The Policy is effective from May 15th 2018, and incorporates the requirements of the European General Data Protection Regulation, (GDPR). We may need to make changes from time to time, and any updates will be recorded here.
- Who we are
- How we collect your information
- The kinds of information we collect and use
- How we use the information we collect
- The lawful basis for using your information
- Who we share your information with
- Where your information is held and used
- How long we keep your information
- How we protect your information
- Your rights in relation to the infomation we hold
- How to make a complaint
Who We Are
‘We’ in this policy refers to Travel Buff Ltd. We trade as booksellers and publishers under the following names – Daunt Books, The Owl Bookshop, Hart’s Books and The Marlow Bookshop.
Our registered office is at 83 Marylebone High Street London W1U 4QW. For the purposes of the Data Protection Act 1998 and the General Data Protection Regulation we are the ‘Data Controller’.
How We Collect Your Information
We may collect information from you in the following ways:
- When you order and purchase goods or services from us in our shops, over the phone or online
- When you sign-up to receive email newsletters
- When you sign-up to our loyalty scheme or ask us to keep your details on our customer databases
- When you send us emails or letters and when you contact us by telephone
The Kinds of Information We Collect and Use
The information we collect and use may include your name, address, email address, IP address, telephone number and credit card details. When you order a subscription, we may collect from you the details of third parties in order to deliver the requested service. Subscriptions for children may include their names and addresses.
How We Use the Information We Collect
We use your personal information when we process your orders, take payment and provide you with goods and services that you purchase from us. If you ask us to send goods to someone else, we may collect and use their information to complete your order.
When you sign-up to receive our email newsletters, we collect your personal information in order accurately to provide you with the information you have requested. We also collect information that helps to guide us in providing you with this service – for instance how often you open our emails.
When you sign-up to our loyalty schemes, we use your information to identify you when you shop with us and to record the amount of your purchases accurately in order to provide you with the scheme’s rewards. When you ask your details to be added to our customer files, we hold and use those details to improve our service to you.
When a customer buys a subscription for themselves, we collect and use their information in order to provide the service. When a customer buys a subscription for someone else, we collect and use that 3rd party’s personal information to provide the service to them
When you email us, telephone, or contact us in person, we will only hold and use your details where they are necessary to reply to your request, complaint or enquiry.
The Lawful Basis for Using Your Information
In general we only rely on consent as a lawful basis for using your information in relation to sending you email newsletters. You can withdraw your consent at any time – Please see the section on Your Rights.
On the whole we rely on the fact that using your information or that of 3rd parties is necessary to perform a contract for the sale of goods or services, or where it is necessary for the pursuit of our legitimate interests, including: increasing sales, encouraging customer growth and loyalty, understanding customers’ behaviour, preferences and needs, providing customers with a high level of accurate service and improving that service, providing an expected service in relation to subscriptions, handling customer enquiries and complaints and preventing and detecting crime.
Who We Share Your Information With
We never sell your information or allow it to be used by 3rd parties for marketing. We may share your information with selected third parties for some of the purposes explained in the section explaining how we use the information we collect, including:
- Cloud Providers that help us store your information
- Internet service providers who help us keep in contact with you
- Email service providers that help us send you newsletters
- Companies who provide us with IT services
- Payment service providers who help us process transactions
- Law enforcement or other regulatory bodies when required to
Where we do share your information, we do so under arrangements that fulfil the legal requirement to keep it safe and secure.
Where Your Information is Held and Used
Most of the processing of personal information we carry out is within the UK and the European Economic Area. (EEA) Where it is processed by a third party outside of the EEA we make sure that your information is protected to the same level that it would be within it.
How Long We Keep Your Information For
In general we keep your information only as long as is necessary to provide you with the goods or services you have requested. After that we do not retain personal information, except where required to comply with legal or contractual obligations – for instance to comply with the policies of some credit card companies.
How Long We Protect Your Information
We protect your information by ensuring that access to it in any form is strictly monitored and limited, by keeping effective data protection software in place wherever information is stored digitally, and by monitoring and protecting our website with appropriate security measures. We only select trusted 3rd parties to process your information on our behalf.
You have the rights explained below in relation to the ways that we use your information, and you can exercise them by contacting the Data Protection Manager by telephone (020 7224 2295), in writing at 83 Marylebone High Street, London W1U 4QW, or by emailing firstname.lastname@example.org
You can ask us to provide a copy of any personal information we hold about you. This is known as a Subject Access Request, and once we have verified your identity, we will respond within 30 days. This is provided free of charge, but repeat requests for the same information may incur a processing fee, as will manifestly unfounded excessive or repetitive requests. The charge will reflect the cost of fulfilling the request.
You can request that we correct any personal information if it is inaccurate or out of date.
You can request that your personal information is permanently removed from our databases and systems where it is no longer necessary for us to hold on to it.
You can withdraw permission you have previously given to us to use your information where we are relying on that permission as a lawful basis for using it.
You have the right to ask that we provide you with your personal information in a form that can be easily used if you choose to move it to another organization, and where possible, to send it to them directly. (This applies only where we are using consent or the need to perform a contract as a lawful basis for using your information.)
Where there is a dispute in relation to the accuracy of the information we hold or the way we are using it, you have the right to ask that we stop using your information any further.
Where we are relying on our legitimate interest as a lawful basis for using your information, you have the right to object to us using it.
We do not use your information for profiling or automated decision making.
Beyond these statutory rights, if you are not happy about our use of personal information, you can complain to us using the contact details above, and we will do our best to put things right. If you remain unhappy, or wish to complain to the regulatory authorities, you can contact the Information Commissioners Office (ICO) by telephone on 0303 123 1113, via their website at https://ico.org.uk/concerns/ or in writing to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.