Privacy statement of DavidBradwell.com
Our aim is to help you enjoy discover and enjoy good books, and to keep in touch regarding new releases by the author David Bradwell.
As such we make the following promises:
• to respect your privacy at all times
• to make privacy and security a fundamental part of our business
• we will only send marketing information (for example, about new products and special offers) if you have opted in to our mailing list
• we will provide an easy unsubscribe link on every email in case you change your mind
• we will never sell your personal data
• we are committed to keeping your personal data safe and secure, and will only work with trusted partners who share these values
• we will not use your personal data in any unexpected ways
• we respect your rights and will always try to accommodate any request you have in line with the legal and operational responsibilities of running a business
• we will never send you unsolicited correspondence by post
Who we are
DavidBradwell.com is owned by David Bradwell, and registered in the UK.
The correspondence address is: 23 Woodside Industrial Park, Letchworth Garden City, Hertfordshire, SG6 1LA , United Kingdom.
Data collection and purpose
We collect the personal data that you may volunteer while using our services. This can include:
• your name
• your email address (for order process updates and marketing communications if you have opted into the mailing list)
• your billing and/or delivery address (for the purpose of fulfilling an order that you have placed directly on this web site)
• your IP address (to help prevent fraud, make sure our systems are secure, and to protect against fake accounts)
• your order history with us (for future reference in case of queries, refunds, returns, exchanges and the like. We keep permanent records of orders that have been placed, but this can be deleted on request.)
• details concerned with your subscription to our email mailing list (such as the IP number you used at the time of subscribing. This is used to verify that requests are genuine and that we do not send emails to people who have not opted in and do not want to receive them.)
We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations. We do not keep credit card numbers (in fact we never see them). We do not see your password. All passwords are kept encrypted. We do not knowingly collect personal data from children. You do not need to provide specific consent during the ordering process in order for us to fulfil your order.
Our lawful basis for using personal data
Whenever we use your personal data we must have a legal basis for doing so. For example, this could be where you have asked us to provide a service (such as delivering an order, informing you of special offers and new products) or where we have a legitimate interest to do so, as defined by the General Data Protection Regulation. A legitimate interest is where we use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing. For example, we may send an email to notify that you that an order has been despatched, or we may need to take action to protect your account, prevent fraud, maintain security, and comply with legal requirements (eg keeping accountancy records in line with the demands of HMRC).
We have implemented security policies, rules and technical measures to protect the personal data that we have under our control from:
• unauthorised access
• improper use or disclosure
• unauthorised modification
• unlawful destruction or accidental loss
All of our employees and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of our visitors’ personal data.
We work with several trusted third parties but we only supply information as necessary for them to provide the services you request, or as are needed on your behalf. Third parties are subject to strict data processing terms and conditions and are forbidden from using, sharing or retaining personal data for any other purpose. We work with the following companies:
SiteGround – our web hosting company
MailChimp – our email mailing list host
Privy – our list subscriber form design service
BookFunnel – our distribution service for ebooks
Microsoft – our email provider for day-to-day company emails
Stripe – our primary payment processing company
PayPal – our secondary payment processing company
We only work with companies that have strict policies and processes for data security, and do not grant permission to any third party to communicate with you unless this is specifically required in order for us to provide a service. For example, if you are a PayPal customer, you can contact PayPal to discuss activity on your PayPal account connected with an order placed with us, but PayPal do not have permission to send marketing emails to our customers.
Access to the personal data we may hold about you
You have a right to be informed about the collection and use of your personal data and we will provide you with information regarding our purposes for processing it, our retention periods, and who it will be shared with, unless this requires disproportionate effort. The information we provide will be concise, transparent, intelligible, easily accessible, and in clear and plain language. We do not charge a fee for this.
You have a right to access any personal data we hold about you. This is referred to as a subject access request. You can make such a request verbally or in writing. We do not charge a fee for providing this information, and will respond within one month.
You have a right to have inaccurate personal data rectified or completed. This can be requested either verbally or in writing, and we will respond within one month.
You have a right to have any personal data we hold about you permanently erased. This is also known as “the right to be forgotten”. This can be requested either verbally or in writing, and we will respond within one month.
You have the right to request the restriction or suppression of your personal data. When processing is restricted, we are permitted to store personal data, but not use it. This can be requested either verbally or in writing, and we will respond within one month.
You have a right to obtain and reuse your personal data for your own use across different services. This enables you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. This can be requested either verbally or in writing, and we will respond within one month.
You have the right to object to the processing of your personal data in certain circumstances, and an absolute right to stop your data being used for direct marketing purposes. This can be requested either verbally or in writing, and we will respond within one month. We will only send marketing emails if you have opted in to receive them, and every marketing email we send will contain an unsubscribe link in case you have changed your mind.
In the unlikely event of a personal data breach, we will report the breach to the relevant supervisory authority within 72 hours of becoming aware of the breach. If required, we will also inform the individuals concerned without delay. We will keep a record of any personal data breaches, regardless of whether there is a legal requirement to notify.
David Bradwell, data controller
Address: 23 Woodside Industrial Park, Letchworth, Hertfordshire, SG61LA, UK
Email address : firstname.lastname@example.org