Privacy and GDPR

• Our Data protection officer is Alex Brims, he can be contacted here alex@brimsbooks.co.uk

• As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
  • The right to be informed about Our collection and use of personal data;
  • The right of access to the personal data We hold about you;
  • The right to rectification if any personal data We hold about you is inaccurate or incomplete;
  • The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time, but if you would like Us to delete it sooner, please contact Us.
  • The right to restrict (i.e. prevent) the processing of your personal data;
  • The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
  • The right to object to Us using your personal data for particular purposes; and
  • Rights with respect to automated decision making and profiling.
• If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided in section 14 and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
• For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau

The information we hold about you may include the following:

• Your personal details (such as your name and/or address);
• Details of contact we have had with you in relation to the provision, or the proposed provision, of our services;
• Details of any services you have received from us;
• Our correspondence and communications with you;
• Information about any complaints and enquiries you make to us;
• Information from research, surveys, and marketing activities;
• Information we receive from other sources, such as publicly available information, information provided by your
• Employer or our clients or information from HM Revenue and Customs

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.

When assessing what retention period is appropriate for your personal data, we take into consideration:

• The requirements of our business and the services provided;
• Any statutory or legal obligations;
• The purposes for which we originally collected the personal data;
• The lawful grounds on which we based our processing;
• The types of personal data we have collected;
• The amount and categories of your personal data; and
• Whether the purpose of the processing could reasonably be fulfilled by other means.

Which third-party service providers process my personal data?

Third parties includes third-party service providers. The following activities are carried out by third-party service providers: IT and cloud services, professional advisory services, insurers, administration services, banking services.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law.

We do not sell your personal data to third parties!

We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.