1. Scope
The Independent Review of Books (IRB) undertakes to protect the privacy of its customers and users accessing this website, whose home page is located at https://www.independentreviewofbooks.com (the “Website”). The contents of the Website are owned, operated, licensed or controlled by The Independent Review of Books or by any of its subsidiaries. From May 25, 2018, as a company based in the EU, and with clients from the EU, it is our responsibility to give you a choice about the data we hold about you as a client. This is called The General Data Protection Regulation (GDPR). The ultimate aim of the regulation is to give individuals more rights over their data and restrict how companies process private information. We comply with this regulation’s Small Business guidelines. We have chosen to adhere to the GDPR for all countries, as good practice. Users can browse and use the Website without having to provide any detailed personal data. The only personal data that The Independent Review of Books will have access to is:
- IP address of user who browses the website, for firewall security purpose, collected by a cookie.
- Information that users provide voluntarily through the forms provided, or by contacting The Independent Review of Books by e-mail, or purchasing, or negotiating to purchase a product on the Website.
2. Cookies
The Website uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymized tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. This document sets out our policy on enforcement and use of personal data collected through our Website. The use of the Website implies acceptance by the user of the provisions of this Privacy Policy and that personal data are processed as stated herein. Please note that although there may be links on our Website to other websites, this Privacy Policy applies only to the Website, and not to websites of other companies or organizations to which the Website is redirected. The Independent Review of Books does not control or endorse the content of third party websites nor accept any liability for the content or the privacy policies of such websites. We serve a small popup window at the bottom of every screen for EU users only to accept the use of cookies on the first page browsed. This is controlled by the collection of Geo-IP information.
3. Data Controller
According to current regulations, the user is informed that the personal data collected through this Website will become part of a file owned by The Independent Review of Books, a company based in the UK, unless otherwise indicated on the Website.
- The Website uses PayPal to process payments. You can read their privacy policy here.
- The Website uses Mailchimp to store email addresses and process newsletters sent by electronic mail. We implement the use of an Unsubscribe link on each email we send, which will delete your email and name from the Mailchimp list. You can read the Mailchimp privacy policy here.
4. Purposes
Personal data collected on this Website will be used to:
- respond to the requests and information demands of the user, to send you information relating to your IRB order.
- communicate by electronic means, any news relating to its products and services if you ticked the checkbox on our website to receive the newsletter.
- provide The Independent Review of Books with marketing information, such as location, time of purchase, and preference of product to improve our services and products.
This data is never shared with third parties for any reason, and is stored only as long as it is relevant to our business. The Website:
- only collects information that we need for a specific purpose, i.e. to deliver your item as purchased, or to improve service.
- keeps it secure on our professionally-managed cloud server at Bluehost, Mailchimp, and PayPal.
- ensures it is relevant and up to date.
- only holds as much as we need, and only for as long as we need it.
- allows you to see it on request. – just email here.
5. Transfers to third parties
The Website uses Mailchimp to process mailouts. You can read their privacy policy here. The Website uses PayPal to process product payments and does not store or collect credit card/debit card numbers at The Independent Review of Books. You can read PayPal’s privacy policy here. The Website collects and stores copies of manuscripts and ebooks from clients uploaded to our secure Dropbox folder, which we keep until your purchase is completed, and then delete in bulk on a regular basis. You can read their Privacy Policy here.
5.1 Plugins
The Website uses industry-standard code, known as plug-ins, created by highly trusted third-party developers to facilitate the collection of email addresses and order details, often via cookies (see section 2). These plug-ins are updated regularly for the security of use. These are as follows:
- Mailjet – to collect emails for our newsletter from our website – Read their Privacy Policy here
- WooCommerce – to list products on our site – Read their Privacy Policy here
- Abandoned Cart for WooCommerce – to help you make a purchase easily – Read their Privacy Policy here
- Amazon Link Engine – to serve localized Amazon links to users – Read their Privacy Policy here
- Contact Form 7 – to collect your name, email, and book title for orders and queries – Read their Privacy Policy here
- Wordfence – the best protection for both The Website and Customer Data against hackers, spam, and breaches of security – Read their Privacy Policy here
- Google Analytics – used to enhance the performance of our website, and protect against injected content by hackers – Read their Privacy Policy here
We will never share your personal data with third parties unless (i) it is consistent with the terms and conditions of the privacy policy, (ii) the user consents to the transfer case, or (iii) it is required to meet legal obligations among which include, without limitation, providing data to the courts, the police or other national or international security bodies.
6. Security Measures
The Website informs you that it has adopted the technical and organizational measures necessary to maintain the level of security required in the personal data processed and also has the necessary mechanisms in place to prevent, to the extent possible, any unauthorized access, theft, illicit modification, and loss of data. In any case, The Website will only retain user data during the time period necessary to fulfil the intended purposes. Unless applicable law states otherwise, personal data will be erased, blocked or will be rendered anonymous when they are no longer needed for the purposes for which they were collected.
7. Confidentiality
In compliance with current regulations, The Website undertakes to fulfil its obligation of secrecy regarding personal data that the user provides while browsing through The Website, and it is its duty to keep them confidential. What do we keep?
- Your name, address including country, and purchase details, namely item bought, date of purchase, and any sales taxes paid.
- Your email address so that we can contact you about your order, and so that you can be found in records for any inquiries at a later date, such as requesting an invoice for your own tax purposes, or wanting to repeat an order. We use your email as an identifier to find you on our system.
- Your IP address (sometimes called GEO-IP) for security against hacking, and for processing purchases.
How long do we keep your data? We keep data on our secure cloud server at Bluehost for tax reporting purposes, and as a list in our PayPal account, as we must keep a client list for six years by law, in case we are audited by the UK government tax inspector, HMRC.
We will actively review the information we hold, and when there is no longer a customer, legal, or business need for us to hold it, we will either delete it securely or in some cases anonymize it. Who has access?
- Data is accessed on a strict need to know basis at the managerial level only.
- We do not sell your details or share them with any other entity whatsoever.
8. Third-party data
In the event that the user provides personal data of third parties, he/she guarantees to have obtained their prior consent and inform them beforehand of the conditions and purposes for which The Independent Review of Books may use their personal data. If required by The Independent Review of Books, the user must prove that consent has been obtained.
9. Minors
The services and information available on the Website are intended for people over 16 years of age.
10. Data quality
Data provided by the user must be accurate and truthful. In any case, the user has the obligation to notify The Independent Review of Books of any changes to their data in order to keep them up to date at all times.
11. Data subjects rights
At any time users may exercise the rights of access, rectification, cancellation, and opposition to the processing of their personal data under the terms established by the current legislation, through the contact form here, or by using the unsubscribe link on each mailout sent via Mailchimp. We do not send electronic mail marketing to an email address unless one of the two clauses is true:
- You have specifically consented to receive emails from us, that is, our newsletter (subscribed to the list)
- You have requested a specific newsletter directly by email, and we send you a link to the content via an email to your address (not subscribed to the list)
12. Data Security
- We protect your personal data against unauthorized access, unlawful use, accidental loss, corruption or destruction by encryption and password protection as well as database security provided by our host servers.
- In the extremely unlikely scenario in which a personal data breach events, this would be reported to the Information Commissioner’s Office within 72 hours, and all clients within 24 hours.
13. Update of the Privacy Policy
The Website may modify and update this Privacy Policy at any time without prior notice. Please always check that you are aware of our Privacy Policy in order to remain informed at all times of the information collected through the Website, how we use this information and the circumstances in which it may be disclosed to third parties. You can email us to see your data or withdraw consent for marketing at any time by emailing us. Our appointed GDPR director is Cate Baum.
Last update: July 2021.