Privacy Policy

In creating this privacy policy, Penny Post has followed the guidelines set out by the ICO which can be seen here.

The personal data Penny Post holds

The only information Penny Post needs from a potential subscriber is an email address. We also request other information such as your name and the town/s or village/s where you live or work or in which you have an interest but these are not mandatory.

All the data that Penny Post holds was and is collected in one of the following ways:

• By people using a sign-up form at an event;
• By people subscribing online;
• By people confirming verbally, on the telephone, by email or via social media that they wish to subscribe.

Penny Post has never added any personal or financial data received from a third party (for example a purchased or otherwise-acquired list).

Penny Post has never and will not pass on in any way nor for any reason any personal or financial data it holds to a third party (unless obliged to do so by law). Nor does it combine your data with other data from other sources.

All the subscription data is held on our behalf by Mailchimp, a reputable company which provides such services for many companies. We believe that all their practices and the range of information we are able to access (for instance about who has been sent or has opened a particular e-newsletter) are both GDPR-compliant and commercially reasonable. Mailchimp is registered in the USA under Privacy Shield.

The advent of GDPR has not made us modify any of these principles, which are ones to which we’ve always adhered. It has, however, given us the opportunity to explain these and to introduce some small changes to our subscription preferences.

If you have ever had a financial transaction with Penny Post then such financial data as is necessary for us to raise invoices and perform related functions is held on KashFlow, our web-based accounts package.

The basis of Penny Post’s request for and holding of data

We believe that ‘legitimate interest’ is the lawful basis on which Penny Post collects and uses the data it holds. This is (May 2018) defined by the ICO as follows:

‘Legitimate interests is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.’

Penny Post uses the personal data in ways people would reasonably expect. As we only require an email address (and invite some other information) the privacy impact is minimal. It is essential that we hold the email address in order to send the e-newsletters.

Penny Post’s publications

All of Penny Post’s publications are e-newsletters and related mailings. All are devoted to information relevant to the Penny Post area (click here for more information). These are sent to all subscribers.

When you subscribe (and you can amend by editing your preferences, a link to which is supplied at the foot of each email) you will be invited to tick the place/s in the Penny Post area where you live or work or in which you have an interest. Ticking a box where the place name is in CAPITALS will result in your also receiving the monthly newsletters that contain information specific to these areas.

If we produce any other e-newsletters for other area/s in the future we shall assume that if you have selected these area/s you are happy to receive these publications. If you are not, please amend your preferences (see section below).

Penny Post does not use nor intends to use your personal data for any purpose other than related to the business of sending you these e-newsletters. If we wish to use it for another purpose we shall not do unless we have requested consent from you and you have agreed.

Your preferences and unsubscribing

When your personal data is added, you will be asked to supply your email address and, if you wish, other details including your name and your location/s.

On the subscriber page you can, either when you subscribe or at any time thereafter, see which of these groups you are receiving e-newsletters for and amend these or unsubscribe altogether. On this page you can also change other details – all the information you have ever supplied to us is displayed and editable by you.

There has always been and will continue to be in every email you receive an unsubscribe button (which will unsubscribe you from everything) or a link to the preferences page.

If you unsubscribe, Penny Post will not be able to re-subscribe you as Mailchimp’s system prevents this. You can, however, do so yourself.

Security of data

It is occasionally necessary for us to download all or part of the data from Mailchimp or our accounts system (Kashflow) for the purpose of analysis or checking statistics. This data is only downloaded onto a desktop (rather than a laptop) computer and is deleted as soon as possible after its purpose has been served.

Although Mailchimp and Kashflow operate to the highest standards of security, no system or network is immune from the threat of data theft. If you have any reason to believe that your personal data held by Penny Post has been breached, please contact brian@pennypost.org.uk. Please also use this email address if you have any questions or concerns about anything in this privacy policy.