STORE & WEBSITE POLICY
Terms & Conditions
Terms and Conditions ("Terms")
Last updated: 8th January 2021
Please read these Terms and Conditions ("Terms", "Terms and Conditions") carefully before using the http://www.nickrowan.co.uk website (the "Service") operated by Nick Rowan Author ("us", "we", or "our").
Your access to and use of the Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who access or use the Service.
By accessing or using the Service you agree to be bound by these Terms. If you disagree with any part of the terms then you may not access the Service.
If you wish to purchase any product or service made available through the Service ("Purchase"), you may be asked to supply certain information relevant to your Purchase including, without limitation, your contact details and payment details, and any other information relevant to the sale.
Our Service may allow you to post, link, store, share and otherwise make available certain information, text, graphics, videos, or other material ("Content"). You are responsible for the content and we accept no liability arising from your content whatsoever. You also acknowledge and agree that you are the owner of such content and have the right to use the content on the website. You agree that you will not post any content that is illegal, incites violence or racism, is pornographic or in any way deemed to be unsuitable for the website with such determination being at the sole discretion of us.
Links To Other Web Sites
Our Service may contain links to third-party web sites or services that are not owned or controlled by Nick Rowan Author.
We have no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or services. You further acknowledge and agree that we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.
We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material we will try to provide at least 30 days' notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.
If you have any questions about these Terms, please contact us.
Returns accepted for faulty goods within 7 days of delivery or statutory rights timelines, whichever is the shorter.
All about Information Security
Data Protection Policy
02 January 2021
Company means nickrowan.co.uk.
GDPR means the General Data Protection Regulation.
Responsible Person means the person appointed by the Company to carry out the role of Data Protection Officer.
Register of Systems means a register of all systems or contexts in which personal data is processed by the Company.
1. Data protection principles
The Company is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
processed lawfully, fairly and in a transparent manner in relation to individuals;
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
2. General provisions
This policy applies to all personal data processed by the Company.
The Responsible Person shall take responsibility for the Company’s ongoing compliance with this policy.
This policy shall be reviewed at least annually.
The Company does not process further any personal data received or collected nor does it or shall pass such on to third parties.
The Company shall store personal data purely as part of its own records.
3. Lawful, fair and transparent processing
To ensure its processing of data is lawful, fair and transparent, the Company shall maintain a Register of Systems.
The Register of Systems shall be reviewed at least annually.
Individuals have the right to access their personal data and any such requests made to the Company shall be dealt with in a timely manner.
4. Lawful purposes
All data processed by the Company must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
The Company shall note the appropriate lawful basis in the Register of Systems.
Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Company’s systems.
5. Data minimisation
The Company shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The Company shall take reasonable steps to ensure personal data is accurate.
Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
The Company shall not be liable for inaccurate data held if such inaccurate data was provided to it in the first instance by the provider of the personal data.
7. Archiving / removal
To ensure that personal data is kept for no longer than necessary, the Company shall put in place an archiving policy for each area in which personal data is processed and review this process annually. The current archiving policy in general is to hold information for twenty years unless the law requires a longer period.
The archiving policy shall consider what data should/must be retained, for how long, and why.
The Company shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
When personal data is deleted this should be done safely such that the data is irrecoverable.
Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Company shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).