FREE LED Reading Neck Light with 1st Box ✨Free UK P&P Over £30 Bookshop Spend✨

Data Protection Policy Statement

Happier Every Chapter ("We," "Our," "Us") is dedicated to ensuring the privacy and protection of all personal data we collect, process, and store in the course of our operations. We recognize the importance of safeguarding the rights of data subjects under the UK General Data Protection Regulation (UK GDPR). This Data Protection Policy outlines the technical and organizational approach and measures we have in place to ensure compliance with UK data protection law, especially in the context of our procurement framework contract for supplying digital library content and print books. All the while safeguarding the rights and freedoms of individuals whose data we handle.

1. Scope

This policy applies to all personal data processed by Happier Every Chapter, including data related to customers, employees, suppliers, and any other third parties. It covers data collected through our website and any other business activities.

1.1 Data Collection and Processing

We maintain comprehensive records of our data processing activities, including the purposes of processing, data categories, and any data sharing with third parties. These records are regularly reviewed and updated.

We collect and process personal data only for legitimate business purposes, including but not limited to:

  • Fulfilling customer orders for print books and digital content.
  • Managing customer relationships and communication.
  • Complying with contractual obligations under the procurement framework.
  • Meeting legal and regulatory requirements.

The types of personal data we may collect include:

  • Contact information (e.g., name, address, email, phone number).
  • Payment details for processing transactions.
  • Order history and preferences.
  • Professional information related to suppliers and partners.

2. Data Protection Principles & Security

We adhere to the following key principles of data protection:

  • Lawfulness (Legal Basis), Fairness, and Transparency: We process personal data in a lawful, fair, and transparent manner. Consent is obtained where necessary for marketing communications or other non-essential processing activities. Contractual necessity, legal obligation such as tax reporting or legitimate interests e.g. maintenance of customer relationships are also drivers for the collection of information where needed to fulfill our obligations
  • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes and do not process it in a manner that is incompatible with those purposes.
  • Data Minimization: We ensure that the personal data we collect is adequate, relevant, and limited to what is necessary.
  • Accuracy: We keep personal data accurate and up to date.
  • Data Retention: We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Upon the expiration of retention periods, data is securely deleted or anonymized.
  • Integrity and Confidentiality: We process personal data in a way that ensures appropriate security, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage.

3. Technical and Organisational Measures

3.1 Confidentiality, Integrity, and Resilience of Processing Systems

We employ a combination of human and technical resources to ensure ongoing confidentiality, integrity, availability, and resilience of our processing systems, including:

  • Encryption: We use strong encryption protocols for data at rest and in transit to protect sensitive personal information.
  • Access Controls: We implement strict access controls based on roles and responsibilities, ensuring only authorised staff have access to personal data.
  • Data Backups: We conduct regular, encrypted backups of all critical data, stored securely to ensure resilience in case of system failures.
  • Data Breach Management/Incident Response: We maintain an incident response plan to quickly address and mitigate any data breaches or security incidents. In the event of a data breach, Happier Every Chapter will promptly assess the risk to individuals’ rights and freedoms and, where necessary, report the breach to the relevant supervisory authority within 72 hours. Affected individuals will be notified where the breach poses a high risk to their rights.
  • Data minimization:  Enables us to limit the collection and retention of personal data to what is necessary for our operations.

3.2 Data Subject Rights

We ensure compliance with data subjects' rights, including:

  • Privacy Notices: We provide clear, accessible privacy information to all data subjects at the time of data collection.
  • Access, Rectification, and Deletion: We have processes in place to promptly respond to data subjects' requests for access, rectification, deletion, and portability of their personal data.
  • Consent Management: We obtain active, informed consent where necessary, recording and maintaining auditable records of all consents.

Individuals whose data we process have the following rights under GDPR:

  • The right to access their personal data.
  • The right to rectify inaccurate or incomplete data.
  • The right to request the erasure of their data.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to processing.
  • The right to withdraw consent at any time.

Requests to exercise these rights can be made by contacting us at hello@happiereverychapter.com

3.3 Data Transfers

We ensure that any transfer of personal data outside the UK complies with legal safeguards, including standard contractual clauses and adequacy decisions, to ensure an equivalent level of data protection.

4. Policy Reviews, Continuous Evaluation and Improvement

To maintain high standards of data protection, we regularly assess, and evaluate the effectiveness of our technical and organisational measures. This includes annual reviews of our data protection policy, staff training sessions, and regular audits of our data processing activities. Data policy review can also be necessitated by significant changes in our operations or data protection laws. The latest version of the policy is always available on our website.

5. Contact Information

For any questions or concerns about this policy or data protection practices, please contact us at hello@happiereverychapter.com

Happier Every Chapter is dedicated to protecting the personal data of our customers, partners, and employees. By implementing robust data protection measures, we ensure compliance with the UK GDPR and uphold the highest standards of privacy and security.

Trustpilot