header

Köp och sälj böcker lättare än någonsin!

Created with sketchtool. Created with sketchtool.

BOOKIS PRIVACY POLICY

Effective date: 25 November 2019

1. General information

Below, we provide you with general information about this website, our privacy policy, and the entity that is responsible for your personal data.

1.1 About this privacy policy.

This privacy policy explains how we collect and use personal data of individual users or business entities (“you” and “your”) personal data obtained through the website https://bookis.com, the related software, and services (collectively, “Bookis”). We also explain what measures we take to protect your personal data from unauthorised access. It is important to us that you feel safe while using Bookis, which is why we place great emphasis on protecting your privacy.

1.2 Data controller.

The entity that is responsible for the processing of your personal data through Bookis is Enviv AS having a registered place of business at Conrad Holmboes veg 53, 9011 Tromsø, Norway (“we”, “us”, and “our”). We act as a data controller with regard to your personal data.

1.3 About Bookis.

Bookis is an online platform that allows buying and selling new and used books.

1.4 Applicable laws.

The processing of your personal data is carried out in accordance with applicable national and international data protection laws, including Norwegian Personal Data Act of 2000 and the EU General Data Protection Regulation (GDPR).

1.5 Contact us.

If you have any questions related to our privacy policy or the handling of your personal data, we encourage you to contact us on telephone +45 23 65 11 15 or email privacy@bookis.com.

1.6 Cookies.

We use cookies on Bookis. For more information on our use of cookies, please refer to our cookie policy available at https://bookis.com/cookies.

1.7 Children’s privacy.

We do not allow anyone younger than 18 to use Bookis. Therefore, we do not knowingly collect children’s personal data. If you become aware that personal data was provided by a person under the age of 18, we kindly ask you to inform us as soon as possible so that we could take appropriate measures.

1.8 Important terms.

In this privacy policy, you will encounter recurrent terms. For your convenience, we would like to explain what such terms mean:

  • “Consent” means a freely given, specific, informed and unambiguous agreement to the processing of personal data;
  • “Data controller” means the entity that determines the purposes and means of the processing of personal data;
  • “Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
  • “Personal data” means any information relating to a natural person who can be identified, directly or indirectly, by using such information (e.g., name, address, phone number, email, and IP address); and
  • “Processing” means the use of personal data in any manner, including, but not limited to, collection, storage, erasure, transfer, and disclosure of personal data.

1.9 Your consent to the Privacy Policy.

Your use of Bookis is subject to this privacy policy. Before you submit any personal data through Bookis, you are encouraged to read this privacy policy. In some cases (where required by the applicable law), we may seek to obtain your consent for the processing of your personal data. For example, we may seek your prior consent for the following purposes:

  • If we intend to collect other types of personal data that are not mentioned in this privacy policy;
  • If we intend to use your personal data for purposes that are not indicated in this privacy policy;
  • If we would like to disclose or transfer your personal data to third parties that are not specified in this privacy policy; or
  • If we significantly amend this privacy policy.

2. Brief summary of our privacy policy

For your convenience, we have compiled the following summary, but we recommend to read this privacy policy in its entirety so that you understand how we collect and use your personal data.

We collect personal data if it necessary to ensure that you receive the requested services. For example, when you register your user account on Bookis, we will ask you to provide certain personal data to us, such as your email address, full name, or social media details; when you make an order on Bookis, you will be requested to submit your phone number, address, and payment details; when you browse on Bookis, we will collect your IP address. We will process your personal data to (i) provide you with the requested services, (ii) improve and further develop Bookis, (iii) analyse and understand market trends, and (iv) limit any possible misuse of Bookis. If we have a legitimate basis to do so, we also process your personal data to provide you with personalised offers, recommendations, and content tailored to you.

The personal data we collect may be shared with third-party service providers that act as our data processors (e.g., payment processors, shipping partners, and analytics service providers). The disclosure of your personal data to third parties is limited to the instances when the disclosure is strictly necessary to provide you with the requested services or pursuing our legitimate business interests.

We will make sure that, at all times, we have a legal basis for the processing of your personal data, your personal data is properly protected, and you can exercise your legitimate rights.

3. What kind of personal data do we collect and for what purposes do we use it?

We collect only a minimal amount of personal data that is necessary for your use of Bookis. We use your personal data for specified and limited purposes. Below, we explain what types of personal data we collect from you, for what purposes we use that data, and on what lawful bases we rely when processing your personal data.

3.1 Types of personal data.

We comply with data minimisation principles. Thus, we collect only a minimal amount of personal data that is necessary for ensuring your proper use of Bookis. The list of the types of personal data that we collect from you is provided in section 3.3 below.

3.2 Purposes of personal data.

We process your personal data only for specified and legitimate purposes explicitly mentioned in this privacy policy. In short, we will use personal data only for the purposes of enabling you to use Bookis, maintaining and improving Bookis, conducting research about our business activities, preventing fraud and misuse, and replying to your enquiries. We will not use your personal data for any purposes that are different from the purposes for which your personal data was provided. At all times, we make sure that we have a legal basis allowing us us process your personal data.

3.3 Overview of types and purposes of your personal data.

The table below provides a detailed description of the types of personal data that we collect, the purposes for which we use it, and the legal bases on which we rely when processing personal data.

Personal data

Purpose

Legal bases

When you register your user account, we collect your:

  • Full name;
  • Email address; and
  • Password.

When you use your social media account to register your user account, we collect your:

  • Name;
  • Email address;
  • Image.

When you create a merchant account, we collect your: 

  • Business name;
  • Address;
  • Email address; 
  • Phone number; and
  • Password.
  • To register and maintain your user account;
  • To enable your access to Bookis;
  • To deliver the requested services;
  • To contact you, if necessary; and
  • To analyse and improve our business.
  • Performing a contract with you; and
  • Pursuing our legitimate business interests (to administer and improve our business).

When you update your user account, we collect your:

  • Profile image;
  • Gender;
  • Date of birth; and
  • Any information you decide to provide about yourself.

When you update a merchant account, we collect your: 

  • Shop name;
  • Shipping address; 
  • Selling address; 
  • Payment method details (e.g., a bank account number); and
  • Any information you decide to provide about your business.
  • To enable your access to the full functionality of Bookis;
  • To deliver the requested services;
  • To feature your profile;
  • To process payments; and
  • To analyse and improve our business.
  • Your consent (for optional personal data);
  • Performing a contract with you; and
  • Pursuing our legitimate business interests (to administer and improve our business).

When you place an order, we collect your:

  • Email address;
  • Phone number;
  • Full name; 
  • Shipping address; and
  • Payment information (e.g., phone number or credit card number, CVV number, name, and expiration date).
  • To deliver you your order;
  • To process your payment; and
  • To maintain our accountancy records.
  • Performing a contract with you; and
  • Pursuing our legitimate business interests (to administer our business).

When you place a book for sale, we collect:

  • Any information that you decide to provide about the book.
  • To deliver the requested services;
  • To feature your profile, and
  • To analyse and improve our business.
  • Your consent (for optional personal data);
  • Performing a contract with you; and
  • Pursuing our legitimate business interests (to administer and improve our business).

When you contact us by email or through the chat, we collect your:

  • Full Name;
  • Email address; and
  • Any information or personal data that you decide to provide us in your message.
  • To respond to your enquiries; and
  • To provide you with the requested information.
  • Pursuing our legitimate business interests (to grow and promote our business); and
  • Your consent (for optional personal data).

When you sign up for a newsletter or updates, we collect your:

  • Email address.
  • To deliver you the newsletter.
  • Your consent.

When you use Bookis, we collect your:

  • IP address; and
  • Your approximate location.
  • To analyse, improve, and evaluate our business activities;
  • To customise Bookis for your location; and
  • To ensure security of Bookis.
  • Pursuing our legitimate business interests (to analyse and improve our business activities and ensure security)

When you send messages through Bookis, we may have access to your messages.

  • To facilitate the exchange of messages through Bookis; and
  • To ensure the security of Bookis. 
  • Performing a contract with you; and
  • Pursuing our legitimate business interests (to ensure security).

3.4 Sensitive data.

We do not collect, under any circumstances, special categories of personal data (“sensitive data”) from you, such as your health information, opinion about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about your sexual orientation, unless you decide to provide such sensitive data, at your own sole discretion.

3.5 Failure to provide personal data.

If you fail to provide us with the personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of Bookis, receive the services provided through Bookis, or get our response.

3.6 Personal data made public.

If you decide to publish information about yourself, your books, or reviews on Bookis, you may decide to reveal certain personal data. Please keep in mind that such data will become available to other users of Bookis. Therefore, we request you to exercise your due diligence and not to disclose your personal data that is not necessary, extensive, or sensitive, as such data can be used by third parties for unlawful purposes. Also, please note that you are not allowed to publish personal data pertaining to other persons if they have not provided you with their prior consent to disclose such data. We will take immediate steps to remove your messages or comments from Bookis if we become aware that they contain personal data disclosed unlawfully.

3.7 Privacy of communication.

Bookis allows you to exchange private messages. We put reasonable efforts to ensure that any communication data transmitted through Bookis remains confidential and properly protected. Moreover, we do not intentionally and directly access, manage, correct, delete, share, or disclose your private messages, unless it is strictly necessary for the provision of Bookis or we are requested by law enforcement agencies to do so. You are solely responsible for any communication through Bookis, the content of your messages, as well as accessing or deleting the messages.

4. What non-personal data do we collect?

When you use Bookis, we collect some data about your device, visit, and other technical details. In this section, we inform you what non-personal (technical) data we collect from you and for what purposes we use that data.

4.1 Technical data.

Through server logs and other tools, we record information about the device that you use and your connection to Bookis, including your (i) operating system, (ii) browser version, (iii) URL addresses clicked from Bookis, (iv) session logs, (v) screen size, (v) crash data,and (vi) other behavioural data. This information is often used in anonymous and aggregated statistics, but we can also link it to your user account. This information allows us to customise the display of Bookis to the device you are using, in addition to analysing various ways in which you use Bookis.

4.2 Data that you save.

Some information is stored in our systems at your request, such as when you publish a book for sale or try to find a book you want to buy. We use such information, among other things, to limit abuse of the service, to improve our services and to provide you with content adapted to your usage pattern (for example, books in your immediate area).

4.3 Your feedback.

If you contact us, we may keep records of any questions, complaints or compliments made by you and the response, if any. Where possible, we will de-identify your personal data.

4.4 Aggregated and de-identified data.

In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.

4.5 Purposes of non-personal data.

We will use non-personal data in furtherance of our legitimate interests in operating Bookis, conducting our business activities, and developing new products and services. More specifically, we collect the non-personal data for the following purposes:

  • To analyse what kind of users visit and use Bookis;
  • To examine the relevance, popularity, and engagement rate of the content available on Bookis;
  • To investigate and help prevent security issues and abuse;
  • To develop and provide additional features to Bookis; and
  • To personalise Bookis for your specific needs.

5. Sharing personal data

To ensure your proper use of Bookis, we may need to cooperate with external service providers and share some personal data with them. In this section, you can find information about third parties that have access to your personal data and the instances when we make data transfers.

5.1 Do we share your personal data?

Your personal data may be disclosed to other companies acting as our data processors for use for the same purpose for which your personal data was collected. As far as possible, the information will be provided in an anonymised form, but for some purposes it is necessary for the data processor to obtain information that will enable you to identify you. For example, we may share your personal and non-personal data with entities that provide certain technical support services to us, such as web analytics, payment processing, shipping, and email distribution services. We will not share, sell, disseminate or otherwise disclose your personal data other than as set forth in this privacy policy, unless we are required to do so as a result of a binding court decision or we have obtained your consent. Data processors who access your personal data in connection with the provision of their services to us are subject to the obligation of confidentiality and cannot use personal data in any way other than in the performance of services for us.

5.2 When do we disclose your personal data?

The disclosure of your personal data is limited to the situations when such data is required for the following purposes:

  • Ensuring the proper operation of Bookis;
  • Ensuring the delivery of services requested by you;
  • Providing you with the requested information;
  • Pursuing our legitimate business interests;
  • Enforcing our rights, preventing fraud, and security purposes;
  • Carrying out our contractual obligations;
  • Law enforcement purposes; or
  • If you provide your prior consent to such a disclosure.

5.3 With what data processors do we share your personal data?

We will share your personal data only with the data processors that agree to ensure an adequate level of protection of personal data that is consistent with this Privacy Policy and the applicable data protection laws. The data processors that will have access to your personal data are listed below.

Service

Name

Location

More information

Hosting service provider

Amazon Web Services

The United States

https://aws.amazon.com

Cloud storage providers

Amazon Cloudfront

The United States

https://aws.amazon.com

Google BigQuery

https://cloud.google.com/bigquery/

Google Sheets

https://www.google.com/sheets/about/

Google Data Studio

https://datastudio.google.com

Database service providers

Amazon Web Services

The United States

https://aws.amazon.com

MySQL

Norway

https://www.mysql.com

PostGres

Sweden

https://www.postgresql.org

Analytics service providers

GoogleAnalytics

The United States

https://analytics.google.com

Google Firebase

The United States

https://firebase.google.com

Transactional email service providers

SendGrid

The United States

https://sendgrid.com

Drip

The United States

https://www.drip.com

Payment processing service provider

Stripe

The United States

https://stripe.com

Marketing service providers

Facebook

The United States

https://www.facebook.com

HotJar

Malta

https://www.hotjar.com

Drip

The United States

https://www.drip.com

OneSignal

The United States

https://onesignal.com

Technical support service providers

Gitlab

The United States

https://about.gitlab.com

Github

The United States

https://enterprise.github.com

Bitbucket

The United States

https://bitbucket.org

Sentry

The United States

https://sentry.io

Shipping service providers

Helthjem Netthandel

Norway

https://helthjem.no

Premo AB

Sweden

https://premo.se/

Distribution Innovations

Norway

https://www.di.no

Transportation service providers

Postnord

Sweden

https://www.postnord.no

Helthjem Netthandel

Norway

https://helthjem.no

Accountancy service providers

Hjelle Regnskap og Økonomi AS

Norway

https://hjelleregnskap.no

24SevenOffice

Norway

https://24sevenoffice.com

Payment processing service providers

Stripe

The United States

https://stripe.com

Vipps

Norway

https://www.vipps.no

Chat service provider

Intercom

The United States

https://www.intercom.com

5.4 Sharing of non-personal data.

We may disclose your non-personal data and de-identified data for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving Bookis, responding to lawful requests from public authorities or developing new products and services.

5.5 Legal requests.

If necessary, we will disclose information about the users of Bookis to public authorities to the extent necessary for pursuing a public interest objective, such as national security or law enforcement. Also, if it is suspected that an offence has been committed in connection with your use of Bookis, your personal data may be disclosed to public authorities upon request.

5.6 Successors.

In case our business is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this privacy policy.

6. International transfer of personal data

Your personal data may be transferred outside the country where you reside. In this section, we explain when we transfer personal data abroad and what safeguards we implement to ensure that your personal is properly protected.

Some of our data processors listed in section 5 of this privacy policy are located outside the country in which you reside. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data (e.g., the recipient is a Privacy-Shield certified entity) or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based pre-approved standard contractual clauses).

7. Storage and deletion of personal data

We store your personal data in our systems only if it is necessary for its specific and limited purposes. Below, we specify the time period for which we keep your personal and non-personal.

7.1 Storage of personal data.

Your personal data will not be stored for longer than it is necessary to fulfil the purpose of the processing, as indicated in section 3.3. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will immediately securely delete your personal data from our systems. In addition, you may ask us at any time to delete information related to you, unless the information is required to provide a service that you still want to access (such as selling a book) or it is required by law to keep the information for a certain period of time (for example, certain information related to the purchase of services in accordance with accounting legislation).

7.2 Storage of non-personal data.

We may retain non-personal data pertaining to you for as long as necessary for the purposes described in this privacy policy. This may include keeping non-personal data after you have deactivated your user account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

7.3 Retention as required by law.

Please note that, in some cases, we may be obliged by law to store your personal data for certain period of time (e.g., for maintaining our accountancy records). In such cases, we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.

7.4 Ads.

Information related to ads published on Bookis will be stored for up to five years to help resolve disputes about the ad object, such as whether the parties disagree on what the ad specified about the condition, price, method of delivery, etc. Anonymised versions of published ads will also be preserved in a historical archive.

8. Security of personal data

We put our best efforts to keep your personal data safe and secure. In this section, we inform you about our technical measures that help us to protect your personal data.

8.1 Our procedures.

We have established procedures and measures at various levels to ensure that unauthorised persons do not have access to your personal data and that all processing of the data is in accordance with the applicable laws. The organisational and technical measures taken by us include:

  • Regular risk assessments;
  • Technical systems and physical procedures for safeguarding information security;
  • Routines to verify access and correction requests;
  • Encryption;
  • Secured networks;
  • SSL protocol;
  • Strong passwords;
  • Limited access to your personal data by our staff; and
  • Anonymisation of personal data (when possible).

8.2 Prevention of misuse.

To protect your personal data from loss, misuse, unauthorised access, and disclosure, we may use external services to identify which device you are using when you log in. In this context, we will be able to send data to both your own device and the identification service to identify you, as well as obtain information about any misuse of services via that device. The information is used to prevent unwanted activity and helps, among other things, to reveal that others are trying to log in to your user account to post fraudulent ads. If we identify any abuse of Bookis, we may in some cases share information related to your device and your IP address with the relevant data processor to limit the possibility of further abuse by the device.

8.3 Handling security breaches.

Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.

9. Marketing communication

From time to time, you may receive promotional messages from us. In this section, we explain when you may receive notices from us and what you can do to decline our commercial communication.

9.1 Marketing messages.

To keep you updated about the latest developments related to Bookis, our new services, additional features of Bookis, and our special offers, we may send you marketing messages, such as newsletters, brochures, promotions and advertisements. You will receive such marketing messages or be contacted by us for marketing purposes only if:

We receive your express (“opt-in”) consent to receive marketing messages (please note that your voluntary subscription to our newsletters and updates substitutes such consent);

You adjust your ‘Email notifications’ settings accordingly; or

We decide to send you marketing messages about our new services that are closely related to the services already used by you.

9.2 Opting-out.

You can opt-out from receiving marketing messages at any time free of charge by clicking on the “unsubscribe” link contained in any of the messages sent to you or by contacting us directly.

9.3 Informational notices and service updates.

From time to time (if we have your email address), we may send you important informational notices, such as service-related, technical or administrative emails, information about Bookis, your orders and payments, your user account, privacy and security, and other administrative matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your prior consent.

10. Your rights regarding your personal data

You have the right to control how we process your personal data. Below, we list the rights that you can exercise with regard to your personal data and explain how you can exercise those rights.

10.1 What rights do you have?

Subject to any exemptions provided by law, you may ask us to:

  • Get a copy of your personal data that we store;
  • Get a list of purposes for which your personal data is processed;
  • Rectify inaccurate personal data;
  • Move your personal data to another processor;
  • Delete your personal data from our systems;
  • Object and restrict processing of your personal data;
  • Withdraw your consent, if you have provided one; or
  • Process your complaint regarding your personal data.

10.2 How to exercise your rights?

Some of your rights listed above can be exercised through your user account. For example, you can change your name, contact details, delete certain information, or adjust your marketing preferences. In all other cases, please contact us by email at privacy@bookis.com and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks.

10.3 How to file a complaint?

If you would like to file a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.

11. Validity and amendments

This privacy policy may be changed or terminated at any time. In this section, we explain for how long this document is valid and how you will be informed about any changes.

11.1 Term and termination.

This privacy policy enters into force on the effective date indicated at the top of the document and remains valid until terminated or updated by us.

11.2 Amendments.

We may change this privacy policy from time to time to address the changes in laws, regulations, and industry standards. The amended version of the privacy policy will be posted on this page and, if we have your email address, we will send you a notice about all the changes implemented by us. We encourage you to review our privacy policy to stay informed. For significant material changes in the privacy policy or, where required by the applicable law, we may seek your consent. If you disagree with the changes to the privacy policy, you should cease using Bookis.

12. Contact details

You can contact us at any time to receive further clarifications. Our contact details are specified below.

Email: privacy@bookis.com
Postal address for communication: Enviv AS, c/o Arne-Morten Willumsen, Conrad Holmboes veg 53, 9011 Tromsø, Norway
Phone number: +45 23 65 11 15
Company registration number: NO917690979MVA