Tuesday, 29 May 2018

PRIVACY STATEMENT

PRIVACY STATEMENT - Blaine Reed Meteorites- Yahoo Groups and Google Blogger
(May 29, 2018 version)

Hi Folks,

It seems that I am being required to make a privacy announcement to all of you that are current members of my brmeteorites_list group and more (and it also seems that I will have to find a way to send this to anyone new who signs up for the group – even though I don’t personally know who new members are or when they sign up).

Dirk Ross, who takes my Yahoo groups postings and (kindly and thankfully) re-posts them on an open to the public blog contacted me last Wednesday (the day before I was leaving for Denver) telling me that I MUST quickly produce and make public a “privacy policy”. It seems that new privacy laws in Europe require this of me (under penalty of law) as I do indeed have some customers in Europe. I was told that I needed to make a privacy policy, get it to my European customers and give them the chance to be removed from my systems if they don’t like what they see (I am extending this option to folks everywhere, not just to those in Europe). He (Dirk) sent me a copy of a privacy policy from another collecting/ hobby site for my review and alteration for my needs. Well, I did indeed look through that particular privacy police notice briefly but a) I didn’t have time to do anything (I was leaving early the next morning) and b) felt most of this particular privacy statement had nothing to do with me or the various ways I reach people (this collecting site had log in user name and passwords, used cookies and had direct on site purchasing capabilities). As such, I completely ignored the situation for the time being. However, once I got back home 4 days later, I found a message that, due to my inaction on the subject, Dirk had felt the need to indeed take much of the text of the active collecting site’s privacy policy and post it as a front page of the blog he set up for publicly posting offerings from my Yahoo groups list. Some of you may have already seen this. My concern is that many of you may become somewhat concerned, given the rather detailed nature of that particular privacy statement (it has mentions of tracking, cookies, user names, passwords and purchase records). Here I want to set straight what is MY privacy policies. Anyone who feels, after reading this post, that these are not acceptable, please contact me and I will remove you from my brmeteorites_list Yahoo groups membership, e-mail contacts list and/or my hard copy customer file (there is nothing I can do if you are seeing things through the blog re-posts other than say – don’t visit the blog site if you have concerns).


Customer records kept:

First, I DO keep some records. I have an old-fashioned card file (3” x 5”) that has customer cards that contain customer name, address, phone and or e-mail. These cards also have notes as to purchases but only the month/year the purchase was made and the total amount. I use the purchase data for two reasons. First is that if I have not heard from a particular customer for considerable time (several years – longer if the customer had shown a fairly consistent purchasing pattern in earlier years) I remove them from my mailing list (yes, many of you do know that I do still actually periodically mail a paper catalog). I have also found these purchase notes to be highly helpful for retrieving info for customers later. I have had customers that have needed for me to look up something they purchased earlier (need the cost, size, date, etc) and these brief notes allow me (though with considerable difficulty, so please don’t ask for this unless it is really needed) to usually find the info they need. So, these purchase notes are mostly for controlling my mailing list but also can be used for the customer’s benefit (when really needed).

Customer credit card information:

I don’t keep credit card info records, much to the chagrin of customers who like to say “just put it on my card”. Each time a customer wants to make a credit card purchase I have them give me the required data either over the phone (most common), as several coded e-mails (rarely) or by fax (pretty much the only reason I still have a fax is that some overseas customers, rightly, feel more secure providing the needed data that way than by e-mails). When I am done processing a credit card order the card info (numbers, expiration and such) get dropped through a cross-cut paper shredder. If the card info was sent to me through several coded e-mails those e-mails are deleted as soon as I am done with the transaction (and I do not “respond” to any such e-mails as this takes the data in that particular e-mail and re-sends it back through the system. If any further contact is needed, it is done through a fresh new subject e-mail, not by responding to ANY e-mail that contains any portion of credit card data). The receipts that are generated by my credit card processing machine (which uses a land-line phone connection, not internet or cell phone) do not have your card info on them (years ago some did) – only the last 4 digits of the card and nothing else. Even those records (along with the actual receipt books of the sales that year) get tossed into a fire pit when I clean out old tax records later (usually around 7 years later, as that is how long the IRS requires me to hold onto tax records and the supporting paperwork).

Selling/ giving out of customer’s data:

Nope never have and don’t plan on ever doing it. I see this info as property of the customer, not mine (this policy has already cost me a big customer and friend – I’ll explain below). Years ago, I did have a new to the field dealer offer me $5k for my customer list (and, at the time, that $5k would have really helped). Despite the consultations of a famous now retired meteorite and mineral dealer telling me to sell, I did not. That new dealer went on to become super successful without the help of my customer list none the less. Another person (the big customer and friend mentioned above) wanted to do a book on pallasites and wanted a list of the people with collections of pallasites. This person was REALLY BIG in his main field (coins) and had done some really fantastic books along these lines. I still have his book on US silver dollars and it is an absolute thrill to read. It has history of each coin: general news of the year, area it was minted, how many were made, how many (and in what grade) are accounted for in large collections and estimates of how many are likely in small collections and sock drawers. Anyway, he really, really wanted to do a similar book for pallasites (it would have indeed been really interesting as well). He contacted me wanting me to give him a list of pretty much every person who ever bought a pallasite specimen from me, what different pallasites they had bought over the years and what sizes the pieces were. I politely declined. Unfortunately, it didn’t end at that. The demands for the info (he knew I had it) got rather heated at times. I finally explained to him that though I DID have the info he was asking for it was NOT mine to give. The best I could offer was that I could ask folks that had bought pallasites from me if they would like to have them and their collection as part of a book. No good, the author felt he needed all the data, not just of those willing to participate, to make the book factual and useful (true, I suppose). Anyway, what relationship I had with this person pretty much ended over this. So, the gist of this is – I have never sold personal customer info (either contact or purchases) and don’t plan to.

Data collected and used by Yahoo and the site hosting the blog re-posts:

I think this is the part Dirk was the most concerned over. Unfortunately though, I have no idea or control over what info these folks gather and how they use it. Yahoo, obviously, has your e-mail address (those of you that have joined the brmeteorites_list group anyway) or they wouldn’t be able to send you my groups postings. Yahoo also likely has some data on you if you are in my e-mail “contacts” list. As for the blog hosting site, I have no idea for certain but I would not be the least bit surprised if they have cookies (that are usually used for tracking and advertising purposes) and possibly more. Again, I have absolutely no control over this part of the equation. The only protection against this open door is to not visit the blog site, be removed from the brmeteorties_list group membership and/ or my e-mail “contacts” list. As for the parts of the brmeteorites_list group I can control: I did purposely set up the group so that members do not receive and cannot see each other’s e-mail addresses (but then, I am not certain it could be any other way, given that I am the only one that can post anything). I suppose it is possible that some computer hacker could figure out how to hack their way to that data if they really felt it was worth the time and effort though (something else that I really have no real control over).


I am sure I have forgotten to address something. Please let me know if I have and I’ll try to deal with it as I am notified of my failings. It is just that I am not very computer savvy and really don’t personally see a lot of privacy issues running business the way I do (paper lists, e-mail offerings you have to sign up for to receive and a blog site you have to go to on your own to view. Order processing by you needing to directly contact me and so on). Regardless, I have been told new European laws require it as I do have some customers in Europe. No matter where you live, all of this still applies. If you feel that there are risks with your personal data you do not want to take, please let me know. At this point the only actions I can take directly is to remove you from the Yahoo groups membership and or my e-mail “contacts” list if you are part of them and remove and destroy your customer card in my files if you have one. If you desire any of these actions, please contact me at brmeteorites@yahoo.com or call (970) 874-1487. I’ll need the e-mail address you are receiving the yahoo groups offerings at to find and remove that contact from the group membership list, the e-mail address that might be in my “contacts” list (if different from the one in the “groups” file) and I’ll need your name and address so I can be sure that I am getting rid of the correct customer card in my 3x5 file if that is the action desired. As for the blog hosting site – nothing I can do there accept say that if you feel that visiting that is a risk then DON’T VISIT IT!

Blaine