Privacy policy

IMPACT BOOKS – PRIVACY POLICY

Impact Books Ltd, a company registered in England and Wales with company number 14459770 (we, us or our), understands that protecting your personal data is important. This Privacy Policy sets out our commitment to protecting the privacy of personal data provided to us, or otherwise collected by us when supplying books to you and providing our website and book ordering and fulfilment services (Services) or when otherwise interacting with you.

It is important that you read this Privacy Policy together with any other detailed privacy notices we may provide when we are collecting or processing personal data about you so that you understand our privacy practices in relation to your data.

The information we collect

Personal data: is information that relates to an identified or identifiable individual.

We may collect, use, store and disclose different kinds of personal data about you which we have listed below:

  • Identity Data including first name and last name.
  • Contact Data including billing address, delivery address, email address and telephone numbers.
  • Financial Data including bank account and payment card details (through our third party payment processor, Discover.
  • Transaction Data including details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you.
  • Technical and Usage Data including internet protocol (IP) address, your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, information about your access and use of our website, including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.
  • Interaction Data including information you provide to us when you participate in any interactive features of our Services, including surveys.
  • Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience.
  • Special Categories of Personal Data is a special category of personal data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not actively request special categories of data about you, nor do we collect any information about criminal convictions and offences. If at any time we need to collect special categories of data about you, we will only collect it and use it as required or authorised by law.

How we collect personal data

We collect personal data in a variety of ways, including:

  • Directly: We collect personal data which you directly provide to us, including when you enter into a contract for services with us, when you order a book from our website, through the ‘contact us’ form on our website or when you request our assistance via email, or over the telephone.
  • Indirectly: We may collect personal data which you indirectly provide to us while interacting with us, such as when you use our website, in emails, over the telephone and in your online enquiries.
  • From third parties: We collect personal data from third parties, such as details of your use of our website from our analytics and cookie providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.
  • From publicly available sources: We collect personal data from publicly available resources such as Companies House and professional networking sites such as LinkedIn.

Purposes and legal bases for processing

We collect and process personal data about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

    Purpose of use / disclosure Type of Data  Legal Basis for processing
    To provide our book ordering and fulfilment services to you.
    • Identity Data
    • Contact Data
    		 Performance of a contract with you
    To dispatch and deliver books that you order from us to you.
    • Identity Data
    • Contact Data
    		 Performance of a contract with you
    To contact and communicate with you about our Services including in response to any support requests you lodge with us or other enquiries you make with us.
    • Identity Data
    • Contact Data
    • Profile Data
    		 Performance of a contract with you
    To contact and communicate with you about any enquiries you make with us via our website.
    • Identity Data
    • Contact Data
    		 Legitimate interests: to ensure we provide the best client experience we can offer by answering all of your questions.
    To allow our partner network to determine which of their members have used our Services via their discount code, to help them support us with the provision of our Services, and to allow them to identify the illegitimate use of our Services using their discount code.
    • Identity Data
    • Transaction Data

    Consent
    For internal record keeping, administrative, invoicing and billing purposes.
    • Identity Data
    • Contact Data
    • Financial Data
    • Transaction Data
    		 • Performance of a contract with you
    • To comply with a legal obligation
    • Legitimate interests: to recover debts due to us and ensure we can notify you about changes to our Terms of Service and any other administrative points.
    For analytics, market research and business development, including to operate and improve our Services, associated applications and associated social media platforms.
    • Profile Data
    • Technical and usage Data
    		 Legitimate interests: to keep our website updated and relevant, to develop our business, improve our Services and to inform our marketing strategy
    For advertising and marketing, including to send you promotional information that we consider may be of interest to you.
    • Identity Data
    • Contact Data
    • Technical and usage Data
    • Profile Data
    • Marketing and communications Data
    		 Legitimate interests: to develop our Services and grow our business
    If you have applied to work with us; to consider your application.
    • Identity Data
    • Contact Data
    • Professional Data
    		 Legitimate interests: to consider your employment application
    To comply with our legal obligations or if otherwise required or authorised by law.

    To comply with a legal obligation

     

    If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services. Further information about your rights is available below.

    Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

    • Your consent;
    • The performance of the contract between you and the Site;
    • Compliance with our legal obligations;
    • To protect your vital interests;
    • To perform a task carried out in the public interest;
    • For our legitimate interests, which do not override your fundamental rights and freedoms.

    Our disclosures of personal data to third parties

    We may disclose personal data to:

    • Our employees, contractors and/or related entities;
    • IT service providers, data storage, web-hosting and server providers such as Shopify, Airtable, Google, Make, Zapier, Asana, Notion, Zinc API, Gorgias, Delighted, Loom, Pleo, Osome, Slack;
    • Our referral partner network;
    • Our fulfilment service providers such as Huboo Technologies, Blackwell's, Amazon, Zinc API, Supergofer, Oworkers, Givington's;
    • Marketing or advertising providers such as Google Analytics;
    • Professional advisors, bankers, auditors, our insurers and insurance brokers;
    • Payment systems operators such as Discover;
    • Our existing or potential agents or business partners;
    • Anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
    • Courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
    • Courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
    • Third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time), Facebook Pixel or other relevant analytics businesses; and
    • Any other third parties as required or permitted by law, such as where we receive a subpoena.

    Google Analytics: We have enabled Google Analytics Advertising Features including Remarketing Features, Advertising Reporting Features, Demographics and Interest Reports, Store Visits, Google Display Network Impression reporting etc. We and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.

    You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.

    Overseas transfers

    Where we disclose personal data to the third parties listed above, these third parties may store, transfer or access personal data outside of the United Kingdom. The level of data protection in countries outside of the United Kingdom may be less comprehensive than what is offered in the United Kingdom. Where we transfer your personal data outside of the United Kingdom, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal data in accordance with this Privacy Policy. This includes:

    • Only transferring your personal data to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal data; or
    • Including standard contractual clauses in our agreements with third parties that are overseas.

    Data retention

    We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

    Your rights and controlling your personal data

    Your choice: Please read this Privacy Policy carefully. If you provide personal data to us, you understand we will collect, hold, use and disclose your personal data in accordance with this Privacy Policy. You do not have to provide personal data to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services.

    Information from third parties: If we receive personal data about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal data about somebody else, you represent and warrant that you have such person’s consent to provide the personal data to us.

    Access, correction, processing and portability: You may request details of the personal data that we hold about you and how we process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal data rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal data to a third party and, in some circumstances, to have personal data relating to you transferred to you or another organisation.

    Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

    Withdraw consent: Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

    Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

     

    GDPR: If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above.

    Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

    CCPA: If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information provided.

    If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address provided.

    Storage and security

    We are committed to ensuring that the personal data we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal data and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

    While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

    Cookies

    We may use cookies on our website from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

    We use the following cookies:

    • Strictly necessary cookies. These are cookies that are required for the operation of our online Services. They include, for example, cookies that enable you to log into secure areas of our online Services, use a shopping cart or make use of online payment services
    • Analytical/performance cookies. These are cookies that allow us to recognise and count the number of visitors to our online Services and to see how visitors move around our online Services when they are using them. This helps us to improve the way our online Services work, for example, by ensuring that users find what they are looking for easily.
    • Functionality cookies. These are used to recognise you when you return to our online Services. These cookies enable us to personalise our content for you and remember your preferences (for example, your choice of language or region).
    • Targeting and advertising cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. [We may also share this information with third parties for this purpose.]
    • Social media cookies. These cookies are used when you share information using a social media sharing button or “like” button on our websites or you link your account or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.

    You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

    Cookie Category Purpose
    Currency Functionality This cookie stores the currency used for the online Services (GBP)
    Language Functionality  This cookie stores the language used for the online Services (English)
    PHPSESSIONID Analytical/ performance This cookie contains a unique ID to support functions (for example, last viewed pages) to improve user experience
    newsbcsub Functionality This cookie is stored once the user has completed or closed the Register Pop Up, preventing it from re-appearing until after 7 days
    TLSCookiesEU Strictly necessary This cookie tracks when a user has accepted that the online Services use cookies preventing the popup from being displayed again during that session
    _ga / _gid / _gat Analytical/ performance These cookies are used by our Google Analytics account to track customer traffic through the website to help us understand how our website is being used by our users

     

    We use the following necessary cookies:

    Name Function Duration
    _ab Used in connection with access to admin. 2y
    _secure_session_id Used in connection with navigation through a storefront. 24h
    _shopify_country Used in connection with checkout. session
    _shopify_m Used for managing customer privacy settings. 1y
    _shopify_tm Used for managing customer privacy settings. 30min
    _shopify_tw Used for managing customer privacy settings. 2w
    _storefront_u Used to facilitate updating customer account information. 1min
    _tracking_consent Tracking preferences. 1y
    c Used in connection with checkout. 1y
    cart Used in connection with shopping cart. 2w
    cart_currency Used in connection with shopping cart. 2w
    cart_sig Used in connection with checkout. 2w
    cart_ts Used in connection with checkout. 2w
    cart_ver Used in connection with shopping cart. 2w
    checkout Used in connection with checkout. 4w
    checkout_token Used in connection with checkout. 1y
    dynamic_checkout_shown_on_cart Used in connection with checkout. 30min
    hide_shopify_pay_for_checkout Used in connection with checkout. session
    keep_alive Used in connection with buyer localization. 2w
    master_device_id Used in connection with merchant login. 2y
    previous_step Used in connection with checkout. 1y
    remember_me Used in connection with checkout. 1y
    secure_customer_sig Used in connection with customer login. 20y
    shopify_pay Used in connection with checkout. 1y
    shopify_pay_redirect Used in connection with checkout. 30 minutes, 3w or 1y depending on value
    storefront_digest Used in connection with customer login. 2y
    tracked_start_checkout Used in connection with checkout. 1y
    checkout_one_experiment Used in connection with checkout. session


    Reporting and Analytics:

    Name Function Duration
    _landing_page Track landing pages. 2w
    _orig_referrer Track landing pages. 2w
    _s Shopify analytics. 30min
    _shopify_d Shopify analytics. session
    _shopify_s Shopify analytics. 30min
    _shopify_sa_p Shopify analytics relating to marketing & referrals. 30min
    _shopify_sa_t Shopify analytics relating to marketing & referrals. 30min
    _shopify_y Shopify analytics. 1y
    _y Shopify analytics. 1y
    _shopify_evids Shopify analytics. session
    _shopify_ga Shopify and Google Analytics. session

     

    The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

    You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

    Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.

    Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

    Links to other websites

    Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal data which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

    Do Not Track

    Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

    Amendments

    We may change this Privacy Policy from time to time. We will notify you if we make a significant change to this Privacy Policy, by contacting you through the contact details you have provided to us and by publishing an updated version on our website. For any questions or notices, please contact us at:

    Impact Books Ltd, a company registered in England and Wales with company number 14459770

    Email: support@impactbooks.co


    Last update: 24 February 2023

    © LegalVision Law UK Ltd