PRIVACY POLICY

1. Scope

The Review Group, SL (of which SPR is a subsidiary) undertakes to protect the privacy of its customers and users accessing this website, whose home page is located at https://www.selfpublishingreview.com (the “Website”). The contents of the Website are owned, operated, licensed, or controlled by SPR or by any of its subsidiaries.

From May 25, 2018, as a company based in the EU, and with clients from the EU, it is our responsibility to give you a choice about the data we hold about you as a client. This is called The General Data Protection Regulation (GDPR). The ultimate aim of the regulation is to give individuals more rights over their data and restrict how companies process private information. We comply with this regulation’s Small Business guidelines. We have chosen to adhere to the GDPR for all countries, as good practice.

Users can browse and use the Website without having to provide any detailed personal data. The only personal data that SPR will have access to is:

  • IP address of the user who browses the website, for firewall security purpose, collected by a cookie.
  • Information that users provide voluntarily through the forms provided, or by contacting SPR by e-mail, or purchasing, or negotiating to purchase a product on the Website.

2. Cookies

The Website uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymized tracking data to third-party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.

This document sets out our policy on enforcement and use of personal data collected through our Website. The use of the Website implies acceptance by the user of the provisions of this Privacy Policy and that personal data are processed as stated herein. Please note that although there may be links on our Website to other websites, this Privacy Policy applies only to the Website, and not to websites of other companies or organizations to which the Website is redirected. SPR does not control or endorse the content of third-party websites nor accept any liability for the content or the privacy policies of such websites.

We serve a small popup window at the bottom of the first page browsed to accept the use of cookies. User consent adds a cookie that maintains the loading of third-party scripts, outlined in 5.1 Plugins below.

3. Data Controller

According to current regulations, the user is informed that the personal data collected through this Website will become part of a file owned by SPR, based in Spain, unless otherwise indicated on the Website.

  • The Website uses PayPal to process payments. You can read their privacy policy here.
  • The Website uses Mailjet to store email addresses and process newsletters sent by electronic mail. We implement the use of an Unsubscribe link on each email we send, which will delete your email and name from the Mailjet list. You can read the Mailjet privacy policy here.

4. Purposes

Personal data collected on this Website will be used to:

  • respond to the requests and information demands of the user, to send you information relating to your SPR order.
  • communicate by electronic means, any news relating to its products and services if you ticked the checkbox on our website to receive the newsletter.
  • provide SPR with marketing information, such as location, time of purchase, and preference of product to improve our services and products.

This data is never shared with third parties for any reason and is stored only as long as it is relevant to our business.

The Website:

  • only collects information that we need for a specific purpose, i.e. to deliver your item as purchased, or to improve service.
  • keeps it secure on professionally-managed cloud servers at Bluehost, Mailjet, Dropbox, or PayPal.
  • ensures it is relevant and up to date.
  • only holds as much as we need, and only for as long as we need it.
  • allows you to see it on request – just email us at editor@selfpublishingreview.com.
  • All credit card and financial data is processed and encrypted by PayPal using SSL and maximum security standards. SPR does not have any access whatsoever to your financial details such as credit card numbers or bank account passwords. You can read about PayPal Security and Safety here.

5. Transfers to third parties

The Website uses Mailjet to process mailouts. You can read their privacy policy here.
The Website uses PayPal to process product payments and does not store or collect credit card/debit card numbers at SPR. You can read PayPal’s privacy policy here.
The Website collects and stores copies of manuscripts and ebooks from clients uploaded to our secure Dropbox folder, which we keep until your purchase is completed, and then delete in bulk on a regular basis. You can read their Privacy Policy here.

5.1 Plugins

The Website uses industry-standard code, known as plug-ins, created by highly trusted third-party developers to facilitate the collection of email addresses and order details, often via cookies (See section 2). These plug-ins are updated regularly for the security of use. These are as follows:

We will never share your personal data with third parties unless (i) it is consistent with the terms and conditions of the privacy policy, (ii) the user consents to the transfer case, or (iii) it is required to meet legal obligations among which include, without limitation, providing data to the courts, the police or other national or international security bodies.

6. Security Measures

The Website informs you that it has adopted the technical and organizational measures necessary to maintain the level of security required in the personal data processed and also has the necessary mechanisms in place to prevent, to the extent possible, any unauthorized access, theft, illicit modification, and loss of data.

In any case, The Website will only retain user data during the time period necessary to fulfill the intended purposes. Unless applicable law states otherwise, personal data will be erased, blocked, or will be rendered anonymous when they are no longer needed for the purposes for which they were collected.

7. Confidentiality

In compliance with current regulations, The Website undertakes to fulfill its obligation of secrecy regarding personal data that the user provides while browsing through The Website, and it is its duty to keep them confidential.

What do we keep?

  • Your name, address including country, and purchase details, namely item bought, date of purchase, and any sales taxes paid.
  • Your email address so that we can contact you about your order, and so that you can be found in records for any inquiries at a later date, such as requesting an invoice for your own tax purposes, or wanting to repeat an order. We use your email as an identifier to find you on our system.
  • Your IP address (sometimes called GEO-IP) for security against hacking, and for processing purchases with VAT.
  • Your manuscript as uploaded to Dropbox, for as long as we need it to deliver your order.

How long do we keep your data?

We keep data on our secure cloud server at Bluehost for tax reporting purposes, and as a list in our PayPal account, as we must keep a client list for six years by law, in case we are audited by the Spanish government’s tax body, AEAT. This list only includes your name and country (and VAT number if you are a business and VAT registered) as given at the time of purchase and is only made available on request for tax auditing. This is highly unlikely.

We actively review the information we hold, and when there is no longer a customer, legal, or business need for us to hold it, we will either delete it securely or in some cases anonymize it.

Who has access?

  • Data is accessed on a strict need-to-know basis at managerial level only.
  • We do not sell your details or share them with any other entity whatsoever.

8. Third-party data

In the event that the user provides personal data of third parties, he/she guarantees to have obtained their prior consent and inform them beforehand of the conditions and purposes for which SPR may use their personal data. If required by SPR, the user must prove that consent has been obtained.

9. Minors

The services and information available on the Website are intended for people over 16 years of age.

10. Data quality

Data provided by the user must be accurate and truthful. In any case, the user has the obligation to notify SPR of any changes to their data in order to keep them up to date at all times.

11. Data subjects rights

At any time users may exercise the rights of access, rectification, cancellation, and opposition to the processing of their personal data under the terms established by the current legislation, through the email address editor@selfpublishingreview.com, or by using the unsubscribe link on each mailout sent via Mailchimp.

We do not send electronic mail marketing to an email address unless one of the two clauses is true:

  • You have specifically consented to receive emails from us, that is, our newsletter (subscribed to the list)
  • You have requested a specific newsletter directly by email, and we send you a link to the content via an email to your address (not subscribed to the list)

12. Data Security

  • We protect your personal data against unauthorized access, unlawful use, accidental loss, corruption, or destruction by encryption and password protection as well as database security provided by our host servers.
  • In the extremely unlikely scenario in which a personal data breach events, this would be reported to all clients within 24 hours.

13. Update of the Privacy Policy

The Website may modify and update this Privacy Policy at any time without prior notice. Please always check that you are aware of our Privacy Policy in order to remain informed at all times of the information collected through the Website, how we use this information and the circumstances in which it may be disclosed to third parties.

You can email us to see your data or withdraw consent for marketing at any time by emailing us. Our appointed GDPR director is Cate Baum, whom you may email at editor@selfpublishingreview.com.

Last update: September 2022