Data Protection and Privacy:
This data protection statement provides information about how we collect and use personal data.
1. The name and contact details of the controller responsible for processing:
This statement applies to data processing by the data controller (referred to as ‘we ‘us’ or ‘our’ in this statement):
A Pocketful of Books
This data protection applies only to the actions of A Pocketful of Books and users with respect to this website. It does not extend to any third party websites that can be accessed from this website including, but not limited to, any links that may be provided to social media websites.
2. Collection and storage of personal data, and the nature and purpose of its use:
‘Personal data’ is any information that is able to identify an individual. ‘Personal data’ does not include anonymised data.
When you use our website or subscribe to or purchase our products, we may collect and/or process personal data in one or more of the following ways:
· Automatically collected technical data, for example this might include IP address, browser type and version, date, time and location of request, content of request (specific page), operating system and platform, volume of data transferred, access status/HTTP status code.
· Contact and identity data, for example this might include first name, last name, billing address, delivery address, email address and telephone number(s).
· Financial and transaction data, for example this might include bank account or payment card details, and details of payments and purchases made on our website.
· Data about your preferences, for example purchases or orders, purchase preferences, entry form and survey responses, communication preferences.
The legal basis for data processing is point (f) of the first sentence of Article 6(1) GDPR. Our legitimate interest arises from the purposes for data collection outlined above. Under no circumstances will we use the data collected for the purposes of drawing conclusions about you. Under no circumstances will we use the data collected for the purposes of drawing conclusions about you.
3. How we collect data
We may collect date through direct interactions such as forms completed on our site or by communicating with us by email or otherwise, for example when:
· our products or services are ordered;
· our service is subscribed to;
· a competition, prize draw or survey is entered or completed on our site;
· a book review is submitted.
We may collect data through automated technologies, for example when you use our site, technical data might be collected by using cookies, server logs and similar technologies. Please see below for further details.
We may collect data via third parties such as:
· Technical data from parties including those that are based outside the EU (e.g. analytics providers, advertising platforms or search information providers such as Google).
· Contact, financial and transaction data from providers of technical, payment and delivery services that are based outside the EU.
4. How we use the data collected
We will only use personal data when legally permitted to do so. Common uses of data include: the performance of a contract between us, instances where it is necessary for the legitimate interests of ourselves or a third party, and to comply with a legal or regulatory obligation. Instances in which we may use data collected and the legal ground(s) on which such data will be processed include:
For the registration of a new customer, to process and deliver orders, manage payments and fees and/or collect/recover money owed, for the management of customer relationships, to enable participation in competitions/surveys, to manage and protect our business and our website, to use data analytics to improve our website and customer experience.
The legal ground(s) on which such data will be processed are: (i) the performance of a contract, and/or (ii) as necessary for our legitimate interests to recover debts, and/or (iii) as necessary to comply with a legal obligation, and/or (iv) as necessary for our legitimate interests to understand customer needs, and/or (v) as necessary for our legitimate interests to update our website, and to expand our business, and/or (vi) necessary for our legitimate interests for running our IT services, and for business/network security.
5. Marketing / Communications
When registering for our newsletter:
If you have explicitly consented for us to do so in accordance with point (a) of the first sentence of Article 6(1) GDPR, we will use your email address to regularly send you our newsletter. Providing us with an email address is sufficient for receiving the newsletter.
We will not share your personal data with any third party for their marketing purposes. You can unsubscribe at any time, for example by using the link provided at the end of each newsletter. Alternatively, you are also welcome to ask us to cease sending you newsletters at any time by emailing us at firstname.lastname@example.org. After withdrawing your consent for sending the newsletter, your email address will be deleted. If you opt out of receiving marketing communications from us, this will not apply to data provided to us as a result of a product purchase.
When using our contact forms
For submission of book reviews and occasionally for other purposes, you can contact us through a forms provided on our website. If you use this option, please provide a valid email address so that we can reply if required. Other information is provided on a voluntary basis.
Data provided for the purpose of contacting us is processed in accordance with point (a) of the first sentence of Article 6(1) GDPR on the basis of your voluntary consent. The personal data we collect for use of the contact form is erased after completion of the enquiry.
6. Disclosures of data
We shall only disclose your personal data to third parties, if:
· You have given your explicit consent for us to do so in accordance with point (a) of the first sentence of Article 6(1) GDPR
· Disclosure is required for the establishment, exercise or defence of legal claims in accordance with point (f) of the first sentence of Article 6(1) GDPR, and there are no grounds to assume that you have an overriding compelling interest in the non-disclosure of your data
· A legal obligation to disclose the data exists in accordance with point (c) of the first sentence of Article 6(1) GDPR, or
· It is lawful, and required for performance of the contract we have concluded with you, in accordance with point (b) of the first sentence of Article 6(1) GDPR
Your personal data shall not be transferred to third parties for purposes other than those mentioned above. We require all third parties to whom we transfer personal data to treat it in accordance with the law. Some of our third parties’ service providers are based outside the European Economic Area (EEA) and their processing of personal data will involve a transfer of data outside the EEA. If we transfer personal data out of the EEA, we ensure that data is transferred only to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or we will use only contracts, codes of conduct or certification mechanisms approved by the European Commission; or that we transfer data only to those providers that are part of the EU-US Privacy Shield.
7. Data security
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or full loss, destruction or unauthorised access by third parties.
8. Data retention
We will only retain data for as long as is necessary to fulfil the purposes for which it was collected, including for legal reporting requirements. Under certain circumstances you have the right to ask us to delete your data: see below for further information.
9. Your legal rights
You have the right:
· pursuant to Article 15 GDPR to request information about your personal data that we process. You may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been/will be disclosed, the planned duration of storage, the existence of a right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the origin of your data if we have not collected it, and about the existence of automated decision-making including profiling, and where applicable, meaningful information about the details thereof;
· pursuant to Article 16 GDPR, to immediately request the rectification of inaccurate or incomplete personal data relating to you stored by us;
· pursuant to Article 17 GDPR, to request the erasure of personal data relating to you stored by us, unless processing is required for the exercising of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of the public interest, or for the establishment, exercise, or defence of legal claims;
· pursuant to Article 18 GDPR, to request the restriction of processing of your personal data in the event that you dispute the accuracy of the data; processing is unlawful but you decline its erasure and we no longer need the data but you require it for the establishment, exercise, or defence of legal claims; or you have submitted an objection to processing pursuant to Article 21 GDPR;
· pursuant to Article 20 GDPR, to receive the personal data relating to you that you have provided to us in a structured, established, and machine-readable format, or to request the transfer of the same to another controller;
· pursuant to Article 7(3) GDPR, to at any time revoke any consent you have provided to us. This will result in us no longer being permitted to continue the data processing that this consent relates to in the future, and
· pursuant to Article 77 GDPR, to lodge a complaint to a supervisory authority. Generally, you can contact the supervisory authority for your usual place of residence or place of work, or our registered headquarters for this purpose.
Your right to object:
If your personal data is processed based on legitimate interests pursuant to point (f) of the first sentence of Article 6(1) GDPR, you have the right to submit an objection to the processing of your personal data pursuant to Article 21 GDPR, provided that there are reasons to do so arising from your particular situation, or if the objection relates to direct advertising. In the latter case, you have a general right to object which we will implement without requiring a particular situation to be stated. If you would like to exercise your right to revoke consent or to object, it is sufficient to send an email to email@example.com to do so.
The data processed by cookies is necessary for the purposes mentioned with due regard of our legitimate interest pursuant to the first sentence of point (f) of Article 6(1) GDPR.
Most browsers automatically accept cookies. If you wish you may configure your browser so that no cookies are stored on your computer, or to always ask before a new cookie is created. Disabling all cookies may however mean that you are unable to use all the functions of our website.
11. Validity and amendment of this data protection statement