This policy outlines what data BOOKS Plus Cardiff (“we”, “us”, “our”) collects about you, why we collect it, how we process it, how we store it and your rights in accordance with the new “general data protection regulation” (GDPR) effective from 25th May 2018.
BOOKS Plus Cardiff is the trading arm of the charity, Light on The Mount. We are registered in England and Wales, company number 03590949 and charity number 1074480.
This policy was last updated on 16th January 2021. We will review and update this page when we need to. Any significant changes to this policy will be emailed out.
In this recent version, the section pertaining to who we share your data with has been updated and a temporary new page has been added here outlining it : 3rd Parties
What information do we collect about you?
We collect the following personal data from you:
- Delivery Address
- Email Address
- Phone Number (Optional)
How do we collect your information?
We collect your information in 6 different ways:
- Processing an order on our website with or without a store account.
- Phone Number (Optional)
- Signing up to a Newsletter (Optional)
- Using the contact us form (Optional)
- Using the prayer request form (Optional & always temporary)
- Name of person to be prayed for (optional)
- Using our GDPR data request methods (Temporarily held until dealt with).
- Using the “Donate” form, processed by PayPal
- Address (optional)
Why do we collect your information?
- You have the option of placing an order on our website without creating an account. But by doing so you agree to us using your name, address and contact details to provide you with your order. Like all data, you can contact us to see what data we have of yours. These will just be ‘Order Logs’.
- The only caveats of not opening an account is that you will not be entitled to partaking in blogging, reviewing or commenting.
- The personal details you provide when opening a store account are used to process your orders and for partaking in the public parts of our website (commenting, reviewing or blogging). We can’t process an order if you don’t provide a name and address. Similarly, to protect against spam the public facing website requires that you are logged in. Sometimes your email address will be used to notify of policy updates (to this document) or other important things related to your account with us. Below is more detail on each part of the data you provide:
- Your name and address are printed (or handwritten) onto a label to send the goods out. Your name will also be displayed when you comment, review or blog.
- Your email address is used for sending out receipts, order updates and confirmations.
- Your email address and/ or Telephone number (if you choose to provide it) will be used if needed to resolve any issues with the order (for example, low in stock or faulty item etc)
- If you participate in Commenting, Reviewing or Blogging, then your Username will be displayed – this means you could be identified. You have the choice of signing up with a personalised – unidentifiable username, should you want too. But please note, this username can’t be changed after creation.
- When you optionally sign up to our newsletter your name and email address will be used purely for the purpose of sending out our newsletter. The newsletter will contain News, Upcoming Events, Occasional prayer requests (from us) and occasional discounts, exclusive to subscribers.
- When you optionally use the ‘contact us’ form we collect your name and email address. This will be emailed to our shop staff who will deal with your enquiry/ order. Data you provide in this manner will not be kept on the website but will be stored on our secure email servers until the submissions are dealt with. If you agree to it, these ‘contact us’ submissions will be kept and then used for training purposes and improving our services.
- When you optionally use request prayer we will never hold on to your data after praying. All prayers are treated in absolute confidence and only shown to the person praying.
- When you exercise your right under the GDPR to either have access or delete your data, we will temporarily hold your email and name for the duration of the request. Once your enquiry is dealt with then we will delete the request and delete all your data, if you requested it. See below for more details on how to exercise your rights under the GDPR.
- When you Donate via our PayPal form, we will be emailed your accounts Name and Email address. We only need this for the purpose of saying thank you.
How do you process and keep my data?
- For account holders only, any comment, review or blog post you write will be posted on the website pending a review of a moderator, once approved your name will appear along side your comment, review or blog. No offline copy is stored.
- For all customers who have placed an order, your purchased and completed orders are kept for 2 years from the date of completion. After this date they are deleted from the system, no trace of personal data is left behind.
- Any orders that were unsuccessful for any reason will be removed from the website after 4 months. No personal data is left behind.
- Data you provide by using the ‘contact us, prayer and GDPR request’ forms will never be stored on our website but immediately emailed to our shop’s office. In the office, a member of staff will aim to deal with your requests via email (unless you have supplied a phone number in your message, and indicated that we contact you via that method). After the request is dealt with, it will be deleted from our email server.
- If you give consent for us to keep the information you submit via the contact us form for training and improvement then they will be stored securely on our email server. This permission can be withdrawn in the future by emailing us.
- Prayer Requests while anonymously submitted are carefully and confidentially handled. All data is deleted from our emails as soon as we have prayed.
- GDPR requests are handled within the timescale set out on the GDPR section in your website account. All emails sent that are of this nature are deleted as soon as dealt with.
- When you Donate via our PayPal form, we will be emailed, by PayPal, your accounts Name and Email address. We only need this for the purpose of saying thank you. This data is not stored on our website, rather it is kept on our email server. We will send a personalised thank you via email. If you have indicated you would like to gift aid via the donation form then we will get in contact to ask for your address. This will all be kept in strict confidence and processed carefully.
Who do you share my information with?
We do not and will never share or sell your information, without consent, to any other third-party, unless it is a requirement of law. In the event of you purchasing goods by a third party or for a third party, what happens to your data is outlined on the following page: https://cardiff.books-plus.org.uk/collecting-on-behalf-of-3rd-parties/
- When processing an order your name, address and email will be shared, temporarily with PayPal for the sole purpose of payment. We do not store or process any payment information. When you pay using PayPal all payment information is entered directly on PayPal’s website. Please refer to PayPal’s website for details on their GDPR compliance.
- When you pay using Square, your card payment details are not stored on our server but they are sent to their servers to be processed. For more information check out their website. By you entering your details you state you agree with their policy.
- Your Newsletter data is held solely in the newsletter plugin on our website. It is not shared with any third-party. For more information please check the GDPR compliance section of the plugins website.
- Unless you specifically request us to share your message, or it lawfully requires that we share it to a third-party, anything you submit via the ’contact us’ form will be held as private. The message will be handled with care and dealt with in the store’s office, among only those in our store who need to deal with your submission.
- An example of a submission needing to be shared, you believe that we should stock a different range of products. So we would share your opinion, but not your name.
- If you wanted us to pass on a message to a member of staff, or someone else, then we would have to share your name and contact details.
- If you share something illegal then we are duty bound to inform the appropriate authorities.
- When Donating we do not share your data with anyone, save for HMRC in the event you wish to gift aid with us.
Am I in control of my data, how can I delete it if I want too?
Under the GDPR you have full rights to ownership of your personal data. This means we have to comply with your wishes. If you want to know everything we hold about you, all you have to do is ask us. Please do this by any of the ways set out in the ‘contact’ section of our website. We (as do all companies) have a legal obligation to reply within a month of receiving a request from you, but we will do our best to reply as quickly as possible.
Below is more information about how you can be in control of the various bits of data we hold about you:
- Having placed an order in the past without an account you can only:
- Request we delete the order log (and the data that goes with it)
- View the data we hold, via using the contact us form as outlined below in point 4.
- Request that the order be cancelled by getting in contact via the email you provided.
- With a store account you are in control of your personal data in three ways:
- Updating records (for example, a new address)
- Deleting your account (more on how to do this below)
- You can amend reviews, comments or blogs by getting in touch with us, as outlined in point 4 below.
- After subscribing to our emails you are in full control to unsubscribe in the future. All you have to do is follow the link within each email you are sent, your records are then deleted from the plugin. Or you can simply ask us to remove you.
- Using the ‘contact us’ submission form, you can control it in the following ways:
- Without your consent to keep the submission, it will be deleted as soon as it is dealt with.
- After giving your consent to keep the submission, you can simply email us to ask for it to be deleted. We will reply as soon as possible to confirm its deletion.
- Donation records can be accessed and requested upon using the GDPR forms. Outlined below.
How can I delete my Account or find out what you hold about me?
If you want to delete your account or know what information we hold about you, please see the method of easily sending a request from your account page: https://cardiff.books-plus.org.uk/my-account/GDPR-Request/.
On the Data Access & Deletion page of your account area are a few choices about what request you want to make, Each choice is highlighted either as a button or a contact-form.
To find out what we know about you please click the ‘Data Access Request’ button immediately below this paragraph. One of our team will contact to verify that you want this and then we will endeavour to respond with all the data as soon as we can. Compliance with the Genral Data Protection Regulations states we should reply within a calender month, but we will be as quick as we can. Data we hold will be emailed to your account email in the form of an attachment.
To delete your account, please click the ‘Delete My Account’ button immediately below this paragraph. One of our team will email, within 2 working days, asking you to confirm your action and verify you want us to do this. Once you have replied to us, we will delete your account from our website within the next working day. You will be unable to recover your account after it is deleted. If there is an outstanding balance on your account then we reserve the right to delete after payments are settled.
You will have the chance to tailor a specific request directly to us via a contact form at the bottom of this page.
What about cookies?
- To help your shopping basket be created.
- To know when you make changes to your basket
- For storing your shopping preferences (like Price ascending or descending etc…)
- So your browser keeps you logged in, until you log out.
BOOKS Plus is not and will never collect personal data via any means without your consent or understanding.
For more information on what the cookies do please follow the links to documents on what cookies WordPress and WooCommerce use. For more information on how to manage cookies please go to www.aboutcookies.org.
Web Links to other websites