ILLUMICRATE

PRIVACY POLICY

Hello, welcome to the Illumicrate Privacy Policy. At Illumicrate, we are committed to keeping your personal information safe and secure, and handling it in accordance with our legal obligations. This Privacy Policy sets out in detail the purposes for which we process your personal information, what rights you have in relation to that information, who we share it with and everything else we think is important for you to be aware of.

Please make sure you check it carefully and if you don’t agree with it, then (although we hate to turn you away) you shouldn’t use our Website or purchase our Products. This is because by accessing our Website and purchasing our Products, you confirm that you accept the way in which we process your personal information. This Privacy Policy forms part of our Terms, and capitalised words and phrases in it have the same meaning as those in our Terms.

If you have any concerns, please feel free to contact us at [email protected]

About Illumicrate

We are Illumicrate Limited, trading as Illumicrate, a company incorporated and registered in England and Wales with company number 11214815. Our normal place of business is at Mercury House, 19-21 Chapel Street, Marlow, Buckinghamshire, SL7 3HN (referred to as Illumicrate, we, our and us). We are the data controller for the purposes of the personal information processed in accordance with this Privacy Policy.

Contents of this Privacy Policy:

  1. About this Privacy Policy
  2. The personal information we collect, how we collect it, and why
  3. Our legal basis for processing personal information
  4. When do we share your personal information?
  5. Communications
  6. How long do we store your personal information?
  7. Security of your personal information
  8. Links
  9. Your rights and choices
  10. Contacting us
  11. Cookies

 

  1. About this Privacy Policy

This Privacy Policy applies to the personal information we collect about you through our Website, by telephone, by post, through our social media platforms, from third parties and when you otherwise communicate with us.

This Privacy Policy may change from time to time and, if it does, the up-to-date version will always be available on our Website. We will also tell you about any important changes to our Privacy Policy.

  1. The personal information we collect, how we collect it, and why

Personal information means any information about an individual from which that individual can be identified. The following shows information we process about you, and the purpose for which we process that information. There may be more than one reason for which we collect such information and we have only listed the main reasons. If you would like further information, please contact us via [email protected].

We have also included the legal basis on which we rely on to legitimately process your personal information, see section 3 for more information.

Information The main reasons we collect it Legal basis for processing
Information you provide to us (e.g. on contact forms, when purchasing Products):

Each one of the following types of information is always stored privately against your account, so that only you and us can see it.

Name Your name enables us to communicate personally with you and to address deliveries to you. Performance of a contract with you.
Address We need your address so that we can know your location and send our Products to you. You can choose the best address for this. Performance of a contract with you.
Phone number We may use your phone number to contact you about deliveries, or use for SMS or telephone marketing with your permission. Performance of a contract with you. Necessary for our legitimate interests (to stay in touch with our customers).
Email address We require your email address to register an account with us, and to send you email confirmations for it, along with other communications (e.g. relating to account security, account updates, product updates and marketing messages). Performance of a contract with you. Necessary for our legitimate interests (to stay in touch with our customers).
Username A username enables you to be uniquely identified within our business, and enables you to securely log in to your Illumicrate customer account. Performance of a contract with you.
Password Your password enables you to keep your Illumicrate customer account secure. Performance of a contract with you.
Date of birth We collect this to confirm that you are old enough to purchase our Products and consent to the processing of your personal information. Performance of a contract with you.

 

Your preferences for receiving communications and notifications We store your preferences so we know exactly how to communicate with you (e.g. for marketing or sending service communications), and in some cases, how not to communicate with you. Consent; and

Necessary for our legitimate interests (to ensure that we are not at risk of breaching data protection laws by communicating with you where you have asked us not to).

Feedback and suggestions When you provide us with feedback and suggestions, we’ll record these against your customer account and bear them in mind for future updates. Necessary for our legitimate interests (to act on customer feedback to inform and improve our Products and strategy).
Information we collect automatically  
Your purchase history

 

When you purchase a Product, we keep a record of what you have purchased and when. This enables us to fully understand our customers’ individual preferences, and more generally, what they like and what they don’t. The information will also help us to understand when to promote certain Products and when not to, and how to build improvements into our offerings. Necessary for our legitimate interests (to define types of customers, to keep the Products updated and relevant, to study how customers use our services, to develop our business and inform our marketing strategy).
Payments information (e.g. records of transactions) We record payment and transaction data to keep financial and security records for our business and to comply with our legal obligations to retain financial and transaction information.

 

We may also keep a record of where payments have been successful or have failed against a customer’s details in our systems.

Performance of a contract with you. Necessary for our legitimate interests (to recover debts due to us, to pay refunds owed to you and to prevent us facilitating fraud).
Records of competitions and prizes Whenever we hold competitions and/or give away rewards or prizes, we keep an internal record of how they have been distributed. We collect data around competitions, how customers interact with them, and we use that data to improve the way we hold competitions and give away rewards or prizes in future. Necessary for our legitimate interests (to study how customers use or wish to use our services, to develop them, to grow our business and to inform our marketing strategy).

 

We may also use all of the above information to establish, exercise and defend our legal rights. The lawful bases on which we rely upon to do such are where it is necessary for compliance with a legal obligation and where it is in our legitimate interest to establish, exercise or defend our legal rights.

In respect of all the above information, our overarching purpose is to enable us to generate secure, engaged community of book lovers everywhere. We want all of our customers’ information to be secure, but also visible to us so that we can provide them personalised customer service and a customised member experience. For any questions or queries, please feel free to get in touch via [email protected].

  1. Our legal basis for processing personal information

We only ever use your information in line with applicable data protection laws – in particular, the EU General Data Protection Regulation (GDPR). In short, this means we only use it where we have a legal basis to do so. Under GDPR, these are the general legal bases for which we process your personal information, as detailed in the table above:

  • Consent – you have given us consent to process your personal information for a specific purpose that we have told you about.
  • Performance of our contract – processing your personal information is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
  • Legitimate interests – processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests (including where processing is required to comply with or enforce a legal obligation).

 

  1. When do we share your personal information?

We may disclose your information for certain purposes and to third parties, as described below:

  • Companies in the Illumicrate group: we share your information within the Illumicrate group of companies (being companies owned wholly or partly by Illumicrate, or other companies with substantially the same shareholder(s) as Illumicrate) as required for: providing you with access to our services according to our agreement, data storage and processing, providing customer support, making internal choices around business improvements, and for the other purposes set out in this Privacy Policy.
  • Third Party Providers: We use certain companies, agents or contractors (Third Party Providers) to perform services on our behalf or to help deliver our services to you. In particular we use a shipping company for deliveries and a packing company for labelling and we provide them with the required details to fulfil those purposes. We also contract Third Party Providers, for example for: infrastructure and IT services; marketing communications; to process credit card transactions or other payment methods; online shopping software; and to analyse and action data. In the course of providing such services, these Third Party Providers may have access to your personal information. We do not authorise them to use or disclose your personal information except in connection with providing their services to us.
  • Promotions with our partners: We may offer joint promotions, schemes or incentives with our selected partners that, in order for you to participate, will require us to share your information with the relevant partner. In fulfilling these types of promotions, we may share your name and other information in connection with fulfilling the relevant incentive. Please note that our partners are responsible for their own privacy and data protection methods and if applicable you should refer to their relevant privacy policy.
  • To protect legitimate interests: There are certain circumstances where Illumicrate and our Third Party Providers may disclose and/or make use of your information where a disclosure would be necessary to: (a) satisfy any applicable law, regulation, legal process, or other legal or governmental request or requirement, (b) enforce applicable terms of use, including investigation of any actual or alleged breaches, (c) detect, prevent, or otherwise address illegal or suspected illegal activities (including payment fraud), security or technical issues, or (d) protect against harm to the rights, property or safety of Illumicrate, its members or the public, as required or permitted by law.
  • Transfers of our business: In connection with any corporate reorganisation, restructuring, merger or sale, or other transfer of assets, we will transfer information, including personal information, provided that the receiving party agrees to comply with our requirements as set out in this Privacy Policy relating to your personal information.

 

  1. Communications

This section is to explain how we will ensure that you only receive communications that you wish to receive.

Marketing communications:

We want to ensure that you are informed and aware of the best services and promotions that we can offer you. By consenting to receive additional communications (by mail, telephone, text/picture/video message or email) from us and any named third parties that feature at the point of obtaining consent in respect of such information, we will process your personal information in accordance with this Privacy Policy.

If you do opt in to receive communications, then you can click to unsubscribe at any time by following the relevant link in those communications. If you choose not to receive this information we will be unable to keep you informed of new Products and promotions and other services we way offer.

Whatever you choose, you’ll still receive other important information, for example delivery updates and Product purchase confirmations.

Service communications:

As detailed in section 2, we may send you communications such as those which relate to any Product or service updates or provide customer satisfaction surveys. We consider that we can lawfully send these communications to you as we have a legitimate interest to do so, namely to effectively provide you with the best service we can and to grow our business.

  1. How long do we store your personal information?

We keep your personal information for only as long as is necessary to provide you with our service and for our legitimate and necessary business purposes. Such purposes might include maintaining the high standards of service which we strive to uphold, making decisions on how progress our offering, complying with applicable legal obligations, and resolving any disputes which arise in the course of our business.

In accordance with this Privacy Policy, you have the right to request that we delete your personal information, except where we are legally permitted or required to maintain certain personal information. For example:

  • We are legally required to retain financial and transaction data for a minimum period of 7 years for tax, audit and accounting purposes. This includes keeping a record of the amount of each transaction, what it related to, and who we transacted with.
  • If there is an unresolved issue relating to your account, for example relating to outstanding credit or an unresolved dispute, then we will retain your personal information until the issue is resolved.
  • There may be other situations where we have legitimate business interests to retain personal information, such as to prevent fraud or protect security of our other members.

Any Third Party Providers that we engage will keep your personal information stored on their systems for as long as is necessary to provide the relevant services to you or us. If we end our relationship with any Third Party Providers, we will make sure that they securely delete or return your personal information to us.

  1. Security of your personal information

At Illumicrate, we have physical, electronic and managerial procedures in place to protect and secure the information we collect. We are committed to protecting personal information from loss, misuse, disclosure, alteration, unauthorised access and destruction and we take all reasonable precautions to safeguard the confidentiality of personal information.

Unfortunately, the transmission of your personal information via the internet is not completely secure and although we do our best to protect your personal information, we cannot guarantee the security of your information transmitted to us over the internet and you acknowledge that any transmission is at your own risk.

The information that we collect from you may be transferred to, and stored at, a destination outside of the European Economic Area (EEA). When we transfer and store your personal information outside of the EEA we will take steps to ensure that the information is transferred in accordance with this Privacy Policy and applicable data protection laws. In particular, we will ensure that appropriate contractual, technical, and organisational measures are in place with any parties outside the EEA such as the Standard Contractual Clauses approved by the EU Commission.

  1. Links

Our Website may, from time to time, contain links to websites operated by third parties. This Privacy Policy only applies to the personal information that we collect from you and we cannot be responsible for personal information collected and stored by third parties. If you click on a link, please understand that the relevant third party websites have their own terms and conditions and privacy policies, and we do not accept any responsibility for the content of those third party websites or third party terms and conditions or policies. Please check these policies before you submit any personal information to these websites.

  1. Your rights and choices

Under the GDPR, as a user of our Website or purchaser of our Products, you are entitled to certain rights. There are circumstances in which your rights may not apply. You have the right to request that we:

  • provide you with a copy of the information we hold about you;
  • update any of your personal information if it is inaccurate or out of date;
  • delete the personal information we hold about you – if we are providing services to you and you ask us to delete personal information we hold about you then we may be unable to continue providing those services to you;
  • restrict the way in which we process your personal information;
  • stop processing your data if you have valid objections to such processing; and
  • transfer your personal information to a third party.

For more information on your rights and how to use them, or if you would like to make any of the requests set out above, please contact us via [email protected].

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Please note that we reserve the right to charge a fee for responding to requests where we reasonably determine that they are manifestly unfounded or onerous or being made in bad faith.

  1. Contacting us

If you have any questions or concerns about how we handle your personal information, please contact at [email protected].

If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal information and privacy.

  1. Cookies

We may use cookies on our Website which help us monitor use of the Website, and in turn improve it based on how our users interact with it. You can choose to accept or turn off cookies within your browser settings.