Pubwish - The Writer's Platform

Privacy Policy

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words in which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in the plural.

Definitions

For the purposes of this Privacy Policy:

  • Account” means a unique account created for You to access our Service or parts of our Service.
  • Application” means the software program provided by the Company downloaded by You on any electronic device, named Pubwish.
  • Company” (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Pubwish Inc.
  • Country” refers to the United States of America.
  • Cookies” are small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Device” means any device that can access the Service such as a computer, a cell phone, or a digital tablet.
  • Personal Data” is any information that relates to an identified or identifiable individual.
  • Service” refers to the Website.
  • Service Provider” means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.
  • Usage Data” refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • You” means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Information Collected while Using the Application

While using Our Application, in order to provide features of Our Application, We may collect, with Your prior permission:

  • Information regarding your locationWe use this information to provide features of Our Service, to improve and customize Our Service. The information may be uploaded to the Company’s servers and/or a Service Provider’s server or it may be simply stored on Your device.

You can enable or disable access to this information at any time, through Your Device settings.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
  • For the performance of a contract: the development, compliance, and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide You with news, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
  • To manage Your requests: To attend and manage Your requests to Us.
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Service, products, services, marketing, and your experience.

We may share Your personal information in the following situations:

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, for payment processing, to contact You.
  • For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
  • With business partners: We may share Your information with Our business partners to offer You certain products, services, or promotions.
  • With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
  • With Your Consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Detailed Information on the Processing of Your Personal Data

The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies.

Analytics

We may use third-party Service providers to monitor and analyze the use of our Service.

Google
Apple

Email Marketing

We may use Your Personal Data to contact You with newsletters, marketing or promotional materials, and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.

Children’s Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please Contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

Privacy Policy continued …

Please read this website’s privacy policy carefully. This policy contains important information on who we are, how and why we collect, store, use, and share personal information, your rights in relation to your personal information, and on how to contact us and supervisory authorities in the event that you have a complaint.

  • Who we are
    • This website is operated by Pubwish Inc, a company registered in the United States under company registration number 6039757, the registered office of which is at 16192 Coastal Highway, in the city of Lewes, County of Sussex, Delaware trading as Pubwish. We are providers of tools and application software that help writers with their projects. For more information, please go to https://pubwish.com.
    • We collect, use, and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
  • Our website
    • This privacy policy relates to the use of our website https://pubwish.com only.
    • Throughout our website, we may link to other websites owned and operated by certain trusted third parties to offer our services. For instance, we use Shopify to power our online store. The privacy policy of Shopify can be found at https://pubwish.com/privacy. These other third parties may also gather information about you in accordance with their own separate privacy policies.
    • The Services offered by us include the ability for you to create Individualised Spaces (as defined in the Terms and Conditions) and in respect of those Individualised Spaces, you may be acting as data controller or processor of personal data and/or providing information society services. We are not responsible for data processed by you or services provided via Individualised Spaces and you are advised to take your own legal advice and include your own notices and policies in such Individualised Spaces.
  • Our collection and use of your personal information
    • We collect personal information about you when you visit our website, create an account, contact us, subscribe to our mailing list or make a purchase on our website.
    • We collect this information from you either directly, such as when you create an account, contact us, subscribe to our mailing list, post material to our website or make a purchase via our website, or indirectly, such as your browsing activity whilst on our website (see ‘Cookies’ below).
    • The personal information we collect about you depends on the particular activities carried out through our website. This information includes:
      • Your name, billing and shipping addresses and contact details (including your email address and contact number)
      • Your bank account and payment details
      • Information about the services we provide to you
      • Your account details, such as username, login details
      • Your Gmail ID and email address or Facebook ID and Facebook email address
      • Your profile image.
      • Information about your web browser, IP address, time zone, and cookies that are installed on your device
      • Information about individual web pages or products that you view on our site, what websites or search terms referred you to the Site and information about how you interact with the site.
    • We use this personal information to
      • Create and manage your account with us
      • Verify your identity
      • Provide goods and services to you
      • Customise our website and its contents to your particular preferences
      • Notify you of any changes to our website or to our services that may affect you
      • Improve our services
      • Communicate with you
      • Screen our orders for potential risk or fraud
      • When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
    • This website is not intended for use by children and we do not knowingly collect or use personal information relating to children.
  • Our legal basis for processing your personal information
    • When we use your personal information, we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
    • The legal bases we may rely on include:
      • Consent: where you have given us clear consent for us to process your personal information for a specific purpose.
      • Contract: when our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
      • Legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
      • Legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interest of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests).
    • Further information- the personal information we collect, when and how we use it
When information is collected What information we ask for/record How and why we use your information
When you browse our site

Information about your web browser, IP address, time zone and cookies that are installed on your device.

 

Our cookies divide between necessary and optional cookies, and the plug-in installed on our site gives further information about what each cookie does and why we need it.
When you register for our mailing list Name, email address

Administration of the list and sending items out on it. We store this information on our database.

This information is also stored on our mailing service’s database. You can find their privacy policy at https://

When you make an account on our site Your name, your mobile number, your email ID or your Facebook ID, your email address or your Facebook email address, your profile image and your country. Account administration. We store this information on our database. When you sign-up or log-in on the Site we validate your identity using the Facebook and Google API to match with our database.
When you purchase one of our products or services [email details and details required to fulfil orders such as postal address.] To fulfil your order and handle queries and follow ups relating to that order. We store this information on our database.
When you make a post on our site IP address, time zone, posting history To administer the list, deal with user conflicts and complaints and handle queries. We store this information on our database.
When you create user generated content on our site Your profile details (above), your social media details (optional) and any content which you upload to the website via our site. Site management.

 

  • Who we share your personal information with
    • We do not share your personal information with third parties to help us use your personal information.
    • We share your account details with Shopify when you place orders using the site. The data sharing enables us to power our online store.
    • We share your data captured using cookies as set out in the cookie plug-in on our site, which also shows how you can disable cookies. The functionality of the site may be affected depending on which cookies you disable.
    • We will share your personal information with law enforcement or other authorities if required by applicable law.
    • We will not share your personal information with any other third party.
  • Whether information has to be provided by you, and if so why
    • We require you to provide your name, billing and shipping address and contact details, as well as your bank account and payment details, to enable us to provide goods and services to you. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.
    • We will require you to provide your email address in order to register for our mailing list.
    • We will require you to provide your name, email address (or Facebook email address), mobile number, profile image, country and password in order to sign up to our Site.
    • We will require you to provide details regarding your web browser, IP address, time zone and cookies that are installed on your device each time that you use our website.
  • Transfer of your information out of the EEA
    • We may transfer your personal information to the following which is located outside the European Economic Area (EEA) as follows:
      • The United States of America in order to provide your name and address to our supplier of our Story Line products which are stored and shipped from the United States.
    • Such countries do not have the same data protection laws as the United Kingdom and the EEA. While the European Commission has not given a formal decision that the US provides an adequate level of data protection similar to those that apply in the United Kingdom and the EEA, any transfer of your personal information will be pursuant to an approved mechanism under the GDPR such as Privacy Shield or standard contractual clauses..
    • If you would like further information, please contact us at contact@pubwish.com. We will not otherwise transfer your personal data outside the United Kingdom or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
  • Cookies and other tracking technologies
    • A cookie is a small text file that is placed on your device when you use our website. We use cookies on our website. We use cookies to improve and optimise our Site (for example by generating analytics about how our customers browse and interact with the Site, and assess the success of our marketing and advertising campaigns). Further details can be found in our cookie policy at [link]

 

  • Marketing
    • We would like to send you information about our products and services and offers which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS), or automated call.
    • We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes when you order a product or service on our Site or create an account.
    • If you have previously agreed to be contacted in this way, you can unsubscribe at any time by:
    • It may take up to [number] days for this to take place.
    • For more information on your rights in relation to marketing, see ‘Your rights’ below.
  • Your rights
    • Under the General Data Protection Regulation, Articles 12-23, you have a number of important rights free of charge. Those rights include the rights to:
      • Fair processing of information and how we use your personal information
      • Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
      • Require us to correct any mistakes in your information which we hold
      • Require the erasure of personal information concerning you in certain situations
      • Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
      • Object at any time to processing of personal information concerning you for direct marketing
      • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
      • Object in certain other situations to our continued processing of your personal information
      • Otherwise, restrict our processing of your personal information
      • Claim compensation for damages caused by our breach of any data protection laws.
    • If you would like to exercise any of those rights, please:
      • Email, call, or write to us,
      • Let us have enough information to identify you (username, registration details),
      • Let us have proof of your identity and address, and
      • Let us know the information to which your request relates.
    • Keeping your personal information secure
      • We have appropriate security measures in place to prevent personal information from being accidentally lost, used, or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
      • We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
    • How to complain
      • We hope that we can resolve any query or concern you raise about our use of your information.
      • The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular, the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at ico.org.uk/concerns/.
    • Changes to this website privacy policy
      • This website privacy policy was published on [insert date].
      • We may change this website privacy policy from time to time, when we do we will inform you via email.
    • How to contact us
      • Please contact us if you have any questions about this privacy notice or the information we hold about you.
      • If you wish to contact us, please send an email to contact@pubwish.com

 

DATA SECURITY POLICY

 

 

Introduction

Here at Pubwish Inc, we collect, process and store personal data for a range of business purposes. Data subjects include customers, suppliers, partners, employees, clients and other stakeholders and individuals.

Bearing in mind Pubwish Inc’s commitment to uphold the rights of the individual as enshrined in law, our data security policy is designed to protect all past, current and future employees, customers, or partners, from illegal or damaging activity conducted by others using their personal data.

Our data security policy outlines how Pubwish Inc will endeavour to guard and protect all personal data. It also sets out to raise the awareness of staff members in relation to the ways in which GDPR impacts their use of individual’s personal data.

This policy applies to all data processing activities involving Pubwish Inc, and includes activities or systems related to both internal business operations, as well as external relations and any third-party agreements.

Please note that Pubwish Inc’s data security policy applies to all employees, and this policy may be subject to review and amendment on a regular basis. For more information about this policy and its overall implementation, consult our Data Protection Officer.

This document is subject to regular review to ensure ongoing regulatory compliance.

 

Data security policy definitions

Personal data

Personal data encompasses any type of information that relates to an identifiable individual. Various types of personal data {COMPANY NAME] may collect, store and process could include:

  • Contact details
  • Financial information
  • Educational background
  • Certifications
  • Skills
  • Nationality
  • Marital status
  • Job title

The above list is by no means exhaustive, and should be used merely as a point of reference from which a working definition of personal data can be established and further developed.

Sensitive personal data

Under GDPR, sensitive personal data is defined as encompassing any of the following:

  • Racial or ethnic origin
  • Political opinion
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data
  • Health-related information
  • Sexual orientation

It is paramount that all sensitive personal data is kept under stringent control as part of the implementation of our data security policy.

Purposes of personal data

Pubwish Inc uses personal data for a range of various purposes. These purposes may include:

  • Financial
  • Administrative
  • Human resources
  • Regulatory compliance
  • Payroll
  • Business development

Please note the above list is by no means exhaustive, and should merely be used as a reference point from which a working definition of purpose can be established.

Business purposes

Pubwish Inc must carry out a range of functions and processes as part of our operational activity. Data kept in relation to these activities falls under the category of data for business purposes, which includes information of the following nature:

  • Operational
  • Compliance
  • Policy adherence
  • Human resources and personnel
  • Marketing

The above list is by no means exhaustive, and should be used merely as a point of reference from which a working definition of business purposes can be established and further developed.

 

Fair processing

At Pubwish Inc, there will be occasions when employees will need to process personal data; however, processing activities must always be carried out in a fair and lawful manner that is compatible with the rights of each corresponding individual. Consequently, we should avoid processing the personal data of any individual who has not provided us with explicit consent.

Our company must strive to obtain explicit consent at all costs, and we must clearly identify to the individual what data is being processed, why we need to use it and who will have access to their data. These factors must be identified and clearly reiterated to the individual at the point of request for consent.

It’s worth noting there may be exceptional circumstances in which we are asked to process sensitive personal data without consent. An example of an exceptional circumstance could include legal obligations we may need to carry out to comply with health and safety regulations.

Pubwish Inc endeavours to take all actions necessary to ensure that all personal data we obtain, process and store is accurate, relevant and adequate in relation to the reason in which we asked for that information. We should not hold excessive or irrelevant data on any individuals, and we will not process any personal data for a purpose unrelated to the purpose in which the relevant individual has consented to the processing of their data.

 

Our roles and responsibilities

Data security is a critical component of our business. It falls on everyone at Pubwish Inc to take responsibility for data security, and all employees must familiarise themselves with our data security policy and do everything within their power to uphold that policy on a day-to-day basis.

Please note that Pubwish Inc takes data protection incredibly seriously, and we expect all staff members to adhere to this data security policy. Any failure and refusal to comply with this policy could ultimately place our company at risk.

Bearing that in mind, personal non-compliance with this data security policy could lead to disciplinary action as they relate to ordinary personnel procedures. Please contact your line manager with any further questions concerning data protection at Pubwish Inc.

As a staff member at Pubwish Inc, you can expect to receive data protection training in line with our data security policy. All incoming employees will be provided training as an aspect of the wider staff induction process, and all staff members can anticipate the requirement to undergo additional training as a result of subsequent regulatory updates to GDPR or other relevant legislation as it relates to data security.

Data security will inevitably encompass a range of additional responsibilities for various roles within the company. These roles and their responsibilities include (but are not limited to):

Data Protection Officer

GDPR stipulates our company must appoint a Data Protection Officer. It is our Data Protection Officer’s responsibility to:

  • Organise data security training for all employees not specifically referenced within this data security policy.
  • Review and analyse all existing data security protocols and processes on a regular basis.
  • Be a point of contact for all employees, clients and stakeholders to answer questions about data protection and data security.
  • Respond to internal or external queries from individuals wanting to know what data relating to them may have been obtained, processed or stored by our company.
  • Conduct due diligence and submit approval in relation to any contractual agreement with a third party involving the processing or storage of data.
  • Maintain constant contact with company directors, board members and stakeholders in relation to data security, company responsibilities and data risk management.

IT Manager

Information technology plays a crucial role in the way our company operates. Any processes relating to IT and the processing and storage of data must be carefully monitored, assessed and guided by an IT Manager.

It is the responsibility of Pubwish Inc’s IT Manager to:

  • Conduct due diligence and appropriate levels of research into any third-party service that our company may call upon to store or process any data.
  • Make sure that all company software, IT systems, equipment and services meet changing levels of data security standards.
  • Carry out regular checks, audits and scans to ensure security hardware and security software are fully functional and optimised to manage and mitigate data security risks.

Marketing Manager

A significant proportion of our marketing activities involve the collection, storage and processing of data. Consequently, our Marketing Manager must oversee the following responsibilities:

  • Accept all queries relating to data security and data protection from leads, media outlets, clients or other individuals and oversee and deliver an adequate response.
  • Work alongside Pubwish Inc’s Data Protection Officer to make sure that all of our marketing processes, campaigns and activities are compliant with all relevant data security and data protection laws – as well as our own company data security policy.
  • Review, draft and approve any relevant data security statements that must accompany emails, other messages or applicable marketing collateral.

Our data security policies

Pubwish Inc takes data security extremely seriously, and we place the rights of the individual and regulatory adherence at the heart of everything we do as a company.

In light of our commitments, it is mandatory all staff members must observe and adhere to the following data security policies:

Data storage policy

  • All information or data that is collected and processed is subject to all of the applicable requirements as outlined and documented within this policy. This includes information collected electronically, by paper, telephone or data collected through any other means.

  • All data must be collected, stored and protected in a secure location appointed by Pubwish Inc, for a retention period as predefined by corresponding legislature or company policy.
  • Staff members are strictly forbidden to retain confidential information or personal data not relating to themselves on their personal devices. Exceptions to this policy include information that is needed for a purpose that is work-related, temporary and specified and approved by a relevant manager.
  • Staff members should avoid downloading sensitive files or confidential information to local devices wherever possible. Information being necessarily processed for work purposes may be exempt from this policy.
  • Employees must install and use software and systems that have been licensed and approved by the company on devices while carrying out the duties of their role. Downloading or using any software, app or system that is not preapproved by the company will require prior approval from the company’s IT Manager.
  • All mobile and portable devices used by staff members should be approved by the company’s IT Manager and secured to prevent unauthorised access or breach. Personal devices could include a laptop, smartphone, tablet or any other handheld computing devices. This policy also applies to any shared cloud storage spaces.
  • All internet access and online operations carried out by employees could be subject to monitoring and filtering in accordance with relevant legislation and company policy. This monitoring should be carried out only by the IT Manager or an authorised member of staff.
  • Employees must adhere to all applicable elements of this policy when using personal devices to access company resources. Similarly, employees must observe and adhere to all applicable elements of this data security policy when using equipment provided by Pubwish Inc to access information externally.
  • Employees are forbidden from using public access devices. This practice is allowed in some circumstances; however, prior and explicit approval from a line manager for regular public access must be obtained and recorded.
  • Employees must use access tools provided to them by a client or partner of Pubwish Inc if access is granted to any third-party storage system or data storage facility.
  • It is forbidden to send, forward or submit any of the information or data referred to within this data security policy to a third-party unless deemed essential to complete approved processes.
  • If an employee needs to carry out an approved submission of data to any relevant third-party, that data must be made secure in accordance with company policy and any relevant third-party data protection protocols.

Please note that Pubwish Inc will carry out regular system audits to monitor and ensure ongoing compliance with this data security policy and all regulatory requirements as outlined under GDPR.

Data retention policy

While Pubwish Inc must routinely collect and store data, we are committed to the rights of individuals. That’s why we retain all information and personal data for no longer than we need to.

The necessary length of retention will often be decided on a case-for-case basis, bearing in mind the rationale and original purpose surrounding data collection and retention. Decisions of this nature must be made in a way that is compatible with our existing data retention guidelines under GDPR.

For additional guidance, consult the following corresponding documents:

  • Data retention and erasure policy document

International data transfer policy

Employees must observe a series of restrictions that apply towards the international transfer of data or personal information. Employees are not permitted to transfer personal information or data outside of the United Kingdom without having obtained explicit permission in the first instance from the company’s Data Protection Officer.

Data encryption and anonymisation policy

Pubwish Inc deploys encryption to secure and protect data that is stored on devices from unlawful processing or unauthorised access. Encryption is also used to protect information that is in transit.

We also use the anonymisation of personal data wherever deemed prudent to ensure the rights of the individual are fully protected and observed.

In line with these principles, we are committed to the use both encryption and anonymisation as a risk management tool alongside existing systems, to protect the company from accidental loss, as well as from the damage or destruction of data or personal information.

 

Activities that are prohibited

Unless otherwise noted or informed, employees are strictly forbidden from using company equipment, tools or systems for any purpose unrelated to their role responsibilities, excluding any previously mentioned exceptions. This policy also relates to any relevant systems, tools or equipment belonging to a company client or partner.

Bearing that in mind, the following activities should be deemed forbidden with no exceptions:

  • Any unauthorised replication of copyrighted materials.
  • The violation of individual rights by way of the unnecessary collection, storage and processing of personal data or information.
  • The violation of rights of an individual or organisation protected under intellectual property law in any jurisdiction.
  • The use of any programme, command or interface designed to interfere with a user or corresponding user session.
  • The accessing of any data, user account or server for any purpose unrelated to the business function of an individual’s company role.
  • Issuing fraudulent product or service offers from a company account.
  • The allowed sharing or use of employee login credentials or company systems by anyone apart from the named individual.
  • The export of proprietary or confidential information as it relates to the company.
  • The export of any software or data that is in breach of regulation or the company’s data security policy.
  • Knowingly causing a network disruption or security breach.
  • An employee is not allowed to access data that is not intended for them by logging into a system or gaining access to a confidential or limited-access account. The only exception to this rule is if the employee is granted access as part of a specific company project.

Please note that any violation of this policy can lead to disciplinary action, alongside legal action where deemed prudent or necessary.

 

Reporting security issues

If you encounter any incidents or issues relating to the security or protection of information or data, you must report this immediately to company management. Management will subsequently take and record any action deemed necessary to prevent damage or loss in relation to a security threat.

If necessary, it is the responsibility of company management to report relevant incidents relating to a data breach or information security threat to regulators or the authorities. Under GDPR, it also falls upon management to contact the individuals involved in any breach or security threat.

 

Date last updated: Friday, April 15, 2022.