The Witcherley Book Company (the “Company”) respects the privacy of its online visitors and customers of its products and services (including, but not limited to WitcherleyBooks.com) and complies with applicable laws for the protection of your privacy, including, without limitation, the European Union General Data Protection Regulation (“GDPR“) and the Swiss and EU Privacy Shield Frameworks.
Wherever we talk about Personal Data below (“Personal Data“), we mean any information that can either itself identify you as an individual (“Personally Identifying Information“) or that can be connected to you indirectly by linking it to Personally Identifying Information, for example:
(i) your account registration information on our website and in our App;
(ii) when you request any support from us or report any problem to us;
(iii) information provided from using certain services or features;
(iv) information from completion of survey or questionnaire;
(v) technical information, including the Internet protocol (IP) address used
(vi) and your log-in information, browser, time zone setting, browser plug-in types and versions, operating system and platform;
(vii) details of any transactions, purchases and payments you made;
(viii) your general interaction with the website, including the full Uniform Resource Locators (URLs), clickstream to, through and from our site, products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information;
(ix) information received from third parties, such as business partners, sub-contractors, payment and delivery services, referral by other users.
2. Why the Company Collects and Processes Data
The Company collects and processes Personal Data for the following reasons:
(a) performing our agreement with you to provide content and services, including providing, improving and developing our services;
(b) researching, designing and launching new features or products;
(c) providing you with alerts, updates, materials or information about our services or other types of information that you requested or signed up to;
(d) collecting overdue amounts;
(e) responding or taking part in legal proceedings, including seeking professional advice, or for the purposes of the legitimate and legal interests of the Company or a third party (e.g. the interests of our other customers);
(f) compliance with legal obligations that we are subject to;
(g) communicating with you and responding to your questions or requests;
(h) direct marketing – we require your consent specifically for this purpose and you may opt out any time;
(i) purposes directly related or incidental to the above; or
(j) where you have given consent to it.
These reasons for collecting and processing Personal Data determine and limit what Personal Data we collect and how we use it (section 3. below), how long we store it (section 4. below), who has access to it (section 5. below) and what rights and other control mechanisms are available to you as a user (section 6. below).
3. What Data We Collect and Process
3.1 Basic Account Data
When setting up an Account, the Company will collect your email address and country of residence. You are also required to choose a user name and a password. The provision of this information is necessary to register a User Account. You are responsible for keeping this password confidential. We ask you not to share a password with anyone.
3.2 Transaction and Payment Data
In order to make a transaction online, you may need to provide payment data to the Company to enable the transaction. If you pay by credit card, you need to provide typical credit card information (name, address, credit card number, expiration date and security code) to the Company, which the Company will process and transmit to the payment service provider of your choice to enable the transaction and perform anti-fraud checks. Likewise, the Company will receive data from your payment service provider for the same reasons.
3.4 Your Use of the Websites
We collect a variety of information through your general interaction with the websites, Content and Services offered by us. Personal Data we collect may include, but is not limited to, browser and device information, data collected through automated electronic interactions and application usage data. Likewise, we will track your process across your websites and applications to verify that you are not a bot and to optimize our services.
3.5 Your Use of Services and other Subscriptions
In order to provide you with services, we need to collect, store and use various information about your activity in our Content and Services. “Content-Related Information” includes your ID, as well as information about your preferences, progress, time spent, as well as information about the device you are using, including what operating system you are using, device settings, unique device identifiers, and crash data.
3.6 Tracking Data and Cookies
3.7 Third Party Services
On behalf of the website operator, Third Party Service will use this information for the purpose of evaluating the website / location / credentials for its users, in order to compile reports on website activity, and to provide other services relating to website activity and internet usage for website operators.
3.8 Content Recommendations
We may process information collected under this section 3 so that content, products and services shown on the pages and in update messages displayed when launching the service can be tailored to meet your needs and populated with relevant recommendations and offers. This is done to improve your customer experience.
Subject to your separate consent or where explicitly permitted under applicable laws on email marketing, the Company may send you marketing messages about products and services offered by the Company to your email address. In such a case we may also use your collected information to customise such marketing messages as well as collect information on whether you opened such messages and which links in their text you followed.
You can opt out or withdraw your consent to receive marketing emails at any time by either withdrawing the consent on the same page where you previously provided it or clicking the “unsubscribe” link provided in every marketing email. Notwithstanding any opt out of promotional or marketing emails by you, we reserve the right to contact you regarding account status, changes to the user agreement and other matters relevant to the underlying service and/or the information collected.
3.9 Information Required to Detect Violations
We collect certain data that is required for our detection, investigation and prevention of fraud, cheating and other violations of the applicable laws (“Violations“). This data is used only for the purposes of detection, investigation, prevention and, where applicable, acting on of such Violations and stored only for the minimum amount of time needed for this purpose. If the data indicates that a Violation has occurred, we will further store the data for the establishment, exercise or defense of legal claims during the applicable statute of limitations or until a legal case related to it has been resolved. Please note that the specific data stored for this purpose may not be disclosed to you if the disclosure will compromise the mechanism through which we detect, investigate and prevent such Violations.
4. How We Store Data
4.1 Period of Storage
We will store your information as long as necessary to fulfil the purposes for which the information is collected and processed or — where the applicable law provides for longer storage and retention period — for the storage and retention period required by law. In particular, if you terminate your User Account, your Personal Data will be marked for deletion except to the degree legal requirements or other prevailing legitimate purposes dictate a longer storage. All your data and credits will be lost after deletion.
4.2 Deletion of Data
In cases where Personal Data cannot be completely deleted in order to ensure the consistency of the system, the user experience or the community, your information will be permanently anonymized. Please note that the Company is required to retain certain transactional data under statutory commercial and tax law for a period of up to ten (10) years.
If you withdraw your consent on which a processing of your Personal Data, we will delete your Personal Data without undue delay to the extent that the collection and processing of the Personal Data was based on the withdrawn consent.
If you exercise a right to object to the processing of your Personal Data, we will review your objection and delete your Personal Data that we processed for the purpose to which you objected without undue delay, unless another legal basis for processing and retaining this data exists or unless applicable law requires us to retain the data.
4.3 Location of Storage
5. Who Has Access to Data
5.1 The Company and its subsidiaries may share your Personal Data with each other and use it to the degree necessary to achieve the purposes listed in section 2 above. This includes our overseas offices, affiliates, business partners and counterparts (on a need-to-know basis only). In the event of a reorganization, sale or merger we may transfer Personal Data to the relevant or proposed transferees of our operations (or a substantial part thereof) in any part of the world.
5.3 We may also share your information with our personnel, agents, advisers, auditors, contractors, financial institutions, and service providers in connection with our operations or services (for example staff engaged in the fulfilment of your order, the processing of your payment and the provision of support services); persons under a duty of confidentiality to us; or persons to whom we are required to make disclosure under applicable laws and regulations in any part of the world.
5.4 In accordance with internet standards, we may also share certain information (including your IP address and the identification of content you wish to access) with our third party network providers that provide content delivery network services and server services in connection with us. Our content delivery network providers enable the delivery of digital content you have requested, by using a system of distributed servers that deliver the content to you, based on your geographic location.
5.6 The Company may release Personal Data to comply with court orders or laws and regulations that require us to disclose such information.
6. Your Rights and Control Mechanisms
You have the right to:
(a) check whether we hold personal data about you;
(b) access any personal data we hold about you;
(c) require us to correct any inaccuracy or error in any personal data we hold about you;
(d) request for the deletion of your personal data through the deletion of user account.
The data protection laws of the European Economic Area and other territories grant their citizens certain rights in relation to their Personal Data. While other jurisdictions may provide fewer statutory rights to their citizens, we make the tools designed to exercise such rights available to our customers worldwide.
As a resident of the European Economic Area you have the following rights in relation to your Personal Data:
6.1 Right of Access
You have the right to access your Personal Data that we hold about you, i.e. the right to require free of charge (i) information whether your Personal Data is retained, (ii) access to and/or (iii) duplicates of the Personal Data retained. You can use the right to access to your Personal Data through the Privacy Dashboard. If the request affects the rights and freedoms of others or is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the request.
6.2 Right to Rectification
If we process your Personal Data, we shall endeavor to ensure by implementing suitable measures that your Personal Data is accurate and up-to-date for the purposes for which it was collected. If your Personal Data is inaccurate or incomplete, you can change the information you provided via the Privacy Dashboard.
6.3. Right to Erasure
You have the right to obtain deletion by us of Personal Data concerning you by deleting your User Account via the support page.
As a result of deleting your User Account, you will lose access to services, including the User Account, Subscriptions and service-related information linked to the User Account and the possibility to access other services you are using the User Account for.
We allow you to restore your User Account during a grace period of 30 (thirty) days from the moment you request deletion of your User Account. This functionality allows you not to lose your account by mistake, because of your loss of your account credentials or due to hacking. During the suspension period, we will be able to finalize financial and other activities that you may have initiated before sending the User Account deletion request. After the grace period, Personal Data associated with your account will be deleted subject to section 4. above.
In some cases, deletion of your User Account, and therefore Personal Data deletion, is complicated. In some cases, considering the complexity and number of the requests, the period for Personal Data erasure may be extended, but for no longer than two further months.
6.4 Right to Object
You also have the right to lodge a complaint at a supervisory authority.
The minimum age to create a User Account is 18. the Company will not knowingly collect Personal Data from children under this age. Insofar as certain countries apply a higher age of consent for the collection of Personal Data, the Company requires parental consent before a User Account can be created and Personal Data associated with it collected. The Company encourages parents to instruct their children to never give out personal information when online.
8. Contact Info
You can contact the Company’s data protection officer at the address below.
While we review any request sent by mail, please be aware that to combat fraud, harassment and identity theft, the only way to access, rectify or delete your data is through logging in with your User Account at firstname.lastname@example.org.
PO Box 92
England and Wales
England and Wales
Attention: Privacy Officer
9. Revision Date