Privacy policy

I’m registered as a sole proprietor in Ontario, Canada, and a sole trader in the UK, working out of both countries as edi‑tor.com.

I offer a range of services as an editor and an equity, diversity and inclusion (EDI) professional. I work with diverse clients internationally, including:

  • writers, fellow editors and publishers

  • organisations, professional services agencies and educators

  • human resources (HR) practitioners and fellow EDI professionals.

This privacy policy sets out the scope and the limits of how I’ll protect and use any personal or other data or information you give me. The law applicable to this policy is:

  • in the UK, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018

  • in Canada, the Protection of Personal Information and Electronic Documents Act 2000 (PIPEDA).

The UK GDPR refers to personal data; PIPEDA refers to personal information. As a consequence, I refer in this policy to personal (and other) data or information.

This policy was last updated on 18 May 2023.

Why do I collect personal and other data or information?

Currently, I gather from you through this website only personal and other data or information that allows me to:

  • respond to your enquiry

  • contact you to discuss any proposed project(s)

  • correspond with you during the course of any agreed project(s)

  • enable certain functions on this website

  • better understand how visitors use this website.

In the future, I may also gather through this website personal data or information that allows me to send you any updates you may request (eg when I publish a new blog or should I launch a newsletter).

I additionally collect throughout the course of our relationship the data or information necessary to performance of the services you ask of me. That data or information varies depending on the nature of the project.

The personal and other data or information you provide to me directly is data or information that I hold lawfully with your consent. (See ‘When will I dispose of your personal and other data or information?’ for more on the removal of such consent.)

Some of the data or information I gather may be data or information that I hold lawfully so that I can complete my contractual obligations to you.

What personal and other data or information do I collect from you?

The personal data or information I’ll collect at the outset and during the course of our engagement is limited to:

  • your name

  • your contact details (eg email address, phone number, postal address)

  • your organisation (if any) and role

  • the details of your enquiry and any project(s) on which we agree to work together.

I may also collect other relevant data or information as it appears within our further correspondence (eg emails).

In addition, I’ll gather data or information relevant to the specific project on which we collaborate. You and I will define the scope of that data or information when we agree project terms, to include its appropriate retention and disposal.

Financial data or information

I don’t collect any financial data or information via this website.

Because I ask for payment by bank transfer on receipt of an invoice that I deliver to you by email and I don’t accept direct payment by card or cheque, I don’t collect your financial data or information by other means.

Project data or information

I collect all data or information necessary to:

  • assess any proposed project(s)

  • agree the terms of any proposed project(s)

  • perform the agreed project(s).

See ‘When will I dispose of your personal and other data or information?’ below for more on retention of project information.

Sensitive data or information

The nature of EDI work is such that some personal and other data or information you share with me may be sensitive.

Under the UK GDPR, this type of sensitive personal data is known as special category data.

Should you choose to share with me the type of sensitive personal information I make available within my own positionality statement (eg my gender identity, sexual orientation, neurodivergence), I will treat such disclosures as confidential unless you instruct me otherwise.

Should a proposed project risk the transfer and processing of sensitive personal data or information about others (eg identifiable participants in a survey or other group-focused activity), we will discuss:

  • the scope of the processing necessary to the project

  • the appropriate safeguards we might put in place (eg fully anonymising any special category data before transferring it to me)

  • the specific terms and conditions under which such processing will be lawfully performed.

Should you and I be based in different countries, I will advise you to seek legal advice to ensure that we do not engage in a restricted transfer under the UK GDPR or the law in your own jurisdiction.

I may advise you to seek an alternative service provider for some or all of any proposed project that may involve the transfer of special category data.

How do I collect and where do I securely store your personal and other data or information?

You currently provide me with your personal data or information through:

  • my website contact form (ie SquareSpace)

  • email and other correspondence (ie Google Workspace).

In the future, I may collect personal data or information through an automated email marketing platform (eg Mailchimp), so that I can deliver any updates you may request.

I additionally process your personal and other data or information within a file management system (ie Dropbox) and video-conferencing software (ie Zoom).

  • SquareSpace is my website host. It is password-protected and SSL-certified. You can access SquareSpace’s privacy policy here.

  • Google Workspace is the password-protected server through which I correspond with you by email. You can access Google’s privacy policy here.

  • Dropbox is the password-protected, cloud-based system I use for file management. I can access Dropbox from any secured device. My account is protected by a two-step password-authentication process. You can access Dropbox’s privacy policy here.

  • Zoom is the video-conferencing software I use to meet with you and to deliver learning services. My account is password-protected and every meeting is passcode-secured. You can access Zoom’s privacy policy here.

With whom do I share your personal and other data or information?

I will never lease or sell your data or information to third parties, and I will distribute it to (ie share it with) third parties only in the event that:

  • you ask me to do so, in writing, clearly identifying with whom I am to share it and how

  • a tax or other authority audits or investigates my business.

I’ll use your data or information for marketing or promotion purposes (eg as a testimonial on my website) only with your written permission or where you have otherwise given explicit consent (eg should I launch a newsletter).

Links to third-party websites and platforms

When you use a link to leave my website (eg to visit my LinkedIn profile or my listing in the CIEP Directory), I am not responsible for the protection any such third-party website or platform extends to the personal or other data or information you supply there.

Please visit the third party’s own privacy policy for details of its own terms.

When and how will I dispose of your personal and other data or information?

Unless you request otherwise, I will keep your core personal data or information (ie your name, contact details, organisation and role) and our email correspondence indefinitely.

Unless you request otherwise, I may archive securely for no less than five years:

  • all relevant information on completion and delivery of a project

  • useful information relating to a proposed project that does not progress beyond assessment.

I hold this information to:

  • increase the efficiency of my services should you propose any further project(s)

  • inform the continuous improvement of my services

  • comply with my statutory record-keeping duties to HM Revenue and Customs (HMRC) in the UK and the Canadian Revenue Agency (CRA).

You may ask me at any time to remove or amend your personal or other data or information and I’ll comply without delay, unless doing so is prohibited in law or would compromise my ability to meet my contractual obligations to you.

I will dispose of your personal and other data or information by:

  • deleting it fully from all of my devices and software (installed and cloud-based)

  • physically destroying my drives and devices when they reach the end of their useful life.

What about cookies?

My website uses cookies for analytic purposes only.

A cookie identifies your computer as you view different pages on my website and informs reports from Google Analytics that help me better meet visitors’ needs.

Cookies don’t give me access to your computer or any information about you other than that which you choose to share with me directly. (See ‘What personal and other data or information do I collect from you?’ above.)

If you don’t want my website to store cookies on your computer or device, you can amend your web browser’s cookie settings. Please note that such amendment may affect how my website functions and some pages may become unavailable to you.

Your rights and reaching out to me

Have you got a question about this privacy policy? Do you want to ask me to modify or erase your data? Would you like to exercise another right under the UK GDPR or Canada’s PIPEDA?

Please email me at vanessa@edi-tor.com.

If you’re unhappy with my response, you may complain to:

  • the Information Commissioner’s Office in the UK, which provides everything you need to make a complaint here

  • the Information Commissioner in Canada, which answers some frequently asked questions about making a complaint here.