The Magic Storybox is a trading name of The Ampersand Book Co Ltd, registered in England and Wales with registration number 11293691, registered at Kingsway House, 134-140 Church Road, Hove, England, BN3 2DL (“we”, “us” and “our”).
If you would like to get in touch, you can contact us by post to our registered address or by email to email@example.com
We do update this policy from time to time so please do review it regularly.
We take your privacy and data security very seriously. We will ensure that any information obtained from you is treated as private and confidential by us and anyone else involved in delivering our Service.
To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the data we process. Anyone processing personal information in our team or on our behalf must do so in accordance with this policy and on the basis that we are satisfied that they can and will adhere to our high standards for data protection and security.
The transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping any username and password you use for accessing our Site confidential.
PERSONAL INFORMATION WE COLLECT AND WHY
We may collect the following types of information from you, some of which is considered personal information under GDPR. The main reason we do this is because it enables us to deliver our Service to you in a customised way
If you are a subscriber to our Service: we collect personal information such as names, home and business addresses, and email addresses of customers. We collect this information to sign you up to our Service and to deliver your orders to you. We may also use your email, home and business addresses to send you newsletters or other perks which come with being a subscriber to The Magic Storybox (we highly recommend it!). As a subscriber, we will also record your preferences and your transaction information with us. This is important to monitor our business financially, and also enables us to track how long our customers stay with us, and to reward loyalty.
If you are a Subscriber on behalf of a child, we may also request the age and month of birth of the child, to inform automatic upgrades to the most appropriate Service. You can choose to opt out of this if you wish.
For visitors to our site: when you visit our site, we use basic cookies to collect and record information on how you interact with our Site. This helps us understand how it is used, and importantly, how we can develop and improve it with our visitors habits and preferences in mind. You can turn off cookies in your browser settings if you prefer that we don’t collect this information.
More generally, we are entitled to process your personal information where necessary to comply with any legal obligations which we are subject to; to establish or defend any legal claims so as to protect our or your legal rights or the legal rights of other interested parties; to obtain or maintain our own insurance coverage or obtain professional advice; or to otherwise manage commercial, financial or other business risks.
HOW WE COLLECT PERSONAL INFORMATION
We collect information from you when you fill out contact forms or enquiries on our Site or place an order with us. We also us cookies as mentioned above.
We also collect information when you provide it to us by email, in writing, over the phone, in person and other in interactions which you have with us.
INFORMATION WE SHARE
Your privacy is extremely important to us and we never share your personal information except as set out below, and we will always get your consent before doing so unless we have an exceptional overriding reason not to.
As a large part of our Service relies on deliveries, we share your name and delivery address with our warehouse and postage providers in order to ensure your orders arrive promptly and successfully with you.
Sometimes, we may co-run competitions with brand partners where entrants’ personal details may be shared with those brand partners. In those circumstances, we will only share personal information with the brand partner where we have your consent to do so.
We also use certain third party data providers to store personal information (“Data Providers”). Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the Data Providers under GDPR and the law. For your information, here is a list of the Data Providers we use:
Hosting and mail: 1&1, Gmail
Analytics: Google Analytics
Storage: Google Drive
Social Media: Facebook, Pinterest, Instagram, Twitter
Payments: Stripe and Paypal
Please note that exceptionally, we may also disclose your personal information in the following circumstances:
if we want to sell our business, or our company, we can disclose it to the potential buyer.
we can disclose it to other businesses in our group.
we can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.
we can share information with others to protect against fraud, credit risks, or other similar business risks where it is in our or your vital interests to do so.
International Transfers of Data outside the European Economic Area (“EEA”)
The information storage facilities of our Data Providers may be located outside of the EEA, such as in the US. Based on a decision of the European Commission on the adequacy of these countries for the purpose of storing personal information, each of these countries will be protected by appropriate safeguards, such as the use of standard data protection clauses approved or adopted by the European Commission. If you would like to view the privacy policies of our Data Providers, you can do so on their websites.
Whilst we make all reasonable efforts to ensure our Data Providers comply with the standards of the GDPR, unfortunately we cannot control use of such personal information beyond our reasonable control.
RETENTION OF DATA
Personal information that we process for any purpose will not be kept for longer than is necessary for that purpose. Subject to overriding legal requirements, as a minimum we will store and retain your personal information for as long as is required to provide our Service to you.
Whilst it is not possible to specify precisely in advance for how long your personal information will be retained, the period of retention will be determined based on whether or not you remain registered with us, whether you continue to subscribe to our Service and whether or not you exercise your rights to request that we delete your information.
You, as the data subject, may request deletion of your data at any time in writing, subject to any overriding legal requirement for its retention. This can be in writing to us at our above stated address or alternatively you can send an email to firstname.lastname@example.org if you would like to get in touch.
You are entitled to:
request access to, deletion of or correction of your personal information;
request personal information to be transferred to another person or company; and
make a complaint to a supervisory authority.
specify whether you would like to receive direct marketing communications and/or limit the publication of your information to third parties.
You can modify or withdraw your consent at any time by notifying us, although please note this may affect the extent to which we are able to provide our Service to you or interact with you in future whether as a customer or otherwise.
Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.