Topics
- Who we are
- Information we may collect about you
- How we use information about you and recipients of your information
- Who we might share your information with
- Cookies
- How we look after your information and how long we keep it for
- Help keep your information safe
- International transfers of your information
- Your rights to the information we hold about you
- Sharing data directly with third parties
- Third party links and embedded content
- Changes to this Privacy Policy
This Privacy Policy was last updated on 27th May 2020.
1. Who we are
BookMachine Ltd (company number 12262084) is a company registered in England, with our principal place of business set out below.
You can contact us as follows:
Address:
BookMachine Ltd.
2.3, Building A3
6 Soames Walk,
Design District,
Greenwich Peninsula
London,
SE10 0AX
Email: hello@bookmachine.org
Tel: +44 (0) 207 183 2399
2. Information we may collect about you
Information that you provide to us.
We will collect any information that you provide to us when you:
- make an enquiry, provide feedback or make a complaint over the phone, by email or our website;
- subscribe to our mailing lists;
- submit an application to a job vacancy;
- purchase a BookMachine membership;
- purchase a ticket for a BookMachine event;
- order publications or other products from our website;
- create an account to purchase a BookMachine membership or other products from our website;
- complete your online profile on the Site;
- submit a Comment on the Site;
- provide your details when you meet us at a conference or event;
The information you provide to us will include (depending on the circumstances):
- Identity and contact data: title, names, addresses, email addresses and phone numbers;
- Account profile data: if you’re registering for an account you may also provide a username, password, job title/position, company name, skill set and location
- Survey data: from time to time we might ask if you would be willing to participate in our surveys; if you agree, we will also collect any information that you provide as part of that survey.
Information we collect about you.
Information contained in correspondence. We will collect any information contained in any correspondence between us. For example, if you contact us using a query button on our website or by email or telephone, we will keep a record of that correspondence;
Information transmitted on the website. We will collect information that you upload or post to your website account and/or any correspondence or interactions that you may have with other website account holders.
Website usage data. We will collect information about your interactions with the website, including information such as login data, IP address, page views, searches, requests, orders, pre-approvals, confirmations, agreements between you and other website users and other actions on the website;
Technical data. We will also collect certain information about how you use our website and the device that you use to access our website, even where you have not created an account or logged in. This might include your geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), the data transmitted by your browser (such as your IP address, date and type of the request, content of the request regarding the specific site, time zone settings, access status/HTTP status code, volume of data transmitted, browser type and version, language settings, time zone settings referral source, length of visit to the website, date and time of the request, operating system and interface), number of page views, the search queries you make on the website and similar information. This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please read the section headed “Cookies” below.
Comments on Site articles. When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Uploading media to the Site. If you upload images to the Site, e.g. when uploading an Avatar or portfolio item for you BookMachine profile, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Purchasing products on the Site. While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order! If your product does not require shipping, we will not ask for a shipping address
- We’ll also use cookies to keep track of cart contents while you’re browsing our site.
When you purchase from us, we’ll ask you to provide information which will always include your name and email addresses, and depending on the product, may include phone number, username, password and billing address. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your membership account
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name and email address and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 6 years for tax and accounting purposes. This includes your name and email address.
We store a copy of your cart in our database for 60 days for the purpose of reminding you when your cart is abandoned.
We do not store credit card details. All card transactions are handled via Paypal.
Communication preferences. We store your communication preferences such as whether you have opted in to receive marketing communication. This data is retained until you request the removal of your data.
Communication logs. We keep a log of some of the communication that we have with you which may include marketing and transactional emails and/or SMS messages. These are kept for the purpose of improving our marketing and communication with you and other customers. These logs are retained until you request removal of your data.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Information we receive from third parties.
In certain circumstances, we will receive information about you from third parties. For example
- Website users: we may receive personal information from other website users, who may be based inside or outside the EU, for example information that is posted or uploaded by other users (e.g. reviews), information relating to transactions and/or correspondence between website users;
- Social media plugins: we currently use social media plugins from the following service providers who are based both inside and outside the EU: [Facebook, Google+, Twitter, LinkedIn. By providing your social media account details you are authorising that third-party provider to share with us certain information about you;]
- Service providers: we may collect personal information from our website developer, IT support provider and payment services provider (who may be based inside OR outside the EU);
We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.
3. How we use information about you and recipients of your information
If you opt-in to receive marketing updates we may use your personal information to provide you with product updates or marketing communications that we believe may be of interest to you. Personal data may also be used by our internal system to automate processes of our store.
We will use your information for the purposes listed below either on the basis of:
- the provision of our services to you;
- your consent (where we request it); or
- our legitimate interests (see below).
We may use your information for the following purposes:
- To provide access to our website: to provide you with access to our website in a manner convenient and optimal and with personalised content relevant to you including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner);
- To register your account: if you create an account on our website, we will use the details provided on your account registration form (on the basis of performing our contract with you);
- Relationship Management: to manage our relationship with you, which will including notifying you about changes to our terms of use or privacy policy, and asking you to leave a review or take a survey (on the basis of performing our contract with you, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated and study how our website and services are used);
- Marketing: to keep in contact with you about our news, events, new website features or services that we believe may interest you, provided that we have the requisite permission to do so, and sharing your information with our marketing services provide] (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);
- Advertising: to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (on the basis of our legitimate interests in studying how our website/services are used, to develop them, to grow our business and to inform our marketing strategy);
- Analytics: To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (on the basis of our legitimate interests in defining types of customers for our website and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy);
- Suggestions and recommendations: to share your information with selected third parties such as event partners, to enable them to contact you with information about things that may interest you (where we have your consent to do so);
- User and customer support: to provide customer service and support (on the basis of our contract with you or on the basis of our legitimate interests to provide you with customer service), deal with enquiries or complaints about the website and share your information with our website developer, IT support provider, payment services provider as necessary to provide customer support (on the basis of our legitimate interest in providing the correct products and services to our website users and to comply with our legal obligations);
- Research: to carry out aggregated and anonymised research about general engagement with our website (on the basis of our legitimate interest in providing the right kinds of products and services to our website users);
- Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:
- personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;
- detecting and preventing fraud and operating a safe and lawful business;
- improving security and optimisation of our network, sites and services;
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details in the “Your Rights” section below.
4. Who we might share your information with
In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties that we work with such as:
- Website users: Other website users who you use the website to transact and communicate with, who may be based both inside and outside the EU;
- Partners and collaborators: Where we have worked with a third party on the authorship of one of our Publications/Whitepapers, we may provide this partner with your name and email address when you download this Publication and only with consent from you;
- Our service providers: Service providers we work with to deliver our business, who are acting as processors and provide us with:
- website hosting services via Cloudways on servers based in the United Kingdom
- We use MailChimp for email marketing. Your data may be transferred to MailChimp for processing in accordance with their Privacy Policy.
- marketing and advertising services (including the Google Adwords service), analytics providers (including Google Analytics). See Google Analytics Privacy Policy.
- We will track your location based on your IP address in order to ensure that our content, events and services are available in the correct geographical areas. To detect your location, we will send your IP address to the geolocation services of usersinsights.com. We will store the country, region, city and coordinates associated with your IP address. We will also store your IP address in a hashed format so we can check it for changes.We will track your last login date and number of sessions in order to identify whether your are an active user not. We delete inactive users after 12 months of inactivity.We will track your browser name, browser version and device platform in order to ensure that our site is always optimised for the browsers and devices most used by our customers;
- Our new member platform, Campus, uses Circle. If you are a Campus Member and choose to sign up for the new platform, your data may be transferred to Circle for processing in accordance with their Privacy Policy.
- maps services (including Google Maps API);
- Visitor comments may be checked through an automated spam detection service;
- social media plugin services including Facebook, Google+, Twitter and Linkedin;
- We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information. Please see the PayPal Privacy Policy for more details;
- We accept payments through Stripe. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information. Please see the Stripe Privacy Policy for more details;
- legal, accountancy, auditing and insurance services and other professional advisers based in the United Kingdom;
- Regulators and governmental bodies: HM Revenue & Customs, regulators, governmental bodies and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances;
- Marketing parties: any selected third party that you consent to our sharing your information with for marketing purposes;
- Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the United Kingdom where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
We require all third parties to maintain appropriate security to protect your information from unauthorised access or processing.
5. Cookies
We use cookies to ensure that you get the most out of our website. Cookies are small amounts of information in the form of text files which we store on the device you use to access our website. Cookies allow us to monitor your use of the software and simplify your use of the website.
If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org). Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the website.
Our website may contain content and links to other sites that are operated by third parties that may also operate cookies. We don’t control these third party sites or cookies and this Privacy Policy does not apply to them. Please consult the terms and conditions and Privacy Policy of the relevant third party site to find out how that site collects and uses your information and to establish whether and for what purpose they use cookies.
Commenting on the Site. If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
User accounts. If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Posting content on the Site. If you edit or publish content, for example a status update, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the content you just added. It expires after 1 day.
Shopping cart. We use cookies to remember who you are when browsing our site and to store the contents of your cart for the purpose of reminding you. These cookies will only be set when you consent to allowing additional cookies on our website.
6. How we look after your information and how long we keep it for
We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
- ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;
- maintaining a data protection policy;
- limiting access to your personal information to those in our company who need to use it in the course of their work.
We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do so for purposes of academic, literary expression and research purposes.
User accounts. We delete inactive users after 12 months of inactivity.
Comments on Site articles. If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
7. Help keep your information safe
You can also play a part in keeping your information safe by:
- choosing a strong account password and changing it regularly;
- using different passwords for different online accounts;
- keeping your passwords confidential and avoiding sharing your login with others;
- making sure you log out of the website each time you have finished using it. This is particularly important when using a shared computer;
- letting us know if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission;
- keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software;
- being vigilant to any fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in ‘@bookmachine.co.uk’, or ‘@bookmachine.org’.
8. International transfers of your information
Our company is located in the UK.
A number of our external third party service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by using at least one of the following transfer solutions:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
- Where we share data with companies based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us using the contact details at the top of this Privacy Policy if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
9. Your rights to the information we hold about you
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
You have certain rights in respect of the information that we hold about you, including:
- the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Policy;
- the right to ask us not to process your personal data for marketing purposes;
- the right to request access to the information that we hold about you;
- the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
- in certain circumstances, the right to ask us to stop processing information about you; and
- the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/).
- Please note that we may need to retain certain information for our own record-keeping and research purposes even if you have asked us to stop processing it. (For example, we may also need to send you service-related communications relating to your website user account even when you have requested not to receive marketing communications.)
From 25 May 2018, in accordance with new data protection laws which will be in force from that date, you will have certain additional rights in respect of the information that we hold about you, including:
- in addition to your right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/), you will also be able to lodge a complaint with the relevant authority in your country of work or residence;
- the right to withdraw your consent for our use of your information in reliance of your consent (refer to paragraph 4 to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Policy;
- the right to object to our using your information on the basis of our legitimate interests and there is something about your particular situation which makes you want to object to our processing on this ground;
- the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances; and
- the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.
How to exercise your rights
- You may exercise your rights above by contacting us using the contact details set out at the top of this Privacy Policy, or in the case of preventing processing for marketing activities also by checking certain boxes on forms that we use to collect your data to tell us that you don’t want to be involved in marketing or by updating your marketing preferences via your account with us.
- You may contact us via the details at the top of this Privacy Policy if you wish to action any of these additional rights and we will comply with your requests unless we have a lawful reason not to do so.
What we need from you to process your requests
- We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
- From 25 May 2018, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10. Sharing data directly with third parties
You might end up providing personal information directly to third parties as a consequence of your interactions with our website and other services offered by us. For example, your name and other personal information will be shared with other website users when you correspond with them via the website, or you may attend an event hosted by us where you communicate personal information directly with other attendees. We are not responsible for how such third parties use personal data provided by you.
Please be responsible with personal information of others when using our website and the services available on it. We are not responsible for your misuse of personal information, or for the direct relationship between you and others when takes place outside of the website or our services.
11. Third party links and embedded content
Third party links
The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
12. Changes to this Privacy Policy
We may make changes to this Privacy Policy from time to time. We will post any changes to our site, or notify you of any material changes by e-mail.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by updating your profile account information or contacting us via the contact details at the top of this Privacy Policy.
This Privacy Policy was last updated on 12th January 2024.