I know, I know. *pat* *pat*
I hate these things too.
Life is hard enough. And our busy, chaotic days can make it feel like a real grind.
Which means that the last thing you need is a dull, thousand-word-or-so legal document to read through at the end of a long, dreary day or on your 10-minute coffee break.
But since I need to explain how I'm complying with the new, shiny General Data Protection Regulation, I'm going to ask you to pretty please bear with me while we all take a collective deep breath, and dive into details of how I handle privacy issues (which to be fair, is something I take very seriously).
Ever been spammed (not the kind that comes in a can, unfortunately) by a company that you never signed up to hear from WITH NO 'UNSUBSCRIBE' BUTTON IN SIGHT?
Whoops, sorry...I didn't mean to shout, but it's just that I know what that email rage feels like. *SOB*
Which is why I'm going to break all this legalese down for you in plain English before we move on to the real (and very boring) legal explanation.
And as required by the GDPR, I'll try to keep things as "concise, transparent, intelligible and easily accessible" as possible, so we're all on the same page.
Here we go.
OK, SO HERE'S THE DEAL (OR MY DEAL, ACTUALLY): Whoops, shouted again. I truly, deeply didn't mean to, but I wanted to make sure that you weren't already falling asleep.
Back to my deal: I'm a writer who spends more than half my day dealing with clients (who're often fickle and confusing, sometimes both), and the other half of it sharing life advice (which many have described as calming and effective, if it matters to you) with anyone who cares to visit my site.
Oh yes, and I also spend some time eating, showering and sleeping.
This generally means one thing: That I'm usually too tired to do anything suspicious or criminal-like with your data. I don't have the time or energy to steal your identity—I'm too busy taking care of my own.
I collect just enough information about you (this usually means your first name and email address) so I'm able to deliver said life advice to you via email a couple of times a month, in addition to kits, guides or courses that you buy from me.
That's about it, really.
COOKIES: Before setting up my blog, the only kind of cookies I knew anything about were the ones that came in a box, jar or packet.
But since you're here and we're talking about a different kind of cookie (the kind you can't eat, so we're clear), then the answer is yes, I do use them because it's what makes the internet go round and round and round....without giving you a headache.
Don't want my cookies (they're not bad, really)? All you have to do is block them on your browser. I won't take your rejection personally, honest to God.
And you'll still get the yummy life advice I promised you.
VISITOR TRACKING: Ok, I have a confession to make.
I'm friends with Google.
I use their Analytics tool to find out what you like and what you don't like on my site so I can spend more time creating things that you do like.
Google Analytics doesn't track or store any personal data about you that you'd share with a stranger (or your mother), but it will grab your IP address (not that I know what that is or what it's for) so that it can tell me how you interacted with my site.
Facebook on the other hand, I'm not so fond of, so you'll never find me stalking you there.
DATA STORAGE: Because you know I'm all about that data, 'bout that data, no trouble (hopefully).
What does this mean?
Well, it basically means that I store your data and I do it in the most responsible way(s) possible.
Here's what happens on my site: If you sign up for my email list, I'll store your name (this depends on whether you are asked to provide it) and email address, both of which are kept securely by ConvertKit—the email service provider that I use to manage and send out all my emails. All payments for my kits, guides and courses are delivered by content-delivery systems called Zippy Courses and E-junkie, and processed via Paypal, which means that your payment details are NEVER held on my site.
All these services are GDPR compliant, and you can unsubscribe from my emails at any time by clicking on the 'Unsubscribe' button at the bottom of each email.
I may, in the future, target you with ads for stuff that you might find useful. For example, if you bought a healthy-eating starter kit, I might occasionally ask you if you'd like to give a mindful-eating plan a go. And if you bought one of my guides, I might ask if you'd like to buy another.
It's kinda like ordering a meal at your favorite burger joint, basically.
But what I will never, ever do is share your data with or sell it to anyone else because I think it's a really dick move to pull.
EMAILS: If you sign up my for my emails, that's exactly what you'll get.
I'm very particular about respecting a person's personal space, so I like to send out my emails accordingly: About 2-4 a month with plenty of breathing room in-between.
Occasionally, I'll send you more emails when I have more good stuff to share, but you can always opt out of receiving them by clicking on the 'Unsubscribe' button at the bottom of my emails.
And just so you know, ConvertKit automatically tracks every email you open (or don't open) and link you click on, which means that if you open one of my emails, I will know. If you get an email from me but ignore it, I will also know.
This data lets me know if you liked a particular email or hated it, so I can write more emails you like and less of the ones you don't. It also allows me to do some pretty nifty things, like find out if an email that you were expecting was, in fact, sent to you (or not) because you emailed me to tell me that you never got it.
YOUR RIGHT TO BE FORGOTTEN. Ok, I get it. Sometimes, all you want to do is escape to a new place where nobody knows who you are, so you can start life over on a new slate.
Or, you could be feeling just a liittle paranoid about someone you barely know having your personal details (I know I am sometimes), not knowing what they might do with them.
Either way, if you want me to forget that we ever met (sigh. Fine. Be that way), all you have to do is shoot me at email at firstname.lastname@example.org, and I'll delete all the info I have on you while crying my eyes out (kidding—I'm not that neurotic, but I might shed a tear or two).
But just so you're aware, if you do decide that you want to go down this route, you'll never be able to access your courses again or get their upgrades I promised you. This isn't me trying to be a jerk; it's just that I will need to have your email address and name stored in my system so that I can tell you're a paying customer and are allowed to access what you paid for.
Are we good?
Now that we've gotten everything out in the air, let's get down to the real (read: boring) stuff, in proper legal jargon.
What personal information do we collect from the people that visit our blog, website or app? When ordering or registering at michelelian.com, as appropriate, you may be asked to enter your name, email address or other details to help you with your experience.
When do we collect information? We collect information from you when you place and order, subscribe to our newsletter, fill out a form or enter information on our site.
How do we use your information? We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To personalize user's experience and to allow us to deliver the type of content and product offerings in which you are most interested.
- To improve our website in order to better serve you.
- To allow us to better service you in responding to your customer service requests.
- To administer a contest, promotion, survey or other site feature.
- To send periodic emails regarding your order or other products and services.
How do we protect visitor information? Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. We use regular Malware Scanning. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
Do we use 'cookies'? Yes.
- Understand and save user's preferences for future visits.
- Keep track of advertisements.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, It won't affect the user's experience .
Third Party Disclosure We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
Third party links Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Google Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We have not enabled Google AdSense on our site but we may do so in the future.
According to CalOPPA we agree to the following:
- Users can visit our site anonymously
- Users are able to change their personal information: By emailing us at email@example.com
How does our site handle do not track signals? We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third parting behavioral tracking? It's also important to note that we allow third party behavioral tracking.
COPPA (Children Online Privacy Protection Act) When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under 13.
Fair Information Practices The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur: We will notify the users via email within 1 business day. We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
To be in accordance with CANSPAM we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us at and we will promptly remove you from ALL correspondence.
This policy is effective 2016-01-11