Why do we need this document?
The Data Protection Act 2018 requires us to provide certain information to individuals when we process their personal data.
What is the purpose of this?
To be open and transparent on how we process that personal data and meets its data protection obligations.
Who needs to understand this?
Registered members, borrowers, book sharers, suppliers, third parties and visitors and potentially the general public.
Data Protection Officer.
1: Who we are?
We are the online platform bearing the name “港書館 HK BOOKS BORROWING AND SHARING CENTRE IN UK”. We are committed to being open and transparent about how it processes personal data and meets its data protection obligations. Please read this privacy notice carefully.
This notice together with any documents referred to in it explains how we process your personal data including the collection, storage, how we use it and otherwise process your data. It also explains your rights in relation to that personal data.
2: How we collect your data
We collect personal data via the website when you register for an online account, borrow books from us, share books with us, browse our website or social media platform.
3: What data we collect
The type of information that we collect will depend on the interaction or relationship we have with you. Types of information we collect may include:
• Delivery address
• Phone number
• Order history
• Feedback, survey and quiz responses
• Correspondence - when you contact us either in writing, over the phone or through social media platform
4: Who we collect data from?
• Book Sharers
• Registered members
• Individuals who send enquiries/information to us
• Any relevant third parties
5: How we use your data
• To process and complete borrowing and sharing of books.
• To notify you about changes or updates to our services.
• To improve/personalise our service offerings to you.
• To respond to any comments, enquiries or complaints and resolve any issues.
• To maintain and administer our records.
• To evaluate how our services meet your needs, and to have a better understanding of how and where we can make improvements through market research and feedback.
• To make sure that your visit to our website provides you with the most suitable content (please refer to the cookies policy)
6: Our legal basis for using your data
We only use your data when we have a legal basis for doing so. The legal basis for using your data will depend on what we need to do but includes:
• Contract: for us to provide services or arrange the sharing of books
• Legal obligation: to comply with the law
• Vital Interests: for us to be able to protect individuals
• Legitimate Interest: where necessary for our interests or the interest of a third party, after carefully considering any effect to individual rights and freedoms
• Consent: where clear consent is given to use your data for a specific purpose.
For more information on our legal basis for sharing please contact firstname.lastname@example.org
7: Who we share your data with?
We do not share or disclose your data, except as described below. We need to share your personal data including name and delivery address so that the books you have requested will be delivered to you.
We only share the minimal information that allows them to provide services to us or to facilitate providing services to you.
The types of third parties include:
• Parties who are in possession of the books requested
• Our volunteers
• Social media platforms
• Other trusted third parties, including IT & website service providers
• Law enforcement and Government agencies
• Our trusted professional advisers, such as insurance providers, legal, civil / debt recovery and collecting investigators, accountancy and auditors.
8: Where we store your data
Your personal data is mainly stored in the UK but may also be stored by our service providers. Where these providers are based outside the UK, we use appropriate safeguards as set out in the law to protect your data.
9: How long we keep your data
We will only retain your data for as long as is necessary or in accordance with legal requirements. How long we need to keep your personal data will depend on the purpose it was collected for, including: providing you with services you’ve requested, meeting our legal and regulatory obligations, complaints, and disputes.
When we no longer have a requirement to keep your data, this will be securely deleted or archived anonymously.
For more information on how long your data is stored please contact email@example.com
10: Your rights regarding your data
You have several rights available to you and these are set out in the General Data Protection Regulations including:
• Right to be informed -this means you have a right to be informed about the way we collect and use your data.
• Right of Access - this means you have a right to request a copy of the data we hold about you.
• Right of Rectification - this means that you can request we correct your personal data if it is inaccurate.
• Right of Erasure - this means you can request that all the data that we hold about you is deleted.
• Right to Restrict Processing - this means that you can request the processing of your data is blocked and your data is stored separately.
• Right to Data Portability - this means that you can request a secure transfer of your data to another business.
• Right to Object - this means you have a right to object to direct marketing, including profiling.
• Rights Related to Automated Decision Making and Profiling – this means that human intervention can be requested where automated decision making, and profiling is made about you.
• Right to withdraw consent – please send to: firstname.lastname@example.org
11: Obtaining a copy of your data
If you wish to see the personal data, we hold for you then please send your request to email@example.com
In most circumstances your data will be provided within 30 days and free of charge, unless the request is deemed as manifestly excessive or unfounded.
12: Contact Us
If you wish to make a request relating to any of the above rights, please contact firstname.lastname@example.org
The contact details with regards to personal data:
Name: Jonathan Lam
email address: email@example.com
13: Your right to complain to the regulator
We would request that you contact us prior contacting the Information Commissioners Office (ICO for short) who are the regulator and supervisory authority for the United Kingdom is, so we can make every effort to reassure you and answer any queries you may have.
You have the right to make a complaint to the ICO if you believe that we are not using your data in accordance with the law.
The ICO website is www.ico.org.uk where you can find information on how to complain.
14: Privacy Notice changes
This Privacy Notice is reviewed and updated on an annual basis, in addition to making any changes in line with updated regulation and communicating changes accordingly.
Last updated: June 2023
Reason for update: change of contact email