Add Books

Privacy Policy

Effective Date: Aug 01, 2024

At dBuch, accessible from www.dBuch.eu, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by dBuch and how we use it. By using our website, you hereby consent to our Privacy Policy and agree to its terms.

1. Data Controller and Data Protection Officer
  • Data Controller: The data controller responsible for your personal data is dBuch, located at Luxemborug.
  • Data Protection Officer (DPO): For any questions regarding this Privacy Policy, please contact our DPO at [email protected].
2. Information We Collect
  • Personal Identification Information: When you create an account, post a book, or contact us, we may collect personal identification information, including but not limited to:
    • Name
    • Email address
    • Phone number
    • Mailing address
  • Usage Data: We collect information on how you access and use the website, including your IP address, browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data.
3. How We Use Your Information
  • To Provide and Maintain Our Service: We use your information to operate and maintain our website.
  • To Improve Our Website: We continually strive to improve our website offerings based on the information and feedback we receive from you.
  • To Process Transactions: We may use the information users provide about themselves when posting books only to provide service to that posting. We do not share this information with outside parties except to the extent necessary to provide the service.
  • To Send Periodic Emails: The email address you provide may be used to send you information, respond to inquiries, and/or other requests or questions.
  • To Manage User Accounts: We use the information provided at registration to create and manage user accounts.
4. Legal Basis for Processing Personal Data

We process personal data based on the following legal grounds:

  • Consent: By using our website and agreeing to this Privacy Policy, you consent to our processing of your personal data as described herein.
  • Legitimate Interests: We may process your personal data to the extent necessary for the purposes of our legitimate interests, provided that such processing is not overridden by your rights and interests.
5. Data Retention

We will retain your personal information only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

6. Data Retention
Retention Periods

At dBuch, we retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods for different types of data are as follows:

  • Account Information: We retain your account information (such as name, email address, and contact details) for the duration of your account activity. If you close your account, we may retain this information for a period of up to [12 months] to address any potential issues or legal requirements.
  • Transaction Records: Data related to transactions, such as book posts, sales, and exchanges, is retained for a period of [5 years] to comply with legal obligations, including tax and accounting requirements.
  • Communication Records: Emails, support tickets, and other communications are retained for [6 months] after the issue has been resolved or as required for legal compliance and customer service purposes.
  • Marketing Data: Data used for marketing purposes (such as subscription to newsletters) is retained for as long as you remain subscribed. You may opt-out at any time, and we will stop processing your data for marketing purposes.
Criteria for Data Retention

We determine the retention periods for your personal data based on the following criteria:

  • Legal Requirements: We retain data to comply with legal and regulatory obligations, such as tax laws, financial regulations, and data protection laws.
  • Business Needs: Data is retained as long as necessary to provide our services, process transactions, and support your account. We also consider the need to resolve disputes, enforce agreements, and improve our services.
  • User Requests: If you request deletion of your data, we will assess your request and retain data only if required for compliance with legal obligations or other legitimate purposes.
  • Data Minimization: We aim to minimize the amount of personal data we hold and regularly review our data retention practices to ensure we do not retain data longer than necessary.

After the retention period expires, we will securely delete or anonymize your personal data, ensuring it cannot be reconstructed or identified.

If you have any questions about our data retention practices or how long we retain specific types of data, please contact us using the information provided in the Contact Us section.

7. Data Protection Rights

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have certain rights regarding your personal data. Below, we outline these rights and how you can exercise them:

Right to Access

You have the right to request access to the personal data we hold about you. This includes information on how your data is processed and for what purposes. To make an access request, contact us using the information provided in the Contact Us section. We will respond to your request within the time frame specified by law.

Right to Rectification

If you believe that any personal data we hold about you is incorrect or incomplete, you have the right to request that we correct or update the information. Please provide details of the inaccuracies and the correct information when making your request. We will take reasonable steps to rectify the data promptly.

Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent on which the processing is based. To request erasure, contact us with details of the data you want deleted. We will evaluate your request and take appropriate action in accordance with legal requirements.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or if you object to processing. This means we will limit the use of your data but may still store it. To request a restriction, please contact us with relevant details.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may also request to have this data transferred directly to another data controller, where technically feasible. To exercise this right, contact us with the specific data you wish to obtain or transfer.

Right to Object

You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes. If you object, we will cease processing your data unless we have compelling legitimate grounds for continuing the processing. To exercise this right, please contact us with your objection.

Right to Withdraw Consent

If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent, please contact us using the details provided in the Contact Us section.

To exercise any of these rights or if you have any questions or concerns regarding your data protection rights, please contact us. We will respond to your requests in accordance with applicable data protection laws and ensure that your rights are respected.

8. Data Security

Measures We Implement

At dBuch, we prioritize the security of your personal data and implement a range of measures to protect it against unauthorized access, loss, or misuse. Our data security practices include:

  • Encryption: We use industry-standard encryption technologies to protect personal data during transmission and storage. Encryption helps to ensure that your data remains confidential and secure.
  • Access Controls: We enforce strict access controls to limit access to personal data to authorized personnel only. Access to data is granted based on job responsibilities and is reviewed regularly.
  • Firewalls and Anti-Malware: We deploy firewalls and anti-malware solutions to protect our systems from unauthorized access and cyber threats. These tools help to safeguard our infrastructure from potential attacks.
  • Secure Servers: Our data is stored on secure servers with up-to-date security patches and configurations. We regularly update our software and systems to protect against vulnerabilities.
  • Regular Audits: We conduct regular security audits and assessments to identify and address potential risks. These audits help us maintain a high standard of data protection and compliance.
  • Data Minimization: We adhere to the principle of data minimization by collecting only the data necessary for our services and retaining it only for as long as required.
Handling of Data Breaches

In the unlikely event of a data breach, we have established procedures to manage and mitigate the impact. Our response includes:

  • Immediate Action: Upon discovering a data breach, we will take immediate steps to contain and assess the breach. This may involve isolating affected systems and securing data.
  • Notification: We will notify affected individuals and relevant authorities as required by law. If the breach poses a risk to your rights and freedoms, we will inform you without undue delay.
  • Investigation: We will conduct a thorough investigation to determine the cause and impact of the breach. This includes identifying the nature of the breach, the data affected, and the potential consequences.
  • Remediation: We will implement corrective actions to address the vulnerabilities that led to the breach and prevent similar incidents in the future.
  • Documentation: We will document the breach and our response to ensure compliance with legal and regulatory requirements and to improve our security practices.

We are committed to protecting your personal data and will take all necessary measures to address any security incidents promptly.

9. Third-Party Services

Third-Party Links

Our website may contain links to third-party websites that are not operated by dBuch. Please be aware that we do not control and are not responsible for the content or privacy practices of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit to understand how they collect and use your information.

  • Disclaimer: The inclusion of a link to a third-party website does not imply endorsement or responsibility for the content, products, or services offered by that site.
Third-Party Service Providers

We may use third-party service providers to assist us in providing our services and operating our website. These providers may have access to your personal data only to perform specific functions on our behalf and are required to maintain confidentiality and security of your data.

  • Service Providers: Third-party service providers may include payment processors, cloud storage providers, and email service providers.
  • Data Processing Agreements: We enter into data processing agreements with these service providers to ensure they adhere to data protection standards and comply with applicable data protection laws.
  • Data Security: We require our service providers to implement appropriate data security measures to protect your personal data and to use it only for the purposes for which it was provided.

We carefully select and monitor our third-party service providers to ensure that they meet our security and privacy standards.

10. International Data Transfers

Transfer Mechanisms

As dBuch operates globally, your personal data may be transferred to and stored in countries outside of the European Union (EU) or European Economic Area (EEA) where the data protection laws may differ from those in your country. We ensure that such transfers are made in accordance with applicable data protection laws and regulations.

Mechanisms for International Transfers:

  • Standard Contractual Clauses (SCCs): We may use Standard Contractual Clauses approved by the European Commission to ensure that adequate protection is provided for your personal data when transferred to countries outside the EU/EEA.
  • Privacy Shield Framework: In cases where applicable, we may rely on frameworks such as the EU-U.S. Privacy Shield or other similar mechanisms to ensure compliance with data protection standards.
Safeguards for International Transfers

We implement appropriate safeguards to ensure that your personal data remains protected when transferred internationally. These safeguards include:

  • Data Protection Agreements: We enter into data protection agreements with third parties that handle your personal data to ensure they adhere to EU data protection standards.
  • Encryption: We use encryption technologies to protect personal data during transmission and storage.
  • Access Controls: We implement stringent access controls to limit who can access personal data and ensure that only authorized personnel handle it.
  • Regular Audits: We conduct regular audits and assessments to ensure that our data protection measures and international transfer mechanisms remain effective and compliant with applicable laws.

We are committed to protecting your personal data, regardless of where it is transferred, and ensuring that your rights and privacy are safeguarded.

11. Children’s Privacy

Age Restrictions

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect, use, or disclose personal data from children under 16 without parental consent. If you believe that we have collected personal data from a child under the age of 16 without proper consent, please contact us, and we will take steps to delete the information promptly.

Parental Consent

If you are a parent or guardian and you become aware that your child has provided us with personal data without your consent, please contact us. We will take appropriate measures to ensure that such data is deleted from our records.

Parental Rights:

  • Access and Correction: Parents and guardians have the right to access and request correction or deletion of their child’s personal data.
  • Contact Us: To exercise these rights or if you have any concerns regarding your child’s data, please contact us using the information provided in the Contact Us section.

We are committed to protecting the privacy of children and ensuring that our services comply with applicable laws regarding children’s data.

12. Changes to This Privacy Policy

Updates and Amendments

We may update this Privacy Policy from time to time to reflect changes in our practices, technological advancements, or legal requirements. Any updates or amendments to this Privacy Policy will be posted on this page with a revised effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data and to ensure you are aware of any changes.

Key Changes: When significant changes are made to the Privacy Policy, such as changes in how we process personal data or new data processing practices, we will highlight these updates to make it easier for you to understand what has changed.

Notification of Changes

In addition to posting updates on our website, we will notify users of significant changes to the Privacy Policy through the following methods:

  • Email Notification: If you are a registered user, we may send you an email notification about the changes, including a summary of the key updates.
  • Website Notification: We may also display a prominent notice on our website informing visitors about the changes and encouraging them to review the updated Privacy Policy.
  • In-App Notifications: For users who access our services through a mobile application or other platforms, we may provide in-app notifications or prompts about the changes.

Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the updated terms, you should cease using our website and services.

If you have any questions or concerns regarding the updated Privacy Policy, please contact us using the information provided in the Contact Us section.

13. Contact Us

How to Reach Us

If you have any questions or concerns about this Privacy Policy or our data protection practices, please feel free to contact us. You can reach us through the following methods:

Our team is available to assist you with any inquiries or issues you may have regarding your personal data and our privacy practices.

14. Inquiries and Complaints

We take your privacy seriously and are committed to addressing any concerns you may have. If you have any inquiries or complaints regarding our handling of your personal data, please follow these steps:

  1. Submit Your Inquiry or Complaint: Send a detailed description of your inquiry or complaint to our designated contact email or through our website contact form. Include any relevant information to help us address your concern promptly.
  2. Acknowledgment: Upon receiving your inquiry or complaint, we will acknowledge receipt and provide you with an estimated timeframe for resolution.
  3. Investigation and Resolution: We will thoroughly investigate your inquiry or complaint and take appropriate actions to address it. We aim to resolve all issues in a timely and effective manner.
  4. Response: Once we have reviewed and addressed your concerns, we will provide you with a formal response outlining the steps taken and any resolutions reached.

If you are not satisfied with our response or believe that we have not handled your complaint appropriately, you have the right to lodge a complaint with the relevant data protection authority.

Thank you for your attention to this matter. We value your feedback and are dedicated to ensuring the protection and privacy of your personal data.