Privacy Policy
In the context of visits to its Website and Orders placed, the Seller collects personal and confidential information from its customers.
The processing of personal data is justified by various legal bases depending on the purpose for which the data is used.
Applicable legal bases include:
- Contract: the processing of personal data is necessary for the performance of the contract entered into with the customer.
- Consent: the customer has expressly accepted the processing of their personal data (e.g. by ticking a box or clicking to confirm).
- Legitimate interest: the Seller has a legitimate commercial interest in processing data that is justified, proportionate and does not unduly infringe on privacy.
- Legal obligation: the processing of personal data is required by applicable law.
This data collection is carried out with the informed consent of Users, expressed by reading this notice, by voluntarily ticking the relevant confirmation box, and by the voluntary act of placing an order on the Website.
The purposes for which the Seller processes data are as follows: order management and customer relationship management, order payment, personalisation of services and communications sent to the Customer, commercial prospecting by third parties, personalisation of online advertising, Website security, customer knowledge, and Website statistics and performance.
In this context, the Seller ensures that the collection and processing of customer data complies with the following principles:
- Lawfulness, fairness and transparency: data may only be collected and processed with the customer's consent or strictly within the scope of performing the service requested by the customer.
- Purpose limitation: data collection and processing are carried out to fulfil one or more specific objectives defined in this privacy notice.
- Data minimisation: only the data necessary for the proper fulfilment of the Seller's objectives is collected.
- Integrity and confidentiality: the data controller undertakes to guarantee the integrity and confidentiality of all data collected and processed.
Data Controller:
- EcomSphere Labs LLC
- 704 Wallace St, Suite 341, Clovis, NM 88101, United States
- contact@book-nook-store.com
Information Collected
In general, the Seller collects the following information directly from Customers:
first name, last name, address, email address, password, phone number, IP address, connection and browsing data, order history, preferences and interests, products viewed, delivery incidents, and complaints.
In certain cases, the Seller may collect location data.
Mandatory fields are indicated at the time of collection by an asterisk. Some data is collected automatically as a result of the customer's actions on the Website; other information may be provided by partners.
How Data is Collected
The Seller collects information provided by the Customer when:
- Creating a customer account
- Placing an order
- Browsing the Website
- Interacting with customer service
- Viewing advertisements
Storage of Collected Data
Information collected by the Seller is stored on computer systems in digital form.
Personal Data Retention Periods
The Seller retains data only for the period necessary for the purposes for which it was collected, and in compliance with applicable law.
In accordance with the table below:
Processing Purpose |
Legal Basis |
Active Retention Period |
Archiving |
Order management |
Contract |
5 years from last activity |
5 years |
Customer account use |
Contract |
5 years from last activity |
5 years |
Statistical analysis |
Contract |
5 years from last activity |
5 years |
Commercial prospecting (SMS or email) |
Customer consent |
3 years from last activity |
No archiving |
Retention of bank card data following a one-time payment |
Legal obligation / Contract |
18 months |
In accordance with the Fair Credit Billing Act (FCBA) and applicable PCI DSS standards. |
Rights of Access and Control
Depending on your country of residence, you may have the following rights regarding your personal data:
- United States (California residents – CCPA): You have the right to know what personal data is collected about you, the right to request deletion of your data, the right to opt out of the sale of your personal data, and the right not to be discriminated against for exercising these rights.
- United Kingdom (UK GDPR / Data Protection Act 2018): You have the right of access, rectification, erasure, restriction of processing, data portability, and the right to object to processing.
- Australia (Privacy Act 1988 / Australian Privacy Principles): You have the right to access and correct your personal information held by the Seller.
- Canada (PIPEDA and applicable provincial laws): You have the right to access your personal information and to challenge its accuracy and completeness.
- European Union (GDPR 2016/679): You have the rights of access, rectification, erasure, restriction, portability and objection to processing, as well as the right to object to commercial prospecting at any time.
To exercise any of these rights, please contact the data controller in writing at:
EcomSphere Labs LLC
704 Wallace St, Suite 341, Clovis, NM 88101, United States
contact@book-nook-store.com
Depending on your country of residence, you also have the right to lodge a complaint with the relevant data protection authority (e.g. the FTC or State Attorney General for US residents, the ICO for UK residents, the OAIC for Australian residents, or the OPC for Canadian residents).
Information Security
The Seller follows generally accepted standards to protect the information it collects and receives, both during transmission and after receipt.
The Seller maintains appropriate administrative, technical and physical safeguards to protect customers' personal information against accidental or unlawful destruction, accidental loss, unauthorised modification, unauthorised disclosure or access, misuse and any other unlawful form of processing.
These measures include, for example, firewalls, antivirus protection, password protection and other access and authentication controls.
However, no method of transmission or storage is completely secure.
If a customer believes that the security of their personal information has been compromised, they should contact the Seller immediately to report it.
If the Seller becomes aware that customer data has been compromised, it will notify affected customers in accordance with applicable data breach notification laws, including the applicable US state breach notification laws, the UK GDPR, and the Australian Privacy Act 1988.
Disclosure of Information to Third Parties:
Collected data may be shared with service providers (sub-contractors) engaged by the Seller to carry out its services in connection with the purposes described above — for example, for order management, fulfilment, processing, payment, and marketing operations.
For advertising targeting purposes, the Seller may share certain non-identifying data in order to contact the customer and deliver personalised advertisements on social media platforms.
For commercial prospecting by third parties:
- Email and SMS prospecting
Email and SMS data may be shared with partners for electronic commercial prospecting campaigns only if the customer has consented. Consent may be withdrawn at any time and/or the customer may request the list of commercial partners at any time by writing to the Seller at: contact@book-nook-store.com
By subscribing to SMS notifications from Book-Nook-Store, you agree to receive automated marketing SMS messages from us regarding our products and services at the phone number you provided at sign-up, and that messages may be sent using an automatic telephone dialling system or other technology. Message frequency may vary. Consent is not a condition of purchase. Message and data rates may apply. Reply STOP, END, CANCEL, UNSUBSCRIBE or QUIT to opt out and HELP for customer support. You may receive one additional text message confirming your decision to unsubscribe. You understand and agree that attempting to unsubscribe by any means other than sending the opt-out commands listed above is not a valid method of unsubscribing. This SMS programme complies with the Telephone Consumer Protection Act (TCPA).
- Telephone and postal prospecting
Postal and telephone data may be shared with third-party advertisers through partners for postal and telephone prospecting campaigns. Consent may be withdrawn at any time and/or the customer may request the list of commercial partners at any time by writing to the Seller at contact@book-nook-store.com. US residents may also register on the National Do Not Call Registry at https://www.donotcall.gov/ to limit unsolicited telephone contacts.
Data Transfers Outside the United States
The customer is informed that data concerning them may be transferred, for the purposes described above, to companies located in countries outside the United States or outside the European Economic Area, which may offer a lower level of data protection.
Prior to any such transfer, the Seller will take all necessary measures and safeguards to ensure the security of such transfers, in accordance with applicable law (including Standard Contractual Clauses for EU/UK transfers where required).
Personal Data of Minors
The Seller's services are not directed at individuals under the age of 13 (or 16 in the EU/UK where applicable). The Seller does not knowingly collect personal data from minors. In accordance with the Children's Online Privacy Protection Act (COPPA), if the Seller becomes aware that it has inadvertently collected personal data from a child under 13 without verifiable parental consent, it will take steps to delete such information as soon as possible.
It is the responsibility of parents and legal guardians to determine whether their minor child is permitted to use the Seller's services.
Use of Data on Social Media
The customer is informed that browsing-related information may be captured by social media platforms for their own advertising targeting purposes via cookies placed during navigation on the Website.
The legal basis for this processing is the consent given upon acceptance of cookies. Consent may be withdrawn by adjusting browser or device settings at any time.
The Customer is invited to consult the Website's Cookie Policy as well as the data protection policies of the Website's social media partners in order to understand precisely what information is collected by these third parties.