Privacy Notice – Paul Meekins Books

Who we are

We are a small retail business, based in the UK. Our main business is selling new, out of print and secondhand books and other items (e.g. costume patterns and ephemera). We also buy books from individuals. Our business details

 

What information we collect about you, and lawful basis for holding that data

There are three reasons we hold your personal information;

Contract

We collect your name, contact details (address, telephone number(s), email address) and payment details. This is done as part of the contract between you and Paul Meekins Books when you buy something from us or sell something to us. This can be done online, over the telephone, by post or by email.

Lawful obligation

Once you have bought something from us, or sold something to us, then we are obliged by law to keep business records for a fixed period.

Consent

If you ask us a question, ask us to notify you when specific books are available, or tell us that you are looking for a particular title, then we will treat this as consent to contact you about the item you asked us about. We do not operate a mailing list at present and so you will not receive any unwanted mass email or letters. If we do introduce a mailing list, then you can choose to opt in and we may email you or write to you once about this to seek your consent.

If you have created an account on our website, but have not bought anything from us, then you have consented to have that information stored by us (but we will not use that information unless you choose to buy from us). You can choose to opt in to our mailing list, and we may email you once about this to seek your consent when we set up the list.

 

Who can see your information

·       Employees of Paul Meekins Books will have access to your personal details so we can fulfil your order or request, and so we can deal with any queries or disputes. When you pay over the phone by card, then employees of Paul Meekins Books will have access to your payment details in order to process that payment. We are compliant with PCIDSS rules and your information will be kept securely.

·       Where you pay online by card, then the card processor (Braintree Card Processing) will see and process your credit card details. Braintree Card Processing is compliant with the PCIDSS rules for processing payment information.

·       Postal and Courier Services will have access to as much information as they need to deliver your order. This may include a contact telephone number.

·       Our website is hosted by Chrislands who are based in the USA. They will have access to your personal information if they need to resolve any technical faults. They do not have access to your payment information. The transfer of personal data outside the EU is permitted under GDPR where it is necessary for the performance of a contract between the individual (you) and the organisation (Paul Meekins Books).

·       We do not share your information with any other third parties.

The web site has security measures in place to protect the loss, misuse and alteration of the information under our control. We use 128-bit SSL encryption to protect your financial information.

You have the option to change and modify information previously provided by logging in through our home page and then accessing account administration.

 

How long we will hold your information

Once you have bought something from us, or sold something to us, then we are obliged by law to keep business records for a fixed period. Currently we keep these records for seven tax years from the date of the transaction, in line with guidance from HMRC.

If we have your details for any other reason, then we will keep that information for five years, unless you ask us to delete it.

 

Your rights

These include;

·       Access to your personal information 

·       Correction of your personal information if we get things wrong

·       Withdrawal of consent (although this will not apply to records kept under our legal obligation)

·       The right to be forgotten

·       Data portability

If you want to find out what information we hold, or exercise any of the above rights under GDPR, please contact us by emailing [email protected] or use the main contact details on our website

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, please contact us if you have any concerns about your data and we will work with you to resolve any issues

If you have any questions about this privacy statement, the practices of this site, or your dealings with this Web site, you can contact the above address