Privacy Policy

Title: Blog Visitor Personal Data Protection
Prepared by: Lyndon M. Hardy, website owner and data protection officer
Effective date: 5/25/2018 – supersedes all versions dated previously
1) Data Scope:
Personal data shall be limited to a blog visitor’s:
a) Name,
b) Email address,
c) Timestamp of initial personal data acquisition, and
d) Timestamps and descriptions of marketing and sales data sent to the visitor and relevant to the visitor’s blog visits.
e) No other visitor personal data other than that listed in a)-d) above shall be retained in any form.
2) Data Purpose:
Enable communication to the visitor of marketing and sales information.
3) Data Retention:
a) Blog visitor personal data shall not be retained unless visitor, by a positive computer based action, gives his consent to retention.
b) Upon visitor request to, visitor personal data shall be rectified, corrected, deleted or a copy emailed to the visitor to do with as he chooses.
c) Visitor requests received under b) above shall be reviewed and processed by the data protection officer.
d) In addition, visitor data can be removed by clicking on “unsubscribe” in any email commuicaton, entering his email address on the website page that appears, and then clicking on “Unsubscribe”.
e) Unless otherwise directed by the visitor, the personal data can be retained indefinitely.
4) Data Storage:
Personal data shall be retained and stored
a) On a single computer,
i) As configured to have only a single user with the operating system logon privilege and with such a logon password protected, and
ii) Placed behind an electronic firewall that prohibits access by external internet based sources, and
b) On single externally unmarked backup flash drive solely in physical possession of Lyndon M. Hardy
5) Data Disclosure:
a) Disclosure of personal data shall be only by permission granted by the visitor with the single exception of
b) Legitimate requests by law-enforcement agencies, in which case visitor permission shall not be required.
6) Data Breaches:
a) Unauthorized accessed to the data specified in 1)a)-d) above shall be reported to the appropriate authority within 72 hours of when the breach is detected.