Terms & Conditions

The Book Hive: Privacy Notice

The Book Hive Ltd (a Private Limited Company; Company Number 06944389; SIC 47610) has sufficient staff and skills to discharge its obligations under the GDPR. It is committed to ensuring that all personal data is:

  1. processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. accurate and, where necessary, kept up to date;
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

In a nutshell, we’ll make sure that all everything to do with data is verifiable, clear and affirmative.

Legal Basis

The legal basis for The Book Hive’s processing of personal data falls into two categories:

  • ‘Consent of the data subject’ (e.g. when a customer signs up to receive email updates from us)
  • ‘Processing is necessary for the performance of a contract with the data subject’ (e.g. when a customer provides bank details or contact details when paying for or ordering a book)

Please see the ‘Your Right to be Informed’ section for specific details.

Your Rights

Your Right to be Informed

You have the right to know how and why we use your personal data. Listed below are the types of personal data that The Book Hive handles, with clear information on what we do with it:

  • Emails for our Email Marketing Database (Mailchimp)
    • The Book Hive collects email addresses on the legal basis of consent of the data subject.
    • Data is collected via an affirmative, clear, verifiable opt-in process on our website and through the Mailchimp double opt-in GDPR-friendly sign-up form.
    • We use this data to send email updates about shop news, events and stock.
    • When given this data, we (and we only):
      • Add the contact information to MailChimp
      • Store the contact information in our MailChimp account
      • Send emails from our MailChimp account
      • Track interactions in an effort to improve the quality of our emails
    • This data is not shared with anyone other than Mailchimp.
    • For security, digital access to this data is restricted by a password-protected Mailchimp account, as well as a password-protected shop computer. Customer Contact Database (on Bertline, our stock control system)
    • The Book Hive collects identity and contact data (name and address / email / home number / mobile number) on the legal basis of processing necessary for the performance of a contract with the data subject.
    • Data is collected verbally in a clear, affirmative and verifiable manner.
    • We use this data to process and catalogue book orders, and use it to contact the data subject when their book order has arrived at the shop.
    • When given this data, we (and we only):
      • Add the contact information to Bertline, our stock control system
      • Store the contact information in the Bertline system, backed-up on Dropbox
      • Use it to track orders and generate paper customer slips
      • Use it to catalogue book orders in the till area
      • Use it to contact the data subject when their order arrives
    • This data is not shared with anyone other than Bertline.
    • For security, digital access to this data is restricted by a password-protected Bertline system, as well as a password-protected shop PC. All Bertline customer data stored on Dropbox is encrypted. Customer slips are destroyed immediately after use.
  • Customer Contact Record (in shop notebook)
    • The Book Hive collects identity and contact data (name and email / home number / mobile number) on the legal basis of processing necessary for the performance of a contract with the data subject.
    • Data is collected verbally in a clear, affirmative and verifiable manner.
    • We use this data to process and catalogue second-hand book orders from ABE Books, and use it to contact the data subject when their book order has arrived at the shop.
    • When given this data, we (and we only):
      • Add the contact information to the shop notebook
      • Store the contact information in the shop notebook
      • Use it to catalogue book orders in the till area
      • Use it to contact the data subject when their order arrives
    • This data is not shared with anyone.
    • For security, physical records of this data is stored in a safe in the shop.
  • Customer Payment Data (on our Worldpay card terminal):
    • The Book Hive collects bank data (card number, expiry date, and security code) on the legal basis of processing necessary for the performance of a contract with the data subject.
    • Data is collected verbally in a clear, affirmative and verifiable manner.
    • We use this data to process payments for products.
    • When given this data, we (and we only):
      • Use it to process a payment on our Worldpay card terminal
    • This data is not shared with anyone other than the payment provider.
    • For security, this data is not recorded or stored in any way.
  • Book Hive Year Subscription Database
    • The Book Hive collects identity, interest and contact data (name, address, email, home number / mobile number, book interests) on the legal basis of processing necessary for the performance of a contract with the data subject.
    • Data is collected via a clear, affirmative and verifiable paper form.
    • We use this data to aid our selection of books, and to send books to subscribers.
    • When given this data, we (and we only):
      • File the identity, interest and contact information in a folder at the shop
      • Add the identity, interest and contact information to a spreadsheet on the shop PC
      • Store the contact information in a folder in the shop and on the shop PC
      • Use it to make book selections for subscribers
      • Use it to send books to subscribers
      • Use it to contact subscribers if there is an issue with their subscription
    • This is data is not shared with anyone apart from Mail Boxes Etc., who process our post.
    • For security, physical records of this data are stored in a safe in the shop, and digital access is restricted by a password-protected shop PC.
  • Third party Invoices (Publishers, Wholesalers, Distributors, etc)
    • The Book Hive collects identity and bank data (business name, account number, and sort code etc) on the legal basis of processing necessary for the performance of a contract with the data subject.
    • We use this data to pay suppliers.
    • When given this data, we (and we only):
      • Add the data to our invoice file
      • Store the data in the shop
      • Use it to process a payment to the data subject
    • This data is not shared with anyone other than the payment provider.
    • For security, physical records of this data are stored in a safe in the shop.

Your Right of Access

At any time, you can contact The Book Hive (via email, phone or in person) to check that we are handling your data legally. You can:

  • Ask us to confirm that your data is being processed
  • Gain access to your personal data

We’ll provide this information free of charge and as quickly as possible (within one month). If you request information electronically, we’ll provide you with information in a commonly used electronic format.

Your Right to Rectification

You can rectify any of your personal data that The Book Hive is processing if it is inaccurate or incomplete. You can contact us via email, phone or in person. We’ll then make any necessary changes, and confirm that we have done so, within a month.

Your Right to Erasure

You can ask The Book Hive to delete or remove your personal data at any time (via email, phone or in person).

Your Right to Restrict Processing

You can ask The Book Hive (via email, phone or in person) to restrict processing your personal data at any time (we’ll still store it, but we won’t do anything with it).

Your Right to Data Portability

You can request to obtain and re-use your personal data that The Book Hive is processing, at any time (via via email, phone or in person). For example, you might want to move, copy or transfer personal data easily from our IT environment to another (e.g. another service) in a safe and secure way, without hindering the usability of the data. We’ll do this free of charge, as quickly as possible (within one month), and will provide the information in a structured, commonly used, machine-readable electronic format.

Your Right to Object

You can object to direct marketing from The Book Hive via email, phone or in person). If you do, we’ll stop processing personal data for direct marketing purposes as soon as we receive your objection.

Your Rights related to Automated Decision Making and Profiling

The Book Hive does not use any automated decision making when processing personal information.

Our Accountability

The Book Hive will implement comprehensive but proportionate technical and organisational measures to look after data. This includes following good practice such as regularly training staff in our data protection policy, regularly deleting out of date personal data, regularly changing computer passwords, carrying out privacy impact assessments when required, and maintaining relevant documentation on data processing (e.g. keeping a record of how and when we’ve audited our data).

Breach Notification

A personal data breach is a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

If The Book Hive experiences a breach that presents a risk to the rights and freedoms of individuals (e.g. damage to reputation, financial loss, loss of confidentiality with significant detrimental effect, discrimination) then we will report it to the ICO within 72 hours of becoming aware of the breach (https://ico.org.uk/for-organisations/report-a-breach/).  

The Book Hive will only notify the affected individuals when there is a high risk to their rights and freedoms.