Privacy Policy for Oxford House Books
Oxford House Books (“we,” “us,” “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website at oxfordhousebooks.com (the “Site”), and it explains your rights and the safeguards we implement to keep your data secure. We adhere to applicable data protection legislation, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), with a privacy-first approach.
1. Commitment to Privacy and Data Protection
Oxford House Books is dedicated to ensuring the confidentiality, integrity, and security of your personal data. We process personal data lawfully, fairly, and transparently, and we take appropriate measures to prevent unauthorized access, disclosure, alteration, or destruction of data.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of oxfordhousebooks.com and covers all personal data collected and processed through the Site. For the purposes of the GDPR, Oxford House Books is the “data controller” of any personal data collected via the Site. Our processing activities are governed by this policy and relevant data protection laws.
If you have any questions regarding your data or this policy, you may contact us at [email protected].
3. Categories of Personal Data We Process
We may collect, process, and store the following categories of data:
a) Usage Data
Information about your interactions with the Site, including your IP address, browser type and version, operating system, referral source, pages visited, time and date of access, session durations, and navigation paths.
b) Account Data
Details you provide when creating or managing a user account, such as your full name, email address, mailing address, and phone number.
c) Profile Data
Information about your interests, reading preferences, past purchases, and browsing behavior to tailor content and product recommendations.
d) Communication Data
Records of correspondence with our support team, contact queries, complaint follow-ups, and feedback, including communication metadata.
e) Technical Data
Device and system information, such as device type, operating system version, browser type, automation or script detection, and plug-ins.
f) Transaction Data
Purchasing and payment details, billing and shipping addresses, order history, delivery information, and relevant financial metadata. Credit card data is handled securely by third-party payment processors and is not stored by us.
g) Preference Data
Your selected preferences for product categories, communication choices, language settings, and opt-in consents for marketing communications.
4. Legal Bases for Processing
We process your personal data only when we have a lawful basis to do so under applicable legislation. Depending on the nature of the processing activity, we rely on one or more of the following legal bases:
– Consent: Where you have given clear, informed consent (e.g., to receive marketing emails).
– Contract: Processing is necessary for the performance of a contract with you (e.g., to fulfill an order).
– Legal Obligation: To comply with a legal or regulatory requirement (e.g., for tax reporting).
– Legitimate Interest: For purposes such as fraud prevention, service improvement, and analytics—where such interests are not overridden by your fundamental rights.
5. Your Data Protection Rights
Under GDPR and applicable U.S. privacy laws, you have the following rights:
– Right to Access: Request confirmation and a copy of the personal data we hold about you.
– Right to Rectification: Request correction of inaccuracies or completion of incomplete data.
– Right to Erasure: Request the deletion of your data, subject to legal obligations and retention policies.
– Right to Restrict Processing: Request the temporary suspension of data processing where certain conditions apply.
– Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller.
– Right to Object: Object to processing based on legitimate interests or direct marketing.
– Right Not to Be Subject to Automated Decision-Making: We do not engage in profiling decisions with legal or similarly significant effects.
California residents may also exercise rights under the CCPA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal data (we do not sell personal data).
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement robust technical and organizational measures to secure your personal data. These include but are not limited to:
– Encryption of data in transit and at rest
– Secure socket layer (SSL) technology
– Role-based access controls and authentication
– Regular data backups and recovery protocols
– Employee training on data protection and security awareness
– Ongoing risk assessments and vulnerability management
7. International Data Transfers
Where data is transferred outside the European Economic Area (EEA), including to the United States where our operational services are based, we ensure an adequate level of protection. Such transfers are governed by the use of Standard Contractual Clauses (SCCs) approved by the European Commission or comparable safeguard mechanisms as permitted by law.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, including to comply with legal, regulatory, tax, accounting, or reporting requirements. The specific retention periods include:
– Account Data: Retained for as long as the account remains active and up to 12 months after deactivation.
– Transaction Data: Retained for 7 years for tax and financial compliance.
– Communication Data: Retained for up to 24 months for reference and quality assurance.
– Usage and Analytics Data: Retained for 18 months for performance and analysis.
– Preference Data: Retained while marketing consents are active or until consent is withdrawn.
Once the retention period expires, data is securely deleted or anonymized.
9. Cookie Policy
Our Site uses cookies and similar tracking technologies to enhance user experience and performance. We use the following categories of cookies:
– Essential Cookies: Required for core functionalities, such as security and order processing.
– Functional Cookies: Remember site preferences and enable personalized features.
– Analytics Cookies: Collect information about how visitors use the Site, such as Google Analytics.
– Performance Cookies: Monitor system performance and improve service speed and reliability.
10. Cookie Management and Compliance
You can manage your cookie preferences at any time by adjusting browser settings or using our on-site cookie consent tool, which meets both GDPR and CCPA requirements. You have the right to opt out of non-essential cookies and can withdraw consent at any time.
For California residents, we honor the Global Privacy Control (GPC) and similar Do Not Track signals as legally required.
11. Children’s Privacy
We do not knowingly collect personal data from children under the age of 13. If you are a parent or guardian and believe that your child has provided us with data, please contact us at [email protected]. We will take immediate steps to delete such information from our systems.
12. Policy Updates
We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices or legal requirements. Where such changes materially impact your rights or how we process your data, we will provide timely notification via the Site or other direct means.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
13. Contact
If you have any questions about this Privacy Policy or our data processing activities, or if you wish to exercise your legal rights, please reach out to us at:
Oxford House Books
Email: [email protected]
Website: https://oxfordhousebooks.com
We are committed to maintaining full compliance with global privacy laws, including GDPR and CCPA, and will respond to all privacy-related inquiries promptly and transparently.