We may use your information for the following purposes:
- to provide you with access to our website in a manner convenient and optimal and with personalised content relevant to you including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner);
- to send you a link via WHSmith’s to purchase your exclusive Football Heroes Subscription title. We can alter or cancel the Football Heroes subscription at any time, and it is subject to availability.
- to administer orders made from our website or the website of one of our subsidiaries and sharing your information with our own warehousing and third-party delivery service providers (on the basis of performing our contract with you);
- to keep in contact with you about our news, events, new website features or services or new books that we believe may interest you, provided that we have the requisite permission to do so, (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);
- to share your information with selected third parties such as publishing partners and authors, to enable them to contact you with information about things that may interest you (where we have your consent to do so);
- to provide customer service and support (on the basis of our contract with you), deal with enquiries or complaints about the website and share your information with our website developer, IT support provider, warehouse and delivery service provider, payment services provider as necessary to provide customer support (on the basis of our legitimate interest in providing the correct products and services to our website users);
- to carry out aggregated and anonymised research about general engagement with our website (on the basis of our legitimate interest in providing the right kinds of products and services to our website users);
- to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including without limitation plagiarism and identity fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so); and
- to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
- to enable us to build profiles of ‘lookalike’ customers for advertising and marketing purposes on social media (on the basis of our legitimate business interest).
Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:
- personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;
- detecting and preventing fraud and operating a safe and lawful business;
- improving security and optimisation of our network, sites and services;
- conducting business with suppliers and purchasers.
- Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” in paragraph 9 below.
WHO WE MIGHT SHARE YOUR INFORMATION WITH
In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we may share your personal information with third parties that we work with such as:
- third parties we work with to deliver our business (including for example, hosting or operating the website and our databases, site analytics, providing technical assistance and support, financial services institutions);
- any selected third party that you consent to our sharing your information with for marketing purposes;
- any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and
- any other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
- We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.
HOW WE LOOK AFTER YOUR INFORMATION AND HOW LONG WE KEEP IT FOR
- We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
- ensuring the physical security of our offices, warehouses or other sites;
- ensuring the physical and digital security of our equipment and devices by using appropriate password protection [and encryption];
- maintaining a data protection policy for, and delivering data protection training to, our employees;
- limiting access to your personal information to those in our company who need to use it in the course of their work.
- We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do so for purposes of academic, literary expression and research purposes. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. In addition, we maintain a suppression list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply with their wishes we must store this information permanently;
INTERNATIONAL TRANSFERS OF YOUR INFORMATION
- Our company is located in the UK.
- We take all steps necessary to ensure that any of your information is adequately protected and processed in accordance with this Privacy Notice, including aiming to ensure that all data is stored and processed within the European Union and by using all appropriate cross-border transfer solutions such as the European Commission’s Standard Contractual Clauses or the EU-US Privacy Shield Framework;
YOUR RIGHTS TO THE INFORMATION WE HOLD ABOUT YOU
You have certain rights in respect of the information that we hold about you, including:
- the right to ask us not to process your personal data for marketing purposes;
- the right to request access to the information that we hold about you; and
- in certain circumstances, the right to ask us to stop processing information about you.
You may exercise your rights above by contacting us using the details in paragraph 2 of this Privacy Notice, or in the case of preventing processing for marketing activities also by checking certain boxes on forms that we use to collect your data to tell us that you don’t want to be involved in marketing, by updating your marketing preferences via your account with us, or by clicking Unsubscribe on any email marketing correspondence that you receive from us.
Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications relating to your website user account even when you have requested not to receive marketing communications.
From 25 May 2018, in accordance with new data protection laws which will be in force from that date, you will have certain additional rights in respect of the information that we hold about you, including:
- the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) or the relevant authority in your country of work or residence;
- the right to withdraw your consent for our use of your information in reliance of your consent (refer to paragraph 4 to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Notice;
- the right to object to our using your information on the basis of our legitimate interests (refer to paragraph 4 above to see when we are relying on our legitimate interests); and
- the right to receive a copy of any information we hold about you in connection with the performance of our contract with you or on the basis of your consent (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format; and
- the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.