What information do we collect?
We collect information from you when you register on our site, place an order, subscribe to our newsletter, respond to a survey or fill out a form. When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number or credit card information. You may, however, visit our site anonymously.
What do we use your information for?
Any of the information we collect from you may be used in one of the following ways
- To process transactions
- Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
- To send periodic emails
- The email address you provide for order processing will only be used to send you information and updates pertaining to your order.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.
We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (name, address, e-mail, etc.) may be kept on file for more than 60 days in order to process future transactions. We do not store credit card numbers on our servers.
- The identity and the contact details of the data controller
For services and websites used by residents of the European Economic Area, Theodore's Bookshop is the data controller responsible for your personal data. For more information please contact us at firstname.lastname@example.org.
- The contact details of the data protection officer or EU representative
- The legal basis for the processing
We will have a lawful basis for processing your data when:
- We need to process your information in order to provide you with the products or service you have requested or to enter into a contract;
- We have a legitimate interest for processing your data – e.g., for fraud prevention; network and information systems security; data analytics; enhancing, modifying, or improving our services; identifying usage trends; determining the effectiveness of promotional campaigns; and advertising personalization of the service using data to make it easier and faster for you to place orders;
- You have consented to such processing; and/or
- We are required to do this by law (for example, where it is necessary to retain it in connection with potential litigation).
- Information on the transfer of personal data to a third country or international organization
Theodore's Bookshop is a global business and it, or its service providers, may process, transfer, and store information about our users on servers located in a number of countries outside the European Economic Area (EEA), including in the United States (where data protection laws may be less stringent than in the country where you live). Since we are committed to protecting your information, we take steps to ensure that there are appropriate safeguards in place when we transfer that data.
To ensure that your data is adequately protected, we only transfer your data subject to suitable safeguards being in place. Where applicable, we only transfer your personal data subject to suitable safeguards being in place, such as through Privacy Shield certified organizations. To find out more about how we safeguard your information (including obtaining a copy of such safeguards) in relation to transfers outside the EEA, please contact us at email@example.com.
- The period for which the personal data will be stored or the criteria used to determine that period
Theodore's Bookshop will keep your personal data for as long as we need it for the purpose it is being processed for. For example, we will retain your information for as long as your account is active or as needed to provide you services; and after that, we will keep the personal information for a period which enables us to handle or respond to any complaints, queries or concerns relating to your account. Your information may also be retained so that we can continue to improve your experience with us and to ensure that you receive any loyalty rewards which are due to you. We will periodically review the personal information we hold and delete it securely, or in some cases anonymize it, when there is no longer a legal, business, or consumer need for it to be retained.
- The existence of data subject rights
If you live in the European Economic Area (EEA), you have a number of rights when it comes to your personal data. If you wish to exercise these rights with regards to your personal data that we hold, please contact us at firstname.lastname@example.org. Further information and advice about your rights can be obtained from the data protection regulator in your country. These include:
- The right to be provided with clear, transparent and easily understandable information about how we use your information and your rights (which is why we are providing you with the information in this Policy).
- The right to obtain access to your information (if we are processing it).
- The right to have your information corrected if it is inaccurate or incomplete. You can do this through your account page or by contacting us.
- The right to “block” or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be 'blocked' to make sure the restriction is respected in future.
- The right to request that we delete or remove your data where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions
- The right to request that we transfer or port elements of your data either to you or another service provider.
- The right to object to certain types of processing, including processing for direct marketing (i.e., if you no longer want to be contacted with potential opportunities).
- If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time.
- You also have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
Pursuant to applicable data protection law, we may be entitled to refuse to act on the request. To make these requests with Theodore's Bookshop, please submit your name, address, and email address, in addition to the specifics of your request, to email@example.com.