Privacy Policy.

1.   Introduction

This privacy policy sets how Cambridge Recycled Books uses and protects any information that you give us when you use our website. 

Your privacy and security is important to us.  Should we ask you to provide certain information by which you can be identified when using the website, then you can be assured that it will only be used in accordance with this privacy statement.

We encourage you to read the policy carefully and to contact us with any questions or concerns about our privacy practices. We may change this policy from time to time by updating this page. You should check this page regularly to ensure that you are happy with any changes.

2.   Who we are?

We refer to the website all features, functionality and content of the website as the "Services". The Services, including the website are provided in the UK by Carol Lee, trading as Cambridge Recycled Books ("we", "us", "our"). For the purposes of UK data protection legislation, we are the data controller.

3.   What information do we collect?

If you are a Cambridge Recycled Books customer, create an account with us, participate in competitions or promotions or otherwise contact us, we will receive your personal data. We collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows: 

Identity Data 

may include first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender. 

Contact Data 

may include billing address, delivery address, email address and telephone numbers. 

Financial Data 

If you purchase anything from us we use secure third party services, specifically PayPal and Stripe; to collect your payment, protect your credit card information and assist your shopping experience. We do not have access to credit or debit card information.  

Transaction Data 

may include details about payments to and from you and other details of products and services you have purchased from us. 

Technical Data 

may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. 

Profile Data 

may include your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. 

Usage Data 

may include information about how you use our website, products and services. 

Marketing and Communications Data 

may include your preferences in receiving marketing from us and our third parties and your communication preferences. 

Information from third parties 

We may obtain additional information about you from third parties such as marketers, partners, researchers and others, but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. 

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice. 

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. 

4.   How do we use personal information?

We may use your Information to: 

  • Register you as a customer or prospective customer.

  • Process your orders and provide you with the Services (such as sending you your order). 

  • Customise our Services to you, for instance by establishing your book preferences to facilitate better recommendations. 

  • Inform you about your scheduled delivery and ask for your feedback about recent orders. 

  • Provide, operate and maintain, our Services, including, for instance (without limitation) to administer your account, provide you with order and billing information, monitor use of and downloads from the Site.

  • Make suggestions and recommendations to you about Services or goods that may be of interest to you or to keep you up to date with news and developments at Cambridge Recycled Books and in our market place by sending emails and mailshots.

  • Improve the website and Services for customers, analyse website usage, investigate complaints or website operations and identify visitors to the website. 

  • Analyse our users' demographics and track sales data. 

  • Provide you with personalised offers, competitions, marketing materials and other promotional materials, both online (via email and through advertisements), offline (via post), and through other marketing channels, such as third party social networks, like Facebook.

  • Assist us in finding other potential customers similar to you including using social network platforms (but we would never disclose your data in doing so to any of those customers). 

  • Send you information or content you have requested.

  • Communicate with you and investigate any complaints. 

  • Perform market research, data analytics and data appends. 

  • Ensure that as an existing customer you are not included on proposed marketing campaigns aimed at attracting new customers. 

  • Protect against fraud, unauthorised transactions, security issues, claims and other liabilities and manage risk exposure and quality. 

  • Provide customer support and diagnostic assistance, for instance, by analysing the Information, our Service’s integration with other platforms and the contact information and other materials you submit to us. 

  • Associate an email address that you have provided to us with previous browsing and purchase experiences. We may be able to make this connection whether you are logged on or not (through use of certain online identifiers, as described in our Cookie Statement), and we will know whether you receive email alerts and will be able to associate this with any other contact information you may have given us. 

If you have elected to unsubscribe from marketing communications, we will keep a record of this and ensure that we include your email address on suppression lists to ensure that we do not contact you with marketing communications. 

5.   What legal basis do we have for processing your personal data?

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only (i) where we need the personal information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) with your consent. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. 

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be for us to operate our platform and communicating with you as necessary to provide our Services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are. 

6.   When do we share personal data?

We are committed to protecting the privacy and security of your personal information. We will only share it with third parties in accordance with this Policy, or as otherwise required by law. 

We may share your personal information with trusted service providers, to perform or assist us in performing any of the functions listed under Information Uses.  This includes, without limitation, the following service providers or third parties

  • Postal and courier services ( for example to ship and deliver your order, including Royal Mail and Parcel2Go)

  • Banks and payment service providers (for example to process credit card and payments, including PayPal and Stripe)

  • IT service providers (for example to host, manage and service our data, including Squarespaceand Chrislands) 

  • Marketing companies who assist us with marketing campaigns.

  • As we continue to develop our business, we may sell, buy, merge or partner with other companies or businesses, or sell some or all of our assets. In such transactions, your Information may be among the transferred assets or may be shared with the other company or business for purposes of evaluating the transaction. 

  • We may share your information with third-parties with whom we have a contractual relationship. 

  • We may share your feedback or comments. If you post anything to this website or through the Services that can be viewed by the general public, we may share that with third parties. 

  • We may use third-party web analytics services on the website, such as those of Google Analytics. We may also share certain information about you and the device you use to access the Services in order to deliver tailored advertising.  These service providers use the technology described in the "our use of cookies and similar technologies section" to help us analyse how users use the website and to deliver advertising. The information collected by the technology (including your IP address) will be disclosed to or collected directly by these services providers, who use the information to evaluate your use of the website.

  • We may also share personal data with third parties to the extent necessary to: (i) comply with a government request, a court order or applicable law; (ii) prevent illegal uses of our site or violations of our site’s terms of use and our policies; (iii) defend ourselves against third party claims; and (iv) assist in fraud prevention or investigation (e.g., counterfeiting). 

  • We may share your Information in any other circumstances where we have your consent. 

Sometimes, we may combine certain parts or portions of the Information with each other. For instance, when we provide you with customer support or other assistance, we may combine your account information and other personal information you've provided to us with Information about your usage of the Services. 

We may include links to third party websites on the website which we think you might be interested in. Any such third party websites are not controlled by us and therefore our Privacy Policy does not apply to them. 

Our use of cookies and similar technologies 

Cookies are small pieces of information which are issued to your computer when you visit a website and which store and sometimes track information about your use of that website. For more information about our use of cookies and similar technologies, please see our separate Cookie Policy

7.   Where do we store and process personal data?

The General Data Protection Regulation (EU GDPR) is a European privacy law that regulates how individuals and organizations may collect, use, and retain the personal data of individuals.

Following the exit of the United Kingdom of Great Britain and Northern Ireland (UK) from the European Union (EU), the EU GDPR forms part of the body of retained EU law in the UK (UK GDPR), along with the UK Data Protection Act 2018 (DPA 2018), continues to be part of UK law.

GDPR requires certain safeguards when transferring personal data from outside the EEA, the UK and Switzerland to "third countries," which are all countries outside these protected areas, including the United States. 

Our website is built on a platform developed, and hosted, by Squarespace, a US-based company. Please see below for more information about them and the steps they take to protect personal information. Our online shop is on a sub-domain hosted by Chrislands Inc, a US-based company.

Squarespace is committed to treating personal data received from the EEA, the UK and Switzerland (as well as personal data received from elsewhere around the world) in a secure and privacy-first way, and processing it in a way that meets the European Commission Standard Contractual Clauses. 

Squarespace uses the European Commission Standard Contractual Clauses (also known as Model Contractual Clauses) and the UK’s International Data Transfer Addendum (UK Addendum) as the legal basis for transferring personal data to third countries, including the United States. Squarespace protects your personal data and have put appropriate technical and organizational safeguards in place to meet these standards. To learn more, visit its Security Measures page.

 You can read more about the way Squarespace ensure site users’ privacy is protected under EU Data Protection laws here:

Squarespace and GDPR

Squarespace Privacy Policy

Chrislands has access to your personal information if it needs to resolve any technical faults. It does not have access to your payment information. The transfer of personal data outside the EU is permitted under GDPR where it is necessary for the performance of a contract between the individual (you) and the organisation.

When processing payments, some of your data will be passed to PayPal or Stripe, including information required to process or support the payment, such as the purchase total and billing information. 

PayPal’s operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.  These parties may be established in jurisdictions outside the European Economic Area and Switzerland.  PayPal has taken specific steps, in accordance with EEA data protection law, to protect personal information. Further information can be found here:

PayPal Privacy Policy

Stripe is a global business. Personal Data may be stored and processed in any country where it has operations or where it engages service providers. Stripe may transfer Personal Data that it maintains about you to recipients in countries other than the country in which the Personal Data was originally collected, including to the United States. Those countries may have data protection rules that are different from those of your country. However, Stripe will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Data remains protected to the standards described in its Privacy Policy. Further information can be found here:

Stripe Privacy Policy

Our inventory management system is provided by Zoobilee Inc, a US-based organisation. Zoobilee has access to your personal information to facilitate order processing; it does not have access to your payment information. The transfer of personal data outside the EU is permitted under GDPR where it is necessary for the performance of a contract between the individual (you) and the organisation.

8. How do we secure personal data?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. 

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. 

9. How long do we keep your personal data for?

We retain the personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). 

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. 

10. Your rights in relation to personal data

If you are a customer of ours, we will provide you access to account and usage information which you can access by logging on to your online account. Such information may include: 

  • Your order and transaction history. 

  • Your delivery information (name, email, delivery addresses, first line and post code of billing address), which you can change at any time.

  • Your payment information, which you can change at any time.

  • Your reading preferences, which you can change at any time. 

  • The ability to change your password. 

You have the following data protection rights: 

  • If you wish to access, correct or update your personal information, you will be able to do so via updating your account details on the website, however if you are having trouble please write or email us at the details below. 

  • If you wish to request deletion of your personal information, you can exercise this right by contacting us using the contact details below. 

  • In addition you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided below. 

  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe here” link in the marketing e-mails we send you. You can also opt out by updating your Account email preferences.  However there are some emails that we will continue to send you: for example responding to routine customer care and transactional emails relating to your use of our Services, including but not limited to welcome, forgotten password emails and payment failure emails. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided below. 

  • Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. 

  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact the Information Commissioner's Office. 

  • We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws 

11.        External Links 

The website may contain links to external websites. We assume no responsibility for the privacy practices or the content of those websites. Therefore, please read carefully any privacy policies on those websites before either agreeing to their terms or using those websites. 

12.        Contact Us 

If you have questions or concerns regarding this Policy, please contact us at webmaster@cambridgerecycledbooks.co.uk.

Last updated: 1 November 2024