We Take Your Data Protection Seriously!
We process your personal data and have therefore adopted this privacy protection policy that tells you how we process your data. To protect your personal data in the best way possible, we regularly assess the extent of the risk that our data processing may negatively impact your basic rights. We are particularly aware of the risk of potential discrimination, ID theft or the risk of financial loss, reputational damage or loss of data secrecy. In these events, the decisions we must make are dependent on our ability to process sensitive personal data, biometric data or information on criminal offences concerning you.
We conduct an analysis of the consequences of the data processing for your privacy protection. This consequence analysis is performed before we begin processing your personal data.
My Best Book ApS is a data controller and we ensure that your personal data is handled in compliance with the law.
My Best Book ApS is a data controller and we ensure that your personal data is handled in compliance with the law.
Contact: My Best Book ApS
Address: Skejby Nordlandsvej 311, 8200 Aarhus N
We Ensure Fair and Transparent Data Processing
When we ask you to provide us with your personal data, we will inform you of which data we are processing and for what purpose. You will be informed at the time of collection of your personal data. We do not collect information about you from other sources.
Handling of Personal Data
We Use This Type of Data About You
We use data about you to improve our service and ensure the quality of our products and services, as well as in our contact with you.
The data we use includes:
- Common personal data - Used to deliver your order.
Sensitive data - Used to personalise the products.
Data on interests and habits - Used to show relevant and interesting content.
Traffic data on Internet use - Used to learn from our visitors and how they use our website.
Transaction data - Used to process your order.
Unique IP numbers on network devices - Used to prevent and combat abuse and illegal behaviour.
We do not aggregate data.
We Collect and Store Your Data for a Specific Purpose
We collect and store your data for specific purposes or other legitimate business purposes.
This happens when we need to:
Process your purchase and deliver our service.
Fulfil your request for products or services. Improve our products and services.
Manage your relationship with us.
Compliance with legal requirements.
We may need to use your personal data for a purpose other than that for which it was collected. Unless you have consented to such new use, we will examine whether the original purpose of collecting your data is compatible with the new purpose. For example, we assess the sources your data originated from and whether it is common or sensitive information we need to use. We also assess whether the use of your data for the new purpose will have negative consequences for your freedom of action.
We Only Process Relevant Personal Data
We only process data about you that are relevant and sufficient for the purposes defined above. The purpose determines what type of data about you is relevant to us. The same applies to the scope of the personal data we use. For example, we do not use more data than we need for the specific purpose.
Before we process your personal data, we will investigate whether it is possible for us to minimise the amount of data about you. We also check whether some of the data types we use can be used in anonymized or pseudonymized form. We can do this if it does not adversely affect our obligations or the service we offer you.
We Only Process Necessary Personal Data
We only collect, process and store the personal data necessary to fulfil our intended purpose. In addition, legislation may determine what type of data is required to collect and store for our business operations. The type and scope of the personal data we process may also be necessary to fulfil a contract or other legal obligation. We want to be sure that we only process personal data that is necessary for each of our specific purposes. Therefore, it is embedded in our IT systems that only the amount of data required is collected. It is also automatically ensured that the scope of the use is not unnecessarily broad and that the storage time is not too long. To protect you from unauthorised access to your personal data, we also use solutions that automatically ensure that data is only available to relevant employees. There is also embedded protection against the ability of an unlimited number of people to access data.
We Check and Update Your Personal Data
We verify that the personal data we process about you is not inaccurate or misleading. We also make sure to update your personal data on an ongoing basis. As our service is dependent on your data being correct and up-to-date, we ask you to provide us with relevant changes to your data. You can use the contact information above to notify us of your changes.
To ensure the quality of your data, we have adopted internal rules and established procedures for checking and updating your personal data. We will delete your personal data when it is no longer required We will delete your personal data when it is no longer required for the purpose for which we collected, processed, and stored your data.
We will Delete your Personal Data, When it is no Longer Required
We will delete your personal data when it is no longer required for the purpose for which we collected, processed and stored your data.
We will Obtain your Consent Before Processing your Personal Data
We will obtain your consent before processing your personal data for the purposes described above, unless we have a legal basis for obtaining it. We will inform you of any such basis and of our legitimate interest in processing your personal data. Your consent is voluntary and you can withdraw it at any time by contacting us.
Please use the contact information above for further information. If we wish to use your personal data for a purpose other than the original purpose, we will inform you of the new purpose and ask for your consent before we begin using the data. If we have a different legal basis for the new use, we will inform you of this.
We will not Disclose your Personal Data Without your Consent
If we share your personal data with partners and players, including for use in marketing, we will obtain your consent and inform you about what your data will be used for. You may at any time object to this type of disclosure, and you may also opt out of communications for marketing purposes in the CPR Register. We will not obtain your consent if we are legally obliged to disclose your personal data, for example as part of reporting to an authority.
We will obtain your consent before we share your personal data with third-party partners. If we pass on your personal data to third country partners, we are sure that their level of personal data protection is appropriate to the requirements we have set in this policy, according to applicable law. Among other things, we make demands regarding the use of data, data security and fulfilment of the rights you have in relation to, e.g. opposing profiling and filing complaints with the Information Commissioner's Office.
We Protect your Personal Data and have Internal Data Security Rules
We protect your personal data and have internal data security rules We have adopted internal data security rules, which contain instructions and measures to protect your personal data from being destroyed, lost or altered, from unauthorised disclosure, and from unauthorised access or access by unauthorised persons. We have established procedures for assigning access rights to our employees who process sensitive personal data and data that reveals information about personal interests and habits. We check their actual access through logging and monitoring. To avoid data loss, we continuously take backups of our data sets. We also protect the confidentiality and authenticity of your data by using encryption.
In the event of a security breach that results in a high risk to you of discrimination, identity theft, financial loss, loss of reputation or other significant inconvenience, we will notify you of the security breach as soon as possible and notify the police.
We exchange data with the following data processors to deliver our product to you.
- Amazon Web Services, Inc.
Here we store and process data on servers that we have rented from Amazon Web services in the EU. All communication over the Internet takes place via an encrypted connection with SHA-256 via RSA encryption. This is the same encryption used by, for example, Internet banks. Data is stored encrypted on disk via AES-256 and can only be decrypted by My Best Book. Amazon Web Services has no access at any time to read your data.
- Google Ireland Limited
To understand the use of our website, we use Google Analytics to measure aspects of the use of the website. All data is anonymised and will in no way be traceable back to individual site visitors. All communications are encrypted. You can opt out of this measurement here: Google Analytics Opt-out.
To remind you of purchases that you haven't completed, we'll store a unique ID that only Facebook knows and can use to show you ads that remind you to make sure you complete the purchase.
If you allow us to send you newsletters, we will keep your email address and first name with Mautic, which we use to send newsletters. All communication is encrypted.
If you allow us to send a follow-up via Trustpilot, we will give Trustpilot your email address and order number. All communications are encrypted.
If you pay via PayPal, debit card or payment app, your order number and the amount will be sent to QuickPay, which handles further payment processing with PayPal, payment app, Visa or MasterCard. All communications are encrypted.
- We have data processing agreements with all our data processors dictating how they should handle our data and yours. If we do not feel that a given partner is doing enough to process data with respect for privacy, we will end the collaboration immediately and have it remove all data.
Cookies, Purpose and Relevance
What are Cookies?
You can read more about them here: Wikipedia: Cookie
The website uses tracking applications from Google Analytics, Google AdWords, Microsoft Bing Ads and Facebook, which also set cookies and can store and access saved data about you and share it with us and display targeted content on social media such as Google and Facebook. As part of marketing, social media content may be used, such as embedded content from Google and Facebook. If you interact with this social media content, your behaviour will be tracked by third parties and the social media may attach this data to your social media profile. Such use by social media is outside our control and is solely a matter between you and the social media.
Opt-out of Cookies
If you do not want us to collect and store data about you, you can turn off cookies in the settings for your Internet browser. The way you do this depends on the Internet browser you are using.
You have the Right to Access your Personal Data
You have the right to access your personal data You have the right to know at any time what data we are processing about you, where it originated, and what we use it for. You can also find out how long we keep your personal data and who receives data about you, to the extent that we share data in the UK and abroad. If you so request, we can provide you with the data we process about you. However, access may be restricted in the interests of the privacy, business secrets and intellectual property rights of other persons. You can get the information sent here: Request my data.
You have the Right to have Inaccurate Personal Data Corrected
If you believe that the personal data we are processing about you is inaccurate, you have the right to have it corrected. You should contact us and tell us what the inaccuracies are and how they can be corrected. When you request a correction of your personal data, we will check that the conditions are met and, if so, make the changes as soon as possible.
You have the Right to have your Personal Data Deleted/Anonymised
You have the right to have your personal data deleted and anonymised at any time to the extent permitted by law. Request deletion/anonymization of your personal data. Please note that the Act requires us to keep some data for up to 5 years. This includes invoices.
You have the Right to Object to our Processing of your Personal Data
You have the right to object to our processing of your personal data. You may also object to our disclosure of your data for marketing purposes. You can use the contact information at the top of the page to submit an objection. If your objection is justified, we will ensure that processing your personal data ceases. You have the right to receive the personal data you have provided to us and the data we have obtained about you from other sources based on your consent. If we process data about you as part of a contract to which you are a party, you may also receive your data. You also have the right to transfer this personal data to another service provider. If you wish to use your right to data portability, you will receive your personal data from us in a commonly used format. If you wish to access your data, have it corrected or deleted, or object to our data processing, we will investigate whether it is possible and respond to your inquiry as soon as possible and no later than one month after receiving your inquiry.
If you believe that we are not fulfilling our obligations, please contact our data controller at firstname.lastname@example.org.