GDPR & Privacy Policy
Posted 12:24, 28 June 2018
Who We Are
‘We’ in this policy refers to Review Bookshop. We trade as booksellers, For the purposes of the Data Protection Act 1998 and the General Data Protection Regulation we are the ‘Data Controller’.
How We Collect Your Information
We may collect information from you in the following ways:
- When you order and purchase goods or services from us in our shops, over the phone or online
- When you sign-up to receive email newsletters
- When you ask us to keep your details on our customer databases
- When you send us emails or letters and when you contact us by telephone
The Kinds of Information We Collect and Use
The information we collect and use may include your name, address, email address, IP address, telephone number and credit card details.
The Lawful Basis for Using Your Information
In general we only rely on consent as a lawful basis for using your information in relation to sending you email newsletters. You can withdraw your consent at any time.
On the whole we rely on the fact that using your information or that of 3rd parties is necessary to perform a contract for the sale of goods or services, or where it is necessary for the pursuit of our legitimate interests, including: increasing sales, encouraging customer growth and loyalty, understanding preferences and needs, providing customers with a high level of accurate service and improving that service, handling customer enquiries and complaints and preventing and detecting crime.
Who We Share Your Information With
We never sell your information or allow it to be used by 3rd parties for marketing. We may share your information with selected third parties for some of the purposes explained in the section explaining how we use the information we collect, including:
- Mailchimp, an email service providers that help us send you newsletters
- Bertrams Books and Gardners Books who are our books suppliers and provide us with IT services such as our stock management system.
- Payment service providers who help us process transactions
- Law enforcement or other regulatory bodies when required to
Where we do share your information, we do so under arrangements that fulfil the legal requirement to keep it safe and secure.
Where Your Information is Held and Used
Most of the processing of personal information we carry out is within the UK and the European Economic Area. (EEA) Where it is processed by a third party outside of the EEA we make sure that your information is protected to the same level that it would be within it.
How Long We Keep Your Information For
In general we keep your information only as long as is necessary to provide you with the goods or services you have requested. After that we do not retain personal information, except where required to comply with legal or contractual obligations - for instance to comply with the policies of some credit card companies.
How Long We Protect Your Information
We protect your information by ensuring that access to it in any form is strictly monitored and limited, by keeping effective data protection software in place wherever information is stored digitally, and by monitoring and protecting our website with appropriate security measures. We only select trusted 3rd parties to process your information on our behalf.
We do not use your information for profiling or automated decision making.