We are PANOMA PRESS LIMITED with registered number 05639586 and address 48 St. Vincent Drive AL1 5SJ. Our Data Protection Lead can be contacted at [email protected]. We have produced this privacy notice in order to keep you informed of how we handle your personal data. All handling of your personal data is done in compliance with the General Data Protection Regulation (EU) 2016/679 (“Data Protection Legislation”). The terms “Personal Data”, “Special Categories of Personal Data”, “Personal Data Breach”, “Data Protection Officer”, “Data Controller”, “Data Processor”, “Data Subject” and “process” (in the context of usage of Personal Data) shall have the meanings given to them in the Data Protection Legislation. “Data Protection Lead” is the title given to the member of staff leading our data protection compliance programme in lieu of a requirement for a Data Protection Officer.

 

What are your rights?

When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:

• The right to be informed of how your Personal Data is used (through this notice);
• The right to access any personal data held about you;
• The right to withdraw consent at any time, by opting-out using the link provided in every communication, or by contacting our Data Protection Lead;
• The right to rectify any inaccurate or incomplete personal data held about you;
• The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy;
• The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
• The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.
• You can exercise your right to access personal data held about you by emailing [email protected] with the subject line: “Subject Access Request”. When you submit a ‘subject access request’, you will need to provide confirmation of your identity by contacting us using the email address associated with your profile or attaching a photocopy of your driver’s license or passport. This is provided free of charge and our response will be made within thirty (30) days unless our Data Protection Lead deems your request as being excessive or unfounded. If this is thewhether you would like to pursue your request. If you believe we have made a mistake in evaluating your request, please see the section ‘Who can you complain to?’.

If you have questions about any of the rights mentioned in this section, please contact our Data Protection Lead at [email protected].

 

Who is the Data Controller?

• If we have collected your personal data directly from you for our own purposes, we are the Data Controller.
• If we have purchased your personal data from a third-party for our own purposes, we are the Data Controller. Where we have purchased your personal data, we will contact you to let you know before we first start to use it, or, at the latest, within one month of acquiring it.
• If we have been passed your personal data from a third-party for a joint purpose that we both influence, we are the joint Data Controller. We will contact you to let you know before we first start to use your data, or, at the latest, within one month of acquiring it.
• If we have received your personal data as part of a direct administrative relationship between our business and yours, the Data Controller is your employer for that purpose.

What are the lawful bases for processing personal data?

Under Data Protection Legislation, there must be a ‘lawful basis’ for the use of personal data. The lawful bases are outlined in Article 6, Section 1 of the GDPR. They are sub-sections:
a) ‘your consent’;
b) ‘performance of a contract’;
c) ‘compliance with a legal obligation’;
d) ‘protection of your, or another’s vital interests’;
e) ‘public interest/official authority’; and
f) ‘our legitimate interests’.

 

What are PANOMA PRESS LIMITED’s ‘legitimate interests’?

Legitimate interests are a flexible basis upon which the law permits the processing of an individual’s personal data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by our Data Protection Lead. You are able to object to our processing and we shall consider the extent to which this affects whether we have a legitimate interest. If you would like to find out more about our legitimate interests, please contact [email protected].

 

About our processing of your data

We might collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
Identity Data such as names, usernames or similar; marital status; title; date of birth; sex and gender.
Contact Data such as addresses; email addresses and telephone numbers.
Financial Data such as bank account and payment card information.
Transaction Data such as information about payments and details of purchases you have made.
Technical Data such as IP addresses; login data; browser info; time zone; location; browser plug-ins; operating systems; platforms and other technology on the device used to access this website.
Profile Data such as usernames; passwords; security answers; purchases/orders; interests; preferences; feedback and responses to surveys, blogs and messages.
Usage Data such as analytics relating to how you use the website.
Marketing and Communications Data such as your preferences about receiving communications from us or third parties.
Special Categories of Data such as details about race or ethnic origins, religious or philosophical beliefs, sex life, sexual orientation, political
opinions, trade union membership, information about your health, genetic or biometric data.

We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data can be derived from your Personal Data but is not itself Personal Data as it cannot be used to reveal your identity. If Aggregated Data is ever used in combination with your Personal Data and becomes identifiable, it will be treated in accordance with this notice.

 

Reference	What categories of information about you do we process?	Why are we processing your data?	Where did we get your personal data from?
Royalties	· Identity Data · Contact Data · Financial Data · Transaction Data	In order to make royalty payments to authors. This processing is conducted lawfully on the basis of ‘performance of a contract’.	Directly obtained.
Author Services	· Identity Data · Contact Data	Working with authors to manage our respective obligations under the agreement that exists between us and provide our services. This processing is conducted lawfully on the basis of ‘performance of a contract’.	Directly obtained.
Author Marketing	· Identity Data · Contact Data · Marketing and Communications Data	Sending direct marketing information to authors we have worked with to make them aware of new services and products that we can offer them. This processing is conducted lawfully on the basis of ‘our legitimate interests’.	Directly obtained.
Referral Payments	· Identity Data · Contact Data · Transaction Data	We pay referral fees to authors who recommend our services and we subsequently go on to work with the referred party. This processing is conducted lawfully on the basis of ‘performance of a contract’.	Directly obtained.
Marketing Sign-ups	· Identity Data · Contact Data · Marketing and Communications Data	We send direct marketing information to people who sign-up to our mailing lists at events and on our website. This processing is conducted lawfully on the basis of ‘your consent’.	Directly obtained.
Promotional Activity	· Identity Data · Profile Data	As part of our service, we promote author work to encourage greater sales. This can include through the production of marketing material related to the author and their work, as well as posting information on our website or using social media. This processing is conducted lawfully on the basis of ‘performance of a contract’.	Directly obtained.
Order Fulfilment	· Identity Data · Contact Data · Transaction Data	We pass author details onto our third-party suppliers who manage fulfilment of book orders. This processing is conducted lawfully on the basis of ‘performance of a contract’.	Directly obtained.
Outsourced Services	· Identity Data · Contact Data · Transaction Data	We pass author details to our outsourced suppliers of services, such as PR services, as agreed with each author. This processing is conducted lawfully on the basis of ‘performance of a contract’.	Directly obtained.
Web Contact	· Identity Data · Contact Data	We respond to contact from authors and others that is submitted through our website, either in written form, or by arranging an appointment to speak. This processing is conducted lawfully on the basis of ‘our legitimate interests’.	Directly obtained.
Store Purchases	· Identity Data · Contact Data · Transaction Data · Financial Data	In order to take payments for purchases and fulfil any orders so that you receive your goods. This processing is conducted lawfully on the basis of ‘performance of a contract’.	Directly obtained.

 

What happens if I refuse to give PANOMA PRESS LIMITED my personal data?

If your personal data is used for Royalties, Author Services, Referral Payments, Store Purchases, Order Fulfilment or Outsourced Services, your personal information has been collected as part of a statutory obligation arising under s388(4)(a) C.A. 2006, Paragraph 6, Schedule 11, VAT Act 1994 and HMRC Notice 700/21 (October 2013). Failure to process your data could result in Our inability to enter into a contract with you or make the payments required, or possibly legal/regulatory action being brought against PANOMA PRESS LIMITED. The information about you that we have collected for the performance of our contracts is required in order for us to successfully fulfil our obligations to you. If you choose not to provide the personal data requested, we will not be able to enter into a contract with you to provide the services we offer. If we are already processing your personal information under a contract, you must end our contractual relationship (as/where permitted) in order to exercise some of your rights.

 

What profiling or automated decision making does PANOMA PRESS LIMITED perform?

PANOMA PRESS LIMITED does not perform any profiling or automated decision making based on your personal data.

How long will your personal data be kept?

PANOMA PRESS LIMITED holds different categories of personal data for different periods of time. Wherever possible, we will endeavour to minimise the amount of personal data that we hold and the length of time for which it is held.

• If ‘consent’ is the basis for our lawful processing of your data, we will retain your data so long as both the purpose for which it was collected, and your consent, are still valid. We review the status of your consent every two (2) years and treat non-response to our requests for renewal of consent as if they were your request to withdraw consent. Occasionally, we might identify a legitimate interest in retaining some of your personal data that has been obtained by consent. If we do, we will inform you that we intend to retain it under these conditions and identify the interest specifically.
• If we process your data on the basis of ‘legitimate interests’, we will retain your data for as long as the purpose for which it is processed remains active. We review the status of our legitimate interests every twelve (12) months and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.
• All categories of personal data that are held by us because they are essential for the performance of a contract, will be held for a period of six years, as determined by reference to the Limitations Act 1980, for the purposes of exercising or defending legal claims.

Who else will receive your personal data?

PANOMA PRESS LIMITED passes your data to the third parties listed in the section ‘Third Party Interests’ below.

 

Does your data leave the EU?

Yes. Details are included in the section ‘Third Party Interests’ below.

 

Third Party Interests
Our Data Processors

Name or Category of Third Party Processor	Purposes for carrying out processing	If applicable – where does data leaving the EEA go and what safeguards are in place?
Marketing Freelancers	Administering our marketing mailing lists	USA – ‘Model Clauses’ agreement
Invoicing Freelancers	Administering invoicing	USA – ‘Model Clauses’ agreement
Accountancy Freelancers	Accountancy and bookkeeping services
Public Relations Freelancers	Providing PR services	USA – ‘Model Clauses’ agreement
InfusionSoft	Marketing database provider	USA – ‘Model Clauses’ agreement
vCita	Call scheduling services	USA – Privacy Shield Certified
BooksoniX	Royalty processing and metadata services
Highrise	Customer Relationship Management software service	USA – Privacy Shield Certified
Dropbox	Cloud file management services	USA – EU Standard Contractual Clauses/ Privacy Shield
Cobweb	Hosted exchange email service
Xero	Cloud accountancy software	USA – ‘Model Clauses’ agreement
AdobeSign	Cloud contract software	USA – Privacy Shield Certified

 

Who can you complain to?
In addition to sending us your complaints directly to [email protected], you can send complaints to our supervisory authority. As PANOMA PRESS LIMITED predominantly handles the personal data of UK nationals, our supervisory authority is the Information Commissioner’s Office. If you believe that we have failed in our compliance with data protection legislation, complaints to this authority can be made by visiting https://ico.org.uk/concerns/.