What is the purpose of this policy?
To describe how we collect and use personal data about you per the General Data Protection Regulation
What do we need?
Ryefield Investments Limited T/A Ryefield Books will be what’s known as the “Controller” of the personal
data you provide to us. We only collect basic personal data about you, which does not include any
special categories of personal information about you (known as Special Category Data). However, this
includes name, address, e-mail, telephone number and some financial/ payment information such as
debit/credit card details to process your orders.
Why do we need it?
We need to know your primary personal data to provide goods and services, process your orders, provide
marketing information, tell you about our products and services, etc. We will not collect any personal
data from you for any services that we do not provide.
What do we do with it?
We only ever use your data with your consent, or where it is necessary:
• to enter into, or perform, a
contract with you
• to comply with a legal duty
• to protect your vital interests
• for our own (or a third
party’s) lawful interests, provided your rights don’t override these.
In any event, we’ll only use your information for the purpose or purposes it was collected for (or for
closely related purposes).
We may process personal information for specific legitimate business purposes, which include some or all
of the following:
• where the processing enables us
to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our
• to identify and prevent fraud
• to enhance the security of our
network and information systems
• to better understand how people
interact with our websites
• to provide postal
communications which we think will be of interest to you
• to determine the effectiveness
of promotional campaigns and advertising.
Whenever we process data for these purposes, we will ensure that we always keep your data rights in high
regard and take account of these rights at all times.
When we process your data for our legitimate interests, we will ensure that we consider and balance any
potential impact on you (both positive and negative) and your rights under data protection laws. Our
legitimate business interests do not automatically override your interests. We will not use your data
for activities where our interests are overridden by the impact on you (unless we have your consent or
are otherwise required or permitted to by law). You have the right to object to this processing if you
Where do we keep it?
We are based in the UK, and we store our data within the UK, EU and the US. Some organisations which
provide services to us may transfer personal data outside of UK, EU and US, but we will only allow them
to do so if your data is adequately protected.
For example, some of our systems use Microsoft products. As a US company, it may be that using their
products result in personal data being transferred to or accessible from another country. However, we
will allow this as we are certain personal data will still be adequately protected as Microsoft is
certified under the USA’s Privacy Shield scheme.
How long do we keep it for?
We will only use and store information for so long as it is required for the purposes it was collected
for. How long information will be stored depends on the information in question and its use. For
example, if you ask us not to send you marketing e-mails, we will stop holding your e-mails for
marketing purposes, although we’ll keep a record of your preference not to be e-mailed.
We continually review what information we hold and delete what is no longer required. We never store
payment card information. We will not retain your data for any longer than necessary, and the longest
time we will hold your data will be six years.
What would we also like to do with it?
We would like to use your name and e-mail address to inform you of our future offers and similar
products. We do not share this information with any third parties, and you can unsubscribe at any time
via phone, e-mail or our website messaging service.
What are your rights?
We want to ensure that you remain in control of your data. Part of this is making sure you understand
your legal rights, which are as follows:
• the right to confirmation as to whether we have your data and, if we do, to obtain a copy of the
personal information we hold (this is known as a data subject access request)
• the right to have your data erased (though this will not apply where it is necessary for us to continue
to use the data for a lawful reason)
• the right to have inaccurate data rectified
• the right to object to your data is being used for marketing or profiling; and
• where technically feasible, you have the right to personal data you have provided to us, which we
process automatically based on your consent or the performance of a contract. This information will be
provided in a standard electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to
respond to your satisfaction, there may be situations where we are unable to do so.
If you wish to raise a complaint about handling your data- in that case, you can contact the Managing
Director via the website messaging service, who will investigate the matter.
Suppose you are not satisfied with our response or believe we are processing your data not in accordance
with the law. In that case, you can complain to the Information Commissioner’s Office, the UK
supervisory authority for data protection issues.
Ryefield Investments Limited