Privacy policy

This policy explains when, how and why I collect, use and store your personal data. This policy also includes an explanation of your rights with regard to the processing of your personal data.

The Writing Shop is the trading name of Michelle Drapeau. The data controller for The Writing Shop is Michelle Drapeau, telephone 01525 591011, email

It is important that the personal information I hold about you is accurate so please let me know of any changes to your personal information by emailing

I reserve the right to amend this policy from time to time without prior notice. I will not contact clients or website users individually to advise of any changes so please check the policy regularly for any amendments. This privacy policy was last updated on 23rd May 2018.

This policy covers the following:

1. Collection of your data
a. When and how I collect your personal data
b. What type of data I collect about you
c. Why I process your personal data

2. Storage of your data
a. Data retention
b. Data breach

3. Third parties
a. Third party online processing
b. Third-party website links
c. Data sharing

4. Your rights


1. Collection of your data

1a. When and how I collect your personal data
I may collect data about you when you interact with me via my website, by post or email, or verbally. This includes the data you provide when:
• You apply for any of my services
• You subscribe to my newsletter
• You provide me with a testimonial
• You request marketing correspondence to be sent to you
• You make an enquiry

I have disabled the ability for users to add comments on my article posts by default. I therefore do not collect any personal data from my article posts.

1b. What type of data I collect about you
Below is a list of some of the data I may collect about you:

Your identity: Your first name and last name
Your contact details: Address, telephone, email address
Your website address: If available
Technical data: In common with many websites, my website uses Google Analytics to track user behaviour. Google Analytics makes use of cookies, a text file placed on users’ computers, in order to help me understand how visitors use my website and the number of visitors my website receives. Although Google Analytics records data such as your geographical location, device, internet browser and operating system, it is not possible for me to identify you using this information. Google Analytics also records your computer’s IP address through which it may be possible to identify you, but Google does not grant me access to this information. The use of Google Analytics or cookies does not give me access to your computer and you can choose whether to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline.

Please note, no personal data is stored on my website. Personal data sent via my contact form is automatically collated into an email and sent to me, and I do not collect payment information. Payments are presently made only via bank transfer.

1c. Why I process your personal data
My intention is to limit the information I process only to what is necessary. I will only use your personal information where the law allows, to comply with regulatory, industry or insurance obligations, and in order to provide a service to you.

I process your personal data for the following reasons:
Your name and contact details: To respond to your enquiry, to register you as a client, to take steps to enter into a contract with you, to manage my contract with you
Your website address: For background information to support the writing process
Technical data: To administer my site and allow you to interact with my site; for troubleshooting purposes, statistical analysis and to enable me to understand how you use my website in order to make improvements where necessary; to understand my marketing needs and develop my business.

Please note, your personal data may be processed without your knowledge or consent where required or permitted by law.

2. Storage of your data

2a. Data retention
In compliance with GDPR, I keep your personal data only for as long as necessary to:
• provide you with contracted services
• comply with legal, tax or insurance requirements, or with reporting obligations
• support a claim or defence in court

For those for whom I have not yet provided a contracted service, the retention period for storage of your personal data is 6 months, unless you request its deletion sooner. This retention period may be longer in order to comply with legal requirements.

For those for whom I have provided a contracted service, the retention period for storage of your personal data is a minimum of 6 years after it was last processed, and may be longer in order to comply with legal requirements.

At the end of the retention period, all data is securely destroyed.

In some circumstances I may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case the information may be used indefinitely and without further notice to you.

2b. Data breach
I am committed to maintaining the security of your personal data and have put in place appropriate measures to prevent data breaches. I will notify you and any relevant regulator within 72 hours of any unlawful data breach, including a breach via any third party data processors, where the breach results in a risk to your rights and freedoms and where I am required by law to notify you. Please note, you will not necessarily be notified where personal information is encrypted and your personal data remains concealed.

3. Third parties

3a. Third party processing
My website is hosted by Siteground within a UK data centre. Siteground implements a range of high-end physical security in their data centres including 24/7 human security, biometrics and video surveillance (source: Siteground

3b. Third party links
My website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. I do not have any control over third-party websites and these sites are not governed by this privacy statement. I therefore cannot be responsible for the protection of your personal information when you visit these websites. When you leave my website, I encourage you to exercise caution and read the privacy notice of every website you visit.

3c. Sharing your data
1. Any personal information you may provide to me will not be shared with any third parties without your prior consent, except where I am required to share by law.
2. In certain circumstances I may ask for your permission to share personal information with third parties where such third parties are involved with me in the provision of services to you. However, I disclose only the personal data that is necessary for the third party to adequately and professionally deliver the service and I maintain a contract requiring them to keep your information secure, in accordance with GDPR, and not to use it for their own purposes.

4. Your rights

Under GDPR and in certain circumstances, you have a range of rights including the right to be informed, right of access, right to rectification (corrections), right to erasure, right to restrict processing, right to data portability, and the right to object to processing. In addition, where the legal basis for processing is consent, you have the right to withdraw your consent. You can read more about your rights here

If you wish to exercise your rights, as above, please email I aim to respond to all reasonable requests within 1 month, unless your request is particularly complex. Any reasonable request for this information is provided free of charge. If your request is unfounded, repetitive or excessive I may charge a reasonable fee or refuse to comply with your request. For your security, I will request evidence of your identify in order to proceed with your request.

At any time you have the right to take any complaints about how I process your personal information to the Information Commissioners Office (ICO) (, the authority responsible for data protection issues in the UK. However, before you approach the ICO I would appreciate the opportunity to try to resolve your concerns first.