Workplace Policies
Confidentiality and data protection
Personal Data
punctum books is the data controller of personal data of the following groups:
All personal data stored in emails, Wordpress, Nextcloud, and InvoiceNinja are stored on encrypted servers managed by Cloud68.
Employee records
Employee records for the purpose of payroll are held within Quickbooks. Banking information is only accessible to the employees themselves via their own login. Payroll management is only accessible to the co-directors. Employee records are stored on NextCloud and Bookstack and only accessible to the co-directors.
Contributor records
Personal information of authors, editors, and other contributors to book projects is provided by them throughout the book production process. At the point of manuscript submission, contributors provide their name, biography, ORCiD, and social media handles for outreach and metadata purposes.
When the book is published, contributors provide their address information for the purpose of receiving author copies. This address information is recorded within KDP, from where it is automatically deleted after some time.
When contributors order extra author copies, their address information is recorded in InvoiceNinja for the purpose of invoice generation.
Subscriber records
When new donors or subscribers decide to support punctum books, their personal and credit card are managed by Stripe, but the co-directors have access to a subset of these data via the Stripe dashboard.
There are legacy data in the Wordpress website of subscribers that supported punctum books through two different Wordpress plugins. As these subscriber resubscribe or cancel, there will be increasingly less personal data of from subscribers accessible through the Wordpress backend.
Vendor records
Bookstores, vendors, and other commercial partners of punctum may provide address information for the purposes of shipping books and invoicing. These data are stored in KDP and InvoiceNinja.
Unpublished financial information
We are transparent on a yearly basis about our finances
Data of customers/partners/vendors
No sharing of contacts or lists
Customer lists (existing and prospective)
No sharing of lists existing aand prospective
Unpublished goals, forecasts and initiatives marked as confidential
Financial stuff is private and is encrypted
Harassment and violence/ Workplace harassment/ Workplace violence
Use copim code of conduct procedure <https://copim.pubpub.org/pub/code-of-conduct/release/3> and Eileen will make some revisions (chain of command for complaints?)
Workplace Safety and Health
We have to be in contact, health benefits will remain, half pay for 6 mo and we will all (everyone on payroll) revisit after 6 mo. Freelancers will be employed to make up work
Emergency Protocols
There will be access to a password list in worst case scenario