PRIVACY POLICY

1. Who is the Data Controller?

The data controller for your personal information is Anne Glee, operating under the pen name Christine Cazaly. As the data controller, I determine the purpose and means of processing your personal data.

For any questions or concerns regarding this policy or your data, you can contact me at:

• Email: Christine@christinecazaly.com

2. How We Use Your Data

We use your data for the following purposes:

• Order Fulfillment: To process and deliver your order, including digital and physical products.
• Communication: To send order confirmations, shipping updates, or respond to inquiries.
• Marketing (Optional): To send newsletters or promotional offers, only if you have opted in.
• Compliance: To meet legal obligations, including financial reporting and tax requirements.

3. Third-Party Service Providers

We share your data with the following trusted third-party providers for specific purposes:

• Stripe: For secure credit and debit card payment processing. (Stripe Privacy Policy)
• PayPal: For secure online payment processing. (PayPal Privacy Policy)
• Payhip: For storefront management and order handling. (Payhip Privacy Policy)
• BookFunnel: For delivery of digital products such as eBooks. (BookFunnel Privacy Policy)
• MailerLite: For email marketing and customer communication. (MailerLite Privacy Policy)
• BookVault: For print-on-demand services, including printing and shipping physical books. (BookVault Privacy Policy)

Each of these providers complies with applicable data protection regulations and only processes data to fulfill specific services on our behalf.

4. How Payments Are Processed

• Secure Transactions: Payments are securely processed via Stripe and PayPal, which comply with GDPR and industry standards for encryption and fraud prevention.
• Data Sharing: We share only the necessary data required for payment processing (e.g., order amount, name, and email).

5. GDPR Compliance

This Privacy Policy is designed to comply with the following principles of the UK GDPR and EU GDPR:

• Article 5: Data is processed lawfully, transparently, and for legitimate purposes.
• Article 6: Processing is based on lawful grounds, such as contract performance or consent.
• Article 13: Transparency in how data is collected and used.
• Article 15: Right of access—allowing individuals to access the data we hold about them.
• Article 17: Right to erasure (the "right to be forgotten").
• Article 32: Implementation of appropriate technical and organizational measures to ensure data security.

6. Data Retention

We retain your data for as long as necessary to:

• Fulfill your orders.
• Comply with legal and tax obligations.
• Provide customer support.

After these purposes are fulfilled, your data will be securely deleted or anonymized.

7. Your Data Rights

Under the UK GDPR and EU GDPR, you have the following rights:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request the deletion of your personal data.
• Restriction: Restrict processing of your data under certain circumstances.
• Data Portability: Receive your data in a portable format.
• Objection: Object to data processing based on legitimate interests or direct marketing.
• Withdraw Consent: Withdraw consent at any time for data processing that relies on consent.

To exercise these rights, contact us at [your email address].

8. Data Security

We implement robust technical and organizational measures to protect your personal data, including:

• Encryption of sensitive data during transmission.
• Secure access controls to limit data access to authorized personnel only.

Our third-party providers (e.g., Payhip, Stripe, PayPal, BookVault) also adhere to stringent security standards.

9. Contact Information

For questions or concerns about this Privacy Policy or to exercise your data rights, please contact us at: christine@christinecazaly.com.

10. Policy Updates

This Privacy Policy is effective as of 24th November 2024 and may be updated periodically to reflect changes in our practices or legal requirements. Any updates will be posted here, and where appropriate, notified to you.