The Bart Ehrman Blog Privacy Policy

How Your Information is Used

Your privacy is extremely important to us and my team will do everything we can to protect it.  As the publishers of The Bart Ehrman Blog, ehrmanblog.org, we gather personal data — such as name, address, e-mail address etc. — only when you voluntarily submit them to us.  We will never sell, rent, or lease this personal information to any third party.  We will not disclose it in any way to any person without your prior consent, unless we are required to do so by law.

We will add all information we collect to our database and use it to provide you with daily post notifications, periodic newsletter updates, or weekly essays.  If you are not already a member of the blog, we may e-mail you to give you the opportunity to join.  Other communications may include such things as newsletters, special offers, fundraising appeals, and information regarding events I hold in connection with the blog.  If you receive any electronic communications connected with the blog, it will come directly from us, since we will never sell or share your personal information. You can always ask to be removed from our mailing list.

Updating Your Personal Information

If your personal information – such as e-mail address, postal address or phone number – changes, you may update it anytime by logging onto ehrmanblog.org, clicking on “account” on the top right corner, and updating it as necessary.

To change your e-mail address so we can notify you about weekly posts (or anything else), click on your profile link, located at the bottom of every mailing, and change the e-mail address in the appropriate box.  You may also contact us directly clicking the HELP button off the main menu above.

How Your Information is Used and Protected

When you submit information through the blog or at an event, your information is protected both on and off-line.   All personal data are entered through a secure (https) 256-bit encrypted connection.

When you subscribe to The Bart Ehrman Blog, your credit card information will be collected and stored by the Stripe processor using industry standard security protocols that prevent anyone (other than you) from knowing it.  None of your payment information is stored on the blog itself or the server hosting the blog. If you change your credit card or any related information, upon renewal, you will have the opportunity to update it at that time.

Your membership is on automatic renewal: you do not need to notify us for the next period.  Your credit card account will be billed until you cancel your membership.  To do so, simply log into your blog account as normal and click “cancel.”  This will deactivate our auto-billing system and you will no longer receive blog posts or be billed.

The charge on your credit card bill will be listed as BARTEHRMANBLOG.

If you request a refund after you have been billed for the automatic renewal, we require a $2 processing fee.  You may receive a refund (minus the $2 fee) for a period of 30 days after your account is charged

Links to External Sites

This blog may contain links to other sites, such as when we embed a link for a book to Amazon.com to allow you to access it easily there to consider whether you want to purchase it.  Once you click the link, you have left our website and moved to the other one.   We cannot be responsible for the privacy practices of any website other than our own.  So we encourage you to be aware of all the websites you visit (by clicking on links) to learn their policies with respect to personally identifiable information they might gather.   Our own privacy statement applies solely to information collected by our website.

Notification of Privacy Policy Changes

We want you to stay updated about what we do with your personal information.  Therefore, if we ever make changes to our privacy policy, we will notify you on the blog itself and post them in this privacy statement and any other place we deem appropriate so that you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

This notice is for people who are located in the European Economic Area (“EEA”) and supplements our general Privacy Statement.  Our processing of personal data of people who are in the EEA is governed by the General Data Protection Regulation (the “GDPR”), which applies from May 25, 2018. The GDPR requires us to provide certain information to you about your personal data, which we refer to in this notice as your personal information.

Data Controller

The data controller for this website is the foundation, The Bart Ehrman Foundation, Inc (“Ehrman Blog” for short).  For our contact information, please access our contact page.

Purposes of the Processing

Personal information gathered through cookies is used for the purposes described in our Cookies Notice.  Other than that, the only personal information we collect is whatever you provided voluntarily when you request to receive additional information or register for a service or event. The personal information you enter through our subscriptions page is used only to provide them with communications in specialty areas they select.   If as a visitor you register via our website for one of our events (including webinars and events hosted at our offices), we use the personal information you provide solely for purposes of contacting you about the event, and to let you know about future events (if you indicate you would like to have that additional information).   All the information you provide as a visitor is used solely to respond to and process your requests.

Lawful basis for the processing

Generally, we process personal information provided by visitors through our website on the basis of consent.

The only exception: we may also process personal information on other bases as legally required by the GDPR and applicable laws.

Categories of personal information

We process the following information when provided voluntarily by our website visitors: name, business title, name of employer, e-mail address (business e-mail address preferred), postal address and/or country, and telephone number (again, business number preferred).  We also process automatically-gathered information as described in our Cookies Notice.

Recipients of your personal information

We use various service providers to manage our website and provide services such as event registration or managing e-mail communications.  Our service providers change from time to time.  Note that our service providers have entered into contracts with us that restrict what they can do with your personal information. If you would like specific information about our service providers who have received your information, please contact us at support(at)ehrmanblog.org and we will provide that information to you.

Information regarding the transfers of personal data outside of the European Economic Area (EEA)

The Ehrman Blog main administrative offices are based in the USA and that’s where we process personal information collected through our website.  When you provide personal information to us, we request your consent to transfer that personal information to the USA.  The USA does not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of the USA provide adequate protection for personal information.  Although the laws of the USA do not provide legal protection that is equivalent to EU data protection laws, we safeguard your personal information by treating it in accordance with this GDPR Privacy Notice.  We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our website.  We also enter into contracts with our data processors that require them to treat personal information in a manner that is consistent with this Notice.

Retention period for personal information

How long we retain personal information varies according to the type of information in question and the purpose for which it is used.  We delete personal information within a reasonable period after we no longer need to use it for the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose).  This does not affect your right to request that we delete your personal data before the end of its retention period.  We may archive personal data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.

Your rights to access, correct, restrict or delete your personal data and object to processing

You have the right to request access to your personal data, to have your personal data corrected, restricted or deleted, and to object to our processing of your personal data.  You also have the right of data portability, which means that you can request that we provide you (or a third party you designate) with a transferable copy of personal information that you have provided to us.  Your rights may be subject to various limitations under the GDPR.  If you wish to exercise any of these rights, or if you have any concerns about our processing of your personal data, please contact us in any of the ways listed in the section “How to Contact Us” in our general Privacy Notice.

The right to lodge a complaint with a supervisory authority

You have the right to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority. The EU Commission has a list here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Absence of statutory or contractual requirement or other obligation to provide any personal data

Users of our website are under no statutory or contractual requirement or other obligation to provide personal information to us via our website.