WHO WE ARE
We are Bloomsbury Publishing Plc. We are the data controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise). Our contact and other details are set out at the end of this policy.
This privacy notice is issued on behalf of the Bloomsbury Group so when we mention Bloomsbury, "we", "us" or "our" in this privacy notice, we are referring to the relevant company in the Bloomsbury Group responsible for processing your data. We are an independent publishing company. We publish books and other publications (including journals and periodicals) in print and digital format and also own and/or operate online publishing platforms in specific subject areas (âBloomsbury Digital Resourcesâ, âBDRsâ). We sell our products both directly to consumers and also to business customers (including retailers, professional bodies and entities, and educational institutions and organisations).
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
THE PURPOSES FOR WHICH WE COLLECT PERSONAL DATA
We collect and process personal data as follows:
If you are an individual customer of ours or if you have registered individually to set up an account for any purpose via any of our websites or BDRs (including for personalisation purposes where you are an employee, contractor or student of one of our business customers), or have signed up to receive any of our newsletters.
We may collect your individual contact and other information that you give to us to enable us to fulfil any orders you make, or otherwise to communicate with you in relation to the supply of books and other products or services by us, including BDRs (for example, in order to supply books that you have ordered, to sell tickets to events we organise, to allow you to use any of our online forums (where applicable), to personalise your use of BDRs or to send you a newsletter that you have signed up to).
Information that you give us may include (apart from your name and contact information such as your email address, postal address or phone number and IP address) credit card, bank account or other financial details relevant to payments made by you and other information relating to you that is included in any communications between us and you in the course of the provision by us of our products or services.
WHERE WE PROCESS YOUR PERSONAL DATA
We normally process personal data only in the UK or elsewhere in the EU, or in non-EU countries that are certified as providing an adequate level of protection for personal data.
Where necessary in order to manage our business, we may share relevant personal data with our group companies outside the EU, but only to the extent necessary in order to provide the services concerned.
Where you order products from us that are distributed from any of our warehouses outside the EU, we will share information relating to you (your name and address together with the products you have ordered) to the extent necessary to enable our service partner who operates the relevant warehouse to deliver the relevant products to you.
SECURITY OF YOUR PERSONAL DATA
All personal data processed by us is stored securely (the level of security being appropriate to the nature of the data concerned and the other relevant circumstances).
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.
WHO WE SHARE YOUR PERSONAL DATA WITH
We may where appropriate share your personal data with:
Appropriate third parties including:
- our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for;
- payment processing service providers (such as Paypal, Worldpay and GoCardless) in connection with purchases you make from us;
- our auditors, legal advisors and other professional advisors or service providers;
- credit or other similar reference agencies for the purpose of assessing your suitability or ability where this is in the context of us entering (or proposing to enter) into a contract with you or the person that you work for.
In relation to information obtained via our website:
- our advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience and subject to the cookie section of this policy;
- analytics and search engine providers that assist us in the improvement and optimisation of our site and subject to the cookie section of this policy.
OTHER DISCLOSURES WE MAY MAKE
We may disclose your personal data to third parties:
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements with you or the person that you work for; or to protect the rights, property, or safety of our business or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection, or credit risk reduction.
THE LEGAL BASIS FOR OUR PROCESSING OF PERSONAL DATA
The legal basis on which we process your personal data is as follows:
- Where it is necessary to obtain your prior consent to processing in order for us to be allowed to do it, we will obtain and rely on your consent in relation to the processing concerned (in relation to any processing we are carrying out with your consent, see below for how to withdraw your consent).
Otherwise, we will process your personal data where the processing is necessary:
- for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
- for compliance with a legal obligation to which we are a subject; or
- for the purposes of the legitimate interests pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data.
HOW LONG WE KEEP YOUR PERSONAL DATA
We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.
You have the following rights in relation to personal data relating to you that we process:
- You may request access to the personal data concerned.
- You may request that incorrect personal data that we are processing be rectified.
- In certain circumstances (normally where it is no longer necessary for us to continue to process it), you may be entitled to request that we erase the personal data concerned.
- Where we are processing your personal data for marketing purposes or otherwise based on our legitimate interests, you may in certain circumstances have a right to object to that processing.
- Where we are processing personal data relating to you on the basis of your prior consent to that processing (such as in relation to marketing by email), you may withdraw your consent, after which we shall stop the processing concerned.
To exercise any of your rights (including withdrawing relevant consents or obtaining access to your personal data), you should contact us as set out below. To unsubscribe from any electronic newsletters or other marketing communications, you can click on the unsubscribe link in the relevant communication.
If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal compliant with the Information Commissioner.
CONTACTING THE REGULATOR
The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
Our contact details are:
Bloomsbury Publishing Plc 50 Bedford Square London WC1B 3DP United Kingdom Company Number 01984336 ICO Registration Number Z7552956
Contact: Maya Abu-Deeb, Data Protection Officer
Phone: +44 (0)20 7631 5000
UPDATES TO THIS POLICY
DATE OF THIS POLICY
This policy was last updated on 23 May 2018.