Last updated: 24/05/18
If you have any questions or concerns about our use of your personal information, then please contact Andrew Rossiter using the contact details listed at the end of this notice.
2. When do we collect personal information?
We collect your personal information in a number of instances, including when you:
· Order a book with us in our bookshops;
· Order a book with us via e-mail;
· Buy a ticket from us for an Author event;
· Join our Forthcoming Author events monthly mailing;
· Contact us by any means with questions about a product or to raise a complaint;
· Join either of our Book Groups or Poetry Group;
· Ask one of our colleagues to email you information about a product or service;
3. What personal information do we collect and why?
The personal information that we collect about you broadly falls into the following categories:
When you order a book in store or via an e-mail to our stores or purchase a ticket for one of our Author events over the counter or via the Ticketsource website we use or sign up to our Mailchimp monthly e-mails informing you of our forthcoming author events you will be asked for some essential information including your title, first name, surname, postal address (only if you have asked us to post a book out to you), email address, and telephone or mobile number. These are collected to help us:
· Process your orders including sending order confirmation and delivery information via email, or process payments due to us (e.g. payment for book & postage costs of a book ordered for you and then sending you courier tracking links);
· Contact you about your order;
· Send you monthly Forthcoming Author e-mails via Mailchimp and to manage your marketing preferences if you elect to receive these e-mails from us;
· Speed up your book ordering processes if you’ve ordered books or tickets from us before;
· Update or notify you about the progress of a book order or author event.
4. Who do we share your personal information with?
We don’t disclose your personal information to any 3rd parties.
If you have any questions about the third parties we share your personal information with, please contact Andy Rossiter using the contact details below.
5. Legal basis for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only:
(a).where we need the personal information to perform a contract with you, such as the ordering of a book for you or selling you a ticket for an event,
(b).where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or
(c) where we have your consent to do so, such as asking if you would like to be contacted by us by e-mail to be kept informed of our forthcoming author events.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests, we will make clear to you at the relevant time what those legitimate interests are.
6. How do we keep your personal information secure
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we use include:
· Password protecting all information. When you place an order for books or buy tickets for events your information will be stored by us securely. This protects your confidential data details from unauthorised use;
· Keeping your information up-to-date and accurate. Please note that, to do this, we require you to tell us if any of your details such as your name or address change; and
· Having in place strict security procedures for the storage and disclosure of your information to prevent unauthorised access.
7. Data retention
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible, (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. For more information about the specific periods for which we retain your data, please contact us using the contact details provided below
8. Your data protection rights
You have the following data protection rights:
· If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided below.
· In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting using the contact details provided below
· You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the Mailchimp marketing e-mails we send you.
· Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
· You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, see the section headed “contacting the regulator” below.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
9. Contacting the regulator
If you feel that your personal information has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal information, you have the right to raise a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns (opens in a new window; please note we cannot be responsible for the content of external websites).
11. How to contact us
If you have any questions or concerns about our use of your personal information, please contact our Data Protection Controller, Andrew Rossiter, at the following address email@example.com or at:
The Corn Exchange,
7 Hight Street,