Confidentiality and Data Protection
Personal Data
punctum books is the data controller of personal data of the following groups:
All personal data stored in emails, Wordpress, Nextcloud, and InvoiceNinja are stored on encrypted servers managed by Cloud68. None of these data may be disclosed to the public without explicit authorization from the co-directors.
Staff records
Staff records for the purpose of payroll are held within Quickbooks. Banking information is only accessible to the employees themselves via their own login. Payroll management is only accessible to the co-directors. Staff records are stored on NextCloud and Bookstack and only accessible to the co-directors.
Contributor records
Personal information of authors, editors, and other contributors to book projects is provided by them throughout the book production process. At the point of manuscript submission, contributors provide their name, biography, ORCiD, and social media handles for outreach and metadata purposes.
When the book is published, contributors provide their address information for the purpose of receiving author copies. This address information is recorded within KDP, from where it is automatically deleted after some time.
When contributors order extra author copies, their address information is recorded in InvoiceNinja for the purpose of invoice generation.
Subscriber records
When new donors or subscribers decide to support punctum books, their personal and credit card are managed by Stripe, but the co-directors have access to a subset of these data via the Stripe dashboard.
There are legacy data in the Wordpress website of subscribers that supported punctum books through two different Wordpress plugins. As these subscriber resubscribe or cancel, there will be increasingly less personal data of from subscribers accessible through the Wordpress backend.
Vendor records
Bookstores, vendors, and other commercial partners of punctum may provide address information for the purposes of shipping books and invoicing. These data are stored in KDP and InvoiceNinja.
Financial Data
punctum books is a public benefit corporation and as such publishes a yearly activity and financial report.
Bank account information, tax identifiers, and login info for online payment systems Stripe and Paypal are held on Bookstack (only accessible to codirectors) as well as an encrypted password vault. Tax and other financial documents are held in the Punctum Accounting folder on Nextcloud, only accessible to co-directors and the accountant. Accounting and tax management is done through Quickbooks, to which the CFO and the accountant have access.
The CFO keeps a spreadsheed in Google Docs with quarterly and annual financial forecasts.
Except those published in the annual report, none of these data may be disclosed to the public without explicit authorization from the co-directors.
Device Security
All devices that you use for punctum business or to access punctum platforms or accounts should be secure.
- Keep all devices password-protected;
- Do not leave devices unattended;
-
Install security updates for browsers and other systems as soon as updates are available.Install security and software updates as soon as they are available;
- Log in to company platforms and account only via safe (wifi) networks. Use a VPN when on public wifi;
Emergency Protocols
All essential punctum passwords and logins are stored in an encrypted KeePassX password vault. This is the file punctum4.kdbx. The password to this file is stored in a red box in the CFO's bedroom, to which his partner has access. True story!