BEATEN TRACK PUBLISHING
PRIVACY POLICY

1. INTRODUCTION

The information in this policy relates to all Beaten Track Publishing services:
- website
- web store and processing of purchases
- email communication
- newsletter subscriptions

This policy was last updated on 31st July, 2018

2. WHO WE ARE

2.1 About Beaten Track Publishing

Beaten Track Publishing (BTP) is a socialist hybrid publishing company, owned and managed by Debbie McGowan (the owner) as a sole trader. As such, the owner is responsible for data protection and control.

2.2 Contact information:

Debbie McGowan
email: dataprotection@beatentrackpublishing.com

3. WHAT INFORMATION DO WE COLLECT?
HOW DO WE USE PERSONAL INFORMATION?

3.1 Website visitors

3.1.1 Beaten Track Publishing (BTP) does not collect or store any personal information about website visitors. However, information is collected from customers of our online shop. (See Section 3.3.)

3.1.2 Our web service provider (EcoHosting) collects anonymous visitor statistics (number of visitors, pages displayed, referring pages, search engines and visitors' countries). BTP cannot track individual visitors based on this information.

3.2 Contact form

Information provided via our contact form is stored in a database and is used to communicate directly with the sender only. Any further sharing of this information is undertaken with the sender's explicit consent.

3.3 Online store visitors

3.3.1 Our store is hosted and powered by PayHip. When items are added to the shopping cart, PayHip assign session credentials, which are needed to match the cart contents to the user and process any subsequent order. These may also be used in the event of denial-of-service attacks to block offending IP addresses.

3.3.2 When a customer goes through the checkout process, they may be asked to provide details to process orders and analyse sales statistics. This information is stored by PayHip, and payments are processed via PayPal. BTP does not request, collect or store information relating to payment methods (such as credit/debit card details).

3.3.3 For orders of physical products requiring shipment to a postal address, the customer's name, postal address and phone number is shared with Lightning Source International (LSI) or Amazon (our print distributors). LSI/Amazon share this information with their drop-shippers.

3.4 Authors

3.4.1 BTP shares only the information authors provide as public information, usually an image (photo, avatar or book cover), a biography, and links to the author's website, blog, and other services they wish to share with readers.

3.4.2 All other information relating to authors is maintained locally on a private computer protected by a firewall and password login system.

3.5 Newsletter subscriptions

Subscribers provide their name and email address only.
The BTP newsletter is used to deliver information about our publications and authors.
The BTP Authors newsletter is used to communicate with BTP authors only for disseminating administrative information and submission calls.

4. LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION

4.1 Obtaining consent

BTP only collects and stores personal information with prior consent from authors, customers and other organisations BTP comes into contact with. However, this is implied through BTP's clients' actions:

- when placing an order via BTP web store
- when signing up to the BTP newsletter
- when completing the BTP contact form
- when corresponding via email

4.2 Withdrawing/withholding consent

4.2.1 Processing orders

BTP cannot process web store orders without collecting personal information detailed in section 3.3. Therefore, any customers wishing to purchase our publications and withhold personal information may do so via third-party vendors. These include Amazon, Smashwords, Barnes and Noble, Kobo, GooglePlay and iBooks.

4.2.2 Newsletter

An 'unsubscribe' link is provided at the bottom of BTP newsletters.

4.2.3 Contact form / email correspondence

Consent may be withdrawn at any time by contacting the data controller detailed in Section 2.2. All personal information relating to the client will be deleted except for where there is a legal obligation to which the controller is subject. In this case, BTP will provide justification for the decision to retain the information.

5. WHEN DO WE SHARE PERSONAL DATA?

5.1 All personal data is treated confidentially and is only shared in the conduct of BTP business operations or where there is a legal obligation to which the controller is subject.

5.2 In the conduct of business, BTP shares data with:
- LSI or Amazon to process physical orders (customer's name, address and phone number)
- PayPal to process payments (clients' email address)
- Vendors in the set-up of published titles (authors' public biographies and previous publications).

6. WHERE DO WE STORE AND PROCESS PERSONAL DATA?

6.1 Database

Data relating to orders and initial contact via the BTP website are stored remotely, with PayHip, in a password-protected database. Backups of the website are stored locally on a private, firewall- and password-protected system.

6.2 Mailing Lists

Data relating to mailing lists are stored remotely, with Mailchimp.

6.3 Correspondence and administration

Data relating to correspondence and administration are stored locally on a private, firewall- and password-protected system.

7. HOW DO WE SECURE PERSONAL DATA?

7.1 Locally stored personal data

Locally stored personal data are secured by a firewall and password-login system.

7.2 Remotely stored personal data

Remotely stored personal data are secured by password-login systems.

7.3 Transmission of personal data

Transmission of personal data between BTP's website and other parties (PayPal, for instance) is secured using secure sockets layer (SSL) encryption.

8. HOW LONG DO WE KEEP PERSONAL DATA?

BTP keeps personal data for three years, after which it is securely deleted except where there is a legal obligation to which the controller is subject.

9. YOUR RIGHTS IN RELATION TO PERSONAL DATA

9.1 You have the right to request information about your personal data, including access to the data and deletion of the data except where there is a legal obligation to which the controller is subject.

9.2 To request information about your personal data held by BTP, contact the data controller detailed in Section 2.2.

9.3 BTP will respond to requests for information relating to personal data within 72 hours of receipt, detailing the initial course of action to be taken. This might consist of providing details of the information BTP holds.

9.4 BTP cannot provide access to personal data that breaches the privacy of another individual.

9.5 Where a request is made to delete personal data, BTP will fulfil that request within seven days, except where there is a legal obligation to which the controller is subject. In all cases, BTP will confirm in writing what action has been taken.

10. LINKS TO THIRD-PARTY VENDORS

BTP's website includes links to third-party vendors, including Amazon, Smashwords, Barnes and Noble, Kobo, iBooks and GooglePlay. BTP online store uses PayHip to administer purchases and PayPal to process payments. In all cases, this does not constitute BTP's endorsement of those external sites, nor is BTP responsible for those sites or any information contained within.

11. BREACH OF THIS PRIVACY POLICY

In the event of any breach of this privacy policy which results in personal data being compromised, we will inform the affected parties and take steps to secure personal data.

12. HOW TO CONTACT US

You can contact us either using the details in Section 2.2 or via the Beaten Track website: https://www.beatentrackpublishing.com/contact