The Rutland Bookshop Privacy Policy (GDPR compliant)
Written 06/2018
1) Introduction:
We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. We are a traditional bookshop that is branching out into the online world. The integrity of our bookshop is of high value to us: we run it with the same values that we did in 1979 as we do today.
We will never share your data with a third party.
2) Who are we?
We are The Rutland Bookshop. We buy and sell second hand and antiquarian books.
Our address is:
13, High Street West,
Uppingham,
Rutland,
LE15 9QB
3) Companies and websites within scope:
We use ’Stripe’ as our method of online payment and we are confident in the security package Stripe gives us.
4) Collection of Personal Data:
- a) We need physical addresses in order to be able to post your product to you. This data will not be shared with a third party and you will have an option to have it deleted.
- b) We will keep any electronic information (e.g. email addresses / phone numbers) for a period of 12 months. This will be kept securely. Should we believe that any form of security breach has occurred we will let anyone who has data held by us know immediately.
- c) You will have an opt in option regarding receiving newsletters / other information pertaining specifically to The Rutland Bookshop.
5) Why do we collect the personal data?
- a) We want to create an online book shopping experience; in order to achieve this we need an online payment method that is secure and fast.
- b) In order to post your books we do need the recipient’s address.
- c) Online payments: We use Stripe, a company based in the States and Ireland. They are GDPR compliant and Stripe undergoes a PCI Level 1 Service Provider evaluation each year, which is the highest level of security certification in the payments industry. They use a PCI Qualified Security Assessor (QSA) who, instead of only testing that they have their own controls in place, actually test the controls to make sure that they meet the PCI standard.
More information about Stripe’s GDPR compliance can be found at:
https://stripe.com/guides/general-data-protection-regulation
- d) We may think you will be interested in receiving information about new stock in the shop and we will let you know via email or telephone.
6) Storage of Personal Data:
Data will be stored electronically (not using cloud) and in hard copy form (when necessary, e.g. taking requests in the shop or at a show). Hard copy data will be in a lockable cupboard / filing cabinet.
7) Security Measures:
- a) Online payments: please see information about Stripe.
- b) We do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.
- c) We use Cookies and we endeavour to keep our website secure at all times.
8) Your rights as a data subject:
- The right to be informed
As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy policy and any related communications we may send you. - The right of access
You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity, we will provide access to the personal data we hold about you as well as the following information: - a) The purposes of the processing
b) The categories of personal data concerned
c) The retention period or envisioned retention period for that personal data
The right to rectification
When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
- The right to erasure (the ‘right to be forgotten’)
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure. - The right to restrict processing
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
- a) The accuracy of the personal data is contested
b) Processing of the personal data is unlawful
c) We no longer need the personal data for processing but the personal data is required for part of a legal process
d) The right to object has been exercised and processing is restricted pending a decision on the status of the processing
- The right to data portability
You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation. - The right to object
You have the right to object to our processing of your data where- Processing is based on legitimate interest;
- Processing is for the purpose of direct marketing;
- Processing is for the purposes of scientific or historic research;
- Processing involves automated decision-making and profiling.
- Contact us
Any comments, questions or suggestions about this privacy policy or our handling of your personal data should be emailed to sales@rutlandbooks.co.com