Effective and last updated: 24th May, 2018
1) The Data Controller
2) The Data Processor
Data processing is carried out by employees of Hartley & Marks Publishers Ltd.
3) Information Collected
We collect the following information from you:
• When you order from us, we will need your name, email address, registered cardholder address and delivery address (if different). This allows us to process and fulfil your orders and to notify you of your order status. We also ask for a telephone number, which enables us to contact you urgently if there is a problem with your order. For some international deliveries this number may be given.
When you subscribe to our newsletter, we will ask you for your email address so we can contact you with any relevant product or special promotions. If you choose to subscribe to our email newsletter, the email address that you submit will be forwarded to Mailchimp who provide us with email marketing services. We consider Mailchimp to be a third-party data processor. The email address that you submit will be stored within this website’s own database but not in any of our internal computer systems.
Your email address will remain within Mailchimp’s database for as long as we continue to use their services for email marketing or until you request removal from the newsletter list. You can do this by unsubscribing using the unsubscribe links contained in any of our email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to firstname.lastname@example.org using the email account that is subscribed to the mailing list.
If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.
Disabling cookies on your internet browser will stop Hartley & Marks Publishers Ltd, or any third parties, from tracking any part of your visit to pages on this website.
Except as stated herein, Paperblanks® will not share your personal information with any unaffiliated third party without your prior consent or unless required to do so by law or legal process.
Any personal information you make available to Paperblanks® is done voluntarily, with your knowledge and consent when ordering products or registering for services from Paperblanks®. We will request from you information that is mandatory (required by us to fulfil your order and meet our legal obligations) and non-mandatory (which you can give to us if you choose); if you choose not to provide the mandatory information requested then Paperblanks® may not be able to respond to your request or activate your option choices.
4) How We Use Your Information
The Site uses your personal information only for the original purposes it was given.
We will use this information:
• for marketing research purposes relating to Paperblanks® business and satisfaction surveys;
• to customise, analyse and improve our products, services, technologies, communications and relationship with you;
• to prevent fraud and other prohibited or illegal activities;
• to protect the security or integrity of our Website, our business or our products or services.
Your personal information will not be sold or otherwise transferred to unaffiliated third parties without your approval at the time of collection, unless required by law.
Further, the Site reserves the right to contact you regarding matters relevant to the underlying service provided and/or the information collected.
The Site may disclose contact information in special cases where we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury or interference with our rights, property, customers or anyone who could be harmed by such activities.
5) Method of Processing – Retention
Processing is done using automated and manual methods, with procedures and tools aimed at guaranteeing maximum security and confidentiality, by parties specially appointed in compliance with art. 31 and foll. Leg. Dec. 196/03. The data will be stored for a period that shall not exceed the purposes for which the data has been collected and subsequently processed and based on applicable privacy regulations.
6) How We Store Your Personal Information
This website is hosted by Microsoft Azure within a data centre located in Dublin, Ireland. All Microsoft Azure Cloud services comply with the General Data Protection Regulation (GDPR). A full list of the key changes under GDPR operated by the hosting company can be found here.
7) Our third-party data processors
To manage some of our e-commerce activities, Hartley & Marks Publishers is able to use cloud platforms provided by third parties as sub-processors. In this regard, we inform you that some personal data acquired on the basis of this disclosure will be stored on servers located in the United States of America (Mailchimp and Aftership). The United States of America does not benefit from an EU Commission’s adequacy decision in accordance with Art. 25 of the EC Directive no. 46/95, therefore the transfer will take place on the basis of contractual clauses such as those approved by the Commission or by virtue of other suitable mechanisms for data transfer required by applicable regulations.
We permit certain trusted third parties to track usage and analyse data such as the source address that a page request is coming from, the date and time of the page request, the referring Website (if any) and other parameters in the URL. This is collected in order to better understand our Webshop usage and enhance the performance of services to maintain and operate the Site and certain features on the Site. Orders data are also transmitted securely to our third-party logistic partner in order to prepare our orders. Our third-party data processors are:
8) How We Protect Your Information/Security
We are committed to protecting the information we receive from you. We take appropriate security measures to protect your information against unauthorised access to or unauthorised alteration, disclosure or destruction of data. To prevent unauthorised access, maintain data accuracy and ensure the correct use of information, we maintain appropriate physical, electronic and managerial procedures to safeguard and secure the information and data stored on our system. While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved. Our website is designed to comply with the EU General Data Protection Regulation (2018 -GDPR). However, these measures, standing alone, may not be sufficient to guarantee the security of your Personal Information. It is your responsibility to safeguard your passwords and to guard against unauthorised access to your computer. In the absence of negligence on our part, we shall not be held liable for any loss you may suffer if a third party procures unauthorised access to any Personal Information you provide to us via the Website or when ordering from Paperblanks® through Customer Service.
Paperblanks® welcomes your questions and comments about privacy. Please send your enquiries to email@example.com
9) Users Rights
Users are entitled to obtain confirmation of the existence of their data at any time and to be informed of their content and source, the processing purposes and methods, and – in the event of processing with electronic tools – the applied processing logic, checking the accuracy of their data or requesting corrections and updates. If you request disclosure, correction, deletion or that Paperblanks® stop using your Personal Information, Paperblanks® will deal with such requests in accordance with the General Data Protection Regulation (GDPR). Please send your enquiries to firstname.lastname@example.org.
The deletion of your Personal Information or a request for Paperblanks® to stop using it will result in the cancellation of your registration. There is no fee for this request.
10) Disclaimer to Security
We will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
11) Notification of Changes
12) Contact Information
13) iPad is a trademark of Apple Inc., registered in the U.S. and other countries.