on this website
- Privacy Settings
- Terms and Conditions
- Subscribe and unsubscribe
- The acronym “GDPR” refers to General Data Protection Regulation
- The words “I”, “me”, “my” and “myself” refer to Piers Midwinter
- Best Language is the brand name for my Polish company.
- The phrase “My Company” refers to Best Language
- The phrase “Public profiles” can refer to a short description of me and/or my company in a short article on an external website such as Facebook etc.
- My websites are (https://www.dragon-class.com – https://www.bestlanguage.org – https://www.learnenglishonline.pl)
- The term “RODO” means Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC
This section summarises the main GDPR key questions and answers in terms of Cookie data…
What information is being collected by the Cookies?
- Please see the images below
Who is collecting it?
- Please see the images below
How is it collected?
- The images below show that information is collected by cookies
Why is it being collected?
- The images below show that there are four main reasons: Strictly Necessary, Unclassified, Statistics and Marketing
How will it be used?
- Please see the images below
Who will it be shared with?
- Please see the images below
What will be the effect of this on the individuals concerned?
- Users can also change their cookie settings in the browser they are using. Information on how this can be done can found here: All about Cookies
- This website does NOT use Google Analytics tools.
Is the intended use likely to cause individuals to object or complain?
As a result of the above-mentioned points, users can change their cookie settings, switch them off in a browser or accept this website’s use of them. The individuals using the website thus have FULL CONTROL of their personal data. They thus have no reason to object or complain.
Newsletter & Marketing
From 25th May 2018, all Marketing, Promotions and Newsletters from me require
- Your consent through a positive opt-in.
- Your consent must be given freely
- You to withdraw consent and/or change the way you subscribe easily
If you are interested in receiving my Newsletters and/or promotions, please do contact me
- The user can use my contact form to transfer his personal data to me
- Providing personal data is always voluntary. You do not have to provide it. It is your choice.
- The administrator (Piers Midwinter) guarantees the confidentiality of all personal data provided to him.
- Personal data is collected with due diligence and properly protected against access by unauthorised persons.
- The user has the right to request access to, rectify, delete or limit processing; the right to object to the processing; the right to transfer data; the right to withdraw consent to the processing of personal data for a particular purpose, if the User previously gave such consent; the right to file a complaint with Piers Midwinter
- As a teacher, I use students personal data to contact them about lessons etc
How long data is kept
- I am a teacher. So I have a very direct relationship with my clients
- If a student decides to stop learning English completely, then I have no need for their personal data and delete it
- Sometimes students take a break from learning (e.g. during the summer holidays etc.) and then want to come back.
- If a student requests personal data to be deleted, I will do so immediately. No student has ever done so – but under the new GDPR regulations, I must now offer this service.
- Data can be kept for up to four months (To cover me during the summer holiday). If a student does not resume English lessons by October, their personal data is then deleted permanently