Privacy Policy

Griffin Books - Privacy Notice

Introduction

Griffin Books of 9A Windsor Road, Penarth is a data controller and data processor for the purposes of the General Data Protection Regulation (“GDPR”). We recognise that the privacy and security of your personal data is of the upmost importance. This notice explains how and why Griffin Books collects, processes and retains your personal data.

The six privacy principles introduced by the GDPR require personal data to be:

  • processed lawfully, fairly and in a transparent manner
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary
  • accurate and up to date
  • retained only for as long as necessary
  • processed in an appropriate manner to maintain security.

This privacy notice sets out:-

·         what we mean by your personal data and how we collect it

·         our lawful basis for processing your personal data

·         where needed, how we obtain your consent and how you can withdraw it

·         how we use your personal data

·         how we ensure the security of your personal data

·         how long we keep your personal data

·         your rights in regard to your personal data

·         third parties with whom we may share your personal data

·         links we provide to other websites

·         how we notify a personal data breach

·         how you can contact the Information Commissioner’s Office 

·         how we make amendments to this privacy notice

This privacy notice applies to you if you buy or use our products or services in our shop, over the phone, by text or online or if you are interacting with us on social media or attending any of our events.

What we mean by your personal data and how we collect it

Personal data is any information relating to a living individual who can then be identified by this information or by combining it with other accessible information. Personal data that we collect includes

  • your name, address, telephone number, email or social media address or your payment details
  • books that you have ordered through us or our services that you have used
  • events for which you have booked tickets

We collect this personal data face to face, by email, phone, text, post, social media, through our website and through third party online booking websites.

 

Our lawful basis for processing your personal data

·         the lawful basis for processing the personal data you give to us in relation to an order or for booking an event is necessary for the performance of our contract with you

·         the lawful basis for retaining the personal data you give to us in relation to an order or for booking an event is legitimate interest. We keep your personal data for a limited time to make processing any future orders you may place with us or events you may book through us as efficient as possible and not for any other purpose

·         the lawful basis for processing the personal data you give to us to enable us to add you to our mailing list is consent

How we obtain your consent and how you can withdraw it

We ask for your consent to be added to our mailing list to receive our newsletters, details about events and other related information. You can withdraw your consent to this at any time by contacting us and we will remove your personal data from our mailing list. We may still however need to send you service-related messages in respect of any orders you have already placed with us until any contract with you has been completed. 

How we use your personal data

The following are examples of how we use your personal data:-

  • to process your orders or requests
  • to process services we provide, such as book subscriptions
  • to respond to any queries you have
  • to process a payment from you or give you a refund
  • to notify you about events organised by or promoted by us
  • to book tickets for you for events organised or promoted by us
  • to conduct market research solely relating to us
  • for data analysis so that we can improve our service to you

How we ensure the security of your personal data

We collect and process your personal data securely and take all reasonable steps to protect it. We have put in place appropriate security measures including:-

  • access to your personal data held on our computers and phone is password protected
  • we do not retain credit or debit card numbers
  • we carry out regular anti-virus and software security scans to keep our computers up to date
  • our privacy notice is regularly reviewed
  • personal data which is no longer needed is securely deleted

How long we keep your personal data

We will only keep your personal data for as long as we need it (1) for the purpose for which it was collected, (2) for as long as is legally required, and (3) for a short period after the date your last order was fulfilled or event you attended took place, to make processing any future orders you may place with us or events you may book through us as efficient as possible.  We will not retain it for any other purpose. We will review the personal data we hold on an annual basis and securely delete personal data which is no longer required.

Your rights in regard to your personal data

You have the right to access your own personal data and can request this access verbally or in writing. We will provide you with the information, verbally, in writing or electronically, free of charge within one month of receipt of your request. You can also ask us to rectify any mistakes in the personal data we hold about you. In certain circumstances set out in the GDPR, you can ask for your personal data to be restricted or removed or you can object to its processing.

Third parties with whom we may share your personal data

We will not sell or share your personal data with any third parties for the purpose of their marketing.

Where you have given us personal data in order to place an order, we will not share it with any person or organisation other than with Gardners, who provide the software we use to enable us to order goods and notify customers electronically.

Gardners have their own privacy policy that describes how they use personal data. We understand that Gardners are fully compliant with the GDPR and their privacy notice can be found on their website.

Where you have given us an email address to subscribe to our mailing list, we will not share it with any other person or organisation other than with Mailchimp, which is the organisation we use to send out our newsletters. 

Mailchimp have their own privacy policy that describes how they use personal data obtained from anyone signing up to our mailing list. We understand that Mailchimp are fully compliant with the GDPR and their privacy notice can be found on their website.

Where you have given us an email address to book an event, we will not share it with any person or organisation other than with TicketSource, which is the organisation we use to administer the booking.

TicketSource have their own privacy policy that describes how they use personal data obtained from anyone booking an event. We understand that Ticketsource are fully compliant with the GDPR and their privacy notice can be found on their website.

We may share information about fraudulent or potentially fraudulent activity on our premises or in our systems. This may include sharing personal data with law enforcement bodies.

Links to other websites 

We may provide you with links to other websites. This is purely for your convenience. We do not accept any liability in connection with the use of any other website and are not responsible for the privacy notices and practices of any other site. We recommend that you review the privacy notice on each website in order to understand how your personal data might be processed.

How we notify a personal data breach

We have a duty to report certain types of personal data breach to the Information Commissioner’s Office without undue delay. If the breach is likely to result in a high risk to the rights and freedoms of an individual, we will notify that individual immediately.

How you can contact the Information Commissioner’s Office 

If you are unhappy with the way we have handled your personal data or have not had a satisfactory response to your requests, you have the right to contact the Information Commissioner’s Office.  www.ico.org.uk/concerns

If you live outside the UK, you have the right to contact the relevant data protection regulator in your country of residence.

Amendments we may make to this privacy notice

We may update this privacy notice from time to time to ensure it remains up to date. A copy of the current version will be available upon request.

This document was last reviewed and updated on 27 September 2019.

 

Opening times: 9am - 5:30pm Mon to Sat

9A Windsor Road, Penarth, CF64 1JB

Telephone: 029 2070 6455
Email: info@griffinbooks.co.uk

© Copyright Griffin books 2019. Design by Concept Studio Cardiff