Coming soon
BookBok. Bookseller to the world.
Sign up to get updates of our launch
Privacy and Data Handling Policy
Effective Date: 19th September 2024
1. Introduction
Bookbok Limited ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy and Data Handling Policy outlines how we collect, use, store, and protect your personal information. It also informs you of your rights concerning this data, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Governance
We have a documented data governance policy that guides the collection, use, storage, and disposal of all PII. This policy is regularly reviewed and updated to ensure compliance with applicable privacy and security laws. We also maintain a data processing register where we record the specific data fields collected, their purpose, storage methods, and conditions for sharing or deletion.
3. Data Controller
For the purpose of the UK GDPR, the Data Controller is Bookbok Limited, registered in England with company number 12033141 and registered office at 124 City Road, London, England, EC1V 2NX.
4. What Data We Collect
We may collect the following types of personal data:
• Personal Identification Information: Name, address, email address, phone number, and date of birth.
• Financial Information: Bank details, credit/debit card numbers, and payment history.
• Technical Data: IP addresses, browser type, time zone settings, and device information.
• Transaction Data: Information about payments and purchases made by you.
• Marketing and Communications Data: Preferences for receiving marketing from us and your communication preferences.
5. How We Collect Your Data
We collect personal information through the following methods:
• Directly from you when you provide it (e.g., when you complete forms, make purchases, or communicate with us).
• Automatically through your interactions with our website, using cookies or similar technologies.
• From third parties, such as service providers (e.g., third-party fulfilment services) and business partners.
6. How We Use Your Data
We use your personal data for the following purposes:
• To fulfil contracts and provide our products and services to you.
• To process payments, refunds, and handle transactions.
• To manage your account and respond to inquiries.
• To provide customer support.
• To send you promotional materials or marketing updates (if you’ve opted in).
• To comply with legal obligations such as tax regulations.
• To improve our products, services, and website functionality via data analysis.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Customer payment information is retained for 6 years to comply with tax regulations. Once this period expires, we will securely delete or anonymize your data.
8. Data Security
We take the security of your personal data seriously and have implemented technical measures such as encryption for sensitive data, access control to ensure only authorized personnel can access personal data, regular security audits, and employee training on data protection.
9. Sharing Your Data
We may share your personal data with third parties under the following circumstances:
• Service Providers: We work with trusted third-party service providers to assist in delivering products and services.
• Legal and Regulatory Authorities: If required by law or to comply with legal obligations.
• Marketing Partners: With your consent, we may share data with partners for marketing or other promotional purposes.
10. International Data Transfers
If we transfer your personal data outside the UK or European Economic Area (EEA), we will ensure that it is adequately protected through standard contractual clauses or other approved safeguards.
11. Data Subject Access Requests
We have a documented process to handle requests related to data subject rights, including access, rectification, deletion, and restriction of processing. All such requests are processed within one month as required by GDPR.
12. Employee Confidentiality
All employees with access to PII sign confidentiality agreements and undergo regular privacy and data security training to ensure compliance with data protection regulations.
You're all set
Watch this space!