This Policy contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal data. We may update this Policy from time to time without notice to you, so please check it regularly. Your continued use of our website after any such changes have been made will amount to your acknowledgement of the amended notice.
The provision of your personal data to us is voluntary. However, without providing us with your personal data, you will be unable to purchase items via our online shop, apply for employment with us or make enquiries by email, via our website or telephone.
1. We collect information about you:
(1) When you give it to us DIRECTLY
You provide such information when you search, buy, post, participate in a contest or questionnaire or communicate with customer service. For example, you provide information when you: search for a product; place an order through www.phonicbooks.co.uk; provide information in Your Account (and you might have more than one if you have used more than one e-mail address when shopping with us); communicate with us by phone, e-mail or otherwise; complete a questionnaire or a contest entry form; use our services; participate in Social Media; provide and rate Customer Reviews. As a result of those actions, you might supply us with such information as: your name; address and phone number; people to whom purchases have been dispatched (including addresses and phone numbers); people (with addresses and phone numbers); e-mail addresses of your colleagues, friends and other people; content of reviews and e-mails to us; and financial information.
(2) When you give it to us INDIRECTLY
Your information may be shared with us by, others including users of our services and independent event organisers. Your information will also be provided to us when you follow us or otherwise interact with on or via Twitter, when you like and/or join our page on Facebook or interact with us in other ways on or via Facebook.
(3) When you give permission to OTHER ORGANISATIONS to share it or it is AVAILABLE PUBLICLY
We may combine information you provide to us with information available from external publicly available sources. Depending on your privacy settings for social media services, we may also access information from those accounts or services. We use this information to gain a better understanding of you and to improve our communications.
(4) When you visit our WEBSITE
2. What information do we collect?
We may collect, store and use the following kinds of personal data:
(1) We will typically hold your name and contact details, including physical address, telephone number and e-mail address, and social media identity. However, we may request other information where it is appropriate and relevant, for example:
Details of why you have decided to contact us, details of campaigns you have supported, details of topics/areas of interest to you, responses to surveys you have completed.
(2) Information about your computer and about your visits to and use of our website including your IP address, geographical location, browser type, referral source, length of visit and number of page views;
(3) Information about the services you use, services and products of interest to you or any marketing and/or communication preferences you give; and/or
(4) any other information shared with us as per clause 1.
3. Do we process sensitive personal information?
We do not collect or process any sensitive personal information.
4. How and why will we use your personal data?
Personal data, however provided to us, will be used for the purposes specified in this Policy or in relevant parts of the website.
We may use your personal information to:
(1) Enable you to use and and/or all of the services we offer;
(2) Send you information about our products, campaigns, and any other information, products or services that we provide (this will not be done without your consent);
(3) Provide you with the services, products or information you have requested;
(4) Improve your browsing experience by personalising your interaction with our website;
(5) Handle the administration of any payment you make via credit/debit card, cheque or BACS transfer;
(6) Collect payments from you and send statements and/or receipts to you;
(7) Conduct research into the impact of our campaigns;
(8) Deal with enquiries and complaints made by or about you relating to the website or us in general;
(9) Audit and/or administer our accounts.
We may use your personal information to undertake research to gather further information about you from publicly accessible sources (as per clause 1 above). This helps us to get a better understanding of your background, interests and preferences in order to improve our communications and/or interactions with you, to help ensure they are targeted to be relevant and appropriate, and to provide information and other aspects of our services which we consider may be of interest to you.
We may use some of your personal information to participate in Facebook’s Custom Audience and Lookalike Audience programs, which enable us to display adverts to both existing and prospective supporters when they visit Facebook. We may provide your email address to Facebook so they can determine whether you are a registered account holder with them. Our adverts may then appear when you access Facebook. Some of your data is sent in an encrypted format that is deleted by Facebook (a) if it does not match with a Facebook account or (b) after they confirm you are a registered account holder.
For more detailed information please see https://www.facebook.com/business/help/744354708981227 and Facebook’s data policy.
6. Communications and marketing
Where you have provided us with your physical address, we will contact you by post; and where you have provided appropriate consent, also by telephone and e-mail, with targeted communications to let you know about our products that we consider may be of particular interest.
When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.
We record your request and our reply in order to increase the efficiency of our business.
We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high-quality service.
We may use some of your data to send you targeted and appropriate information and other aspects of our services which we consider may be of interest to you via Mailchimp. You are free to unsubscribe at any time by visiting the ‘unsubscribe and ‘preferences’ footer options at any time.
When you send an email marketing campaign, it bounces from server to server as it crosses the Internet. Along the way, server administrators can read what you send. Email was not built for confidential information. We do not use MailChimp to send confidential information.
6. Job application and employment
If you send us information in connection with a job application, we may keep it for up to three years in case we decide to contact you at a later date.
If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for six years before destroying or deleting it.
When we receive a complaint, we record all the information you have given to us.
We use that information to resolve your complaint.
If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.
We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.
9. Children’s data
We do not knowingly process data of any person under the age of 16. If we come to discover, or have reason to believe, that you are 15 and under and we are holding your personal information, we will delete that information within a reasonable period and withhold our services accordingly.
10. Other disclosures
11. Security of and access to your personal data
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure or of access to your personal information.
Your information is only accessible by appropriately trained staff.
12. Your rights
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time. You also have the following rights:
(1) Right to be informed – you have the right to be told how your personal information will be used. This Policy and other policies and statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
(2) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 30 days to comply.
(3) Right of erasure – as from 25 May 2018, you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you, rather than delete it.
(4) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.
(5) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
(6) Right to data portability – to the extent required by the General Data Protection Regulations (“GDPR”) where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.
To exercise these rights, please send a description of the personal information in question using the contact details in section 16 below. We also have specific pages to unsubscribe from our email list. Where we consider that the information with which you have provided us does not enable us to identify the personal information in question, we reserve the right to ask for (i) personal identification and/or (ii) further information.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult ICO guidance – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
You are further entitled to make a complaint about us or the way we have processed your data to the Information Commissioner’s Office (“ICO”). For further information on how to exercise this right, please see the guidance at https://ico.org.uk/for-the-public/personal-information. The contact details of the ICO can be found here: https://ico.org.uk/global/contact-us/.
13. Lawful processing
We are required to have one or more lawful grounds to process your personal information. Only 4 of these are relevant to us:
Personal information is processed on the basis of a person’s consent
Personal information is processed on the basis of a contractual relationship
Personal information is processed on the basis of legal obligations
Personal information is processed on the basis of legitimate interests
We will ask for your consent to use your information to send you electronic communications such as newsletters and marketing emails, for targeted advertising and profiling.
(2) Contractual relationships
Most of our interactions with subscribers and website users are voluntary and not contractual. However, sometimes it will be necessary to process personal information so that we can enter contractual relationships with people. For example, if you purchase something via our online shop.
(3) Legal obligations
Sometimes we will be obliged to process your personal information due to legal obligations which are binding on us. We will only ever do so when strictly necessary.
(4) Legitimate interests
Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities (as long as its use is fair, balanced and does not unduly impact individuals’ rights).
We will rely on this ground to process your personal data when it is not practical or appropriate to ask for consent.
Internal and external audit for financial or regulatory compliance purposes
Conventional direct marketing and other forms of marketing, publicity or advertisement
Unsolicited commercial or non-commercial messages, including campaigns and newsletters.
Analysis, targeting and segmentation to develop and promote or strategy and improve communication efficiency.
Personalisation used to tailor and enhance your experience of our communications.
Physical security, IT and network security
Maintenance of suppression files
Processing for historical, scientific or statistical purpose
Purely administrative purposes
Responding to enquiries
Delivery of requested products or information
Communications designed to administer existing services and financial transactions
Thank you communications and receipts
Maintaining a supporter database and suppression lists
Financial Management and control
Processing financial transactions and maintaining financial controls
Prevention of fraud, misuse of services, or money laundering
Enforcement of legal claims
Reporting criminal acts and compliance with law enforcement agencies
When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair in other ways.
11. Data may be processed outside the European Union
Our website is hosted in the United Kingdom.
We may also use outsourced services in countries outside the European Union from time to time in other aspects of our business.
Accordingly, data obtained within the UK or any other country could be processed outside the European Union.
We use the following safeguards with respect to data transferred outside the European Union:
(1) the data protection clauses in our contracts with data processors include transfer clauses written by or approved by a supervisory authority in the European Union.
(2) we comply with a code of conduct approved by a supervisory authority in the European Union.
(3) we are certified under an approved certification mechanism as provided for in the GDPR
(4) both our organisation and the processor are public authorities between whom there is either a legally binding agreement or administrative arrangements approved by a supervisory authority in the European Union relating to protection of your information.
12. Data retention
In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.
In the event that you ask us to stop sending you direct marketing/other electronic communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.
13. Policy amendments
14. Third party websites
15. Updating information
You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at email@example.com.
We are not required by law to have a “Data Protection Officer” however, please let us know if you have any queries or concerns whatsoever about the way in which your data is being processed by either emailing firstname.lastname@example.org or by writing to us at the following address:
Phonic Books Ltd
22 Cross Hayes