Privacy policy
Last updated: September 1, 2025
This Privacy Policy describes how BookHaven (the "Website," "we," "us," or "our") collects, uses, and discloses your personal information when you visit or use our services, make a purchase on 5eiiw1-40.myshopify.com (the "Website"), or otherwise communicate with us about the Website (collectively, the "Services"). For the purposes of this Privacy Policy, “you” and “your” refer to you as a user of the Services, whether as a customer, visitor to the Website, or other individual whose information we collect in accordance with this Privacy Policy.
Please read this Privacy Policy carefully.
Changes to this Privacy Policy
We may update this Privacy Policy occasionally, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Website, update the "Last updated" date, and take any other measures required by applicable law.
How We Collect and Use Your Personal Information
To provide the Services, we collect and have collected over the past 12 months personal information about you from various sources as outlined below. The information we collect and use varies depending on how you interact with us.
In addition to the specific uses described below, we may use the information we collect about you to communicate with you, provide or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and protect or defend the Services, our rights, and the rights of our users or others.
What Personal Information We Collect
The types of personal information we obtain about you depend on how you interact with our Website and use our Services. When we use the term "personal information," we refer to information that identifies you, relates to you, describes you, or can be associated with you. The following sections describe the categories and specific types of personal information we collect.
Information We Collect Directly from You
Information you provide to us directly through our Services may include:
-
Contact details, including your name, address, phone number, and email.
-
Order information, including your name, billing address, shipping address, payment confirmation, email address, and phone number.
-
Account information, including your username, password, security questions, and other information used for account security purposes.
-
Customer support information, including any details you choose to provide in communications with us, such as when sending a message through the Services.
Some features of the Services may require you to provide certain information directly. You may choose not to provide such information, but this may prevent you from using or accessing those features.
Information We Collect About Your Usage
We may also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels, and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Website and your account, including device information, browser information, network connection information, your IP address, and other details about your interaction with the Services.
Information We Obtain from Third Parties
We may obtain information about you from third parties, including vendors and service providers who may collect information on our behalf, such as:
-
Companies supporting our Website and Services, such as Shopify.
-
Our payment processors, who collect payment information (e.g., bank account, credit or debit card details, billing address) to process your payment in order to fulfill your orders and provide the products or services you requested, fulfilling the contract we have with you.
-
When you visit our Website, open or click emails we send, or interact with our Services or advertisements, we or third parties working with us may automatically collect certain information using online tracking technologies such as pixels, web beacons, software development kits, third-party libraries, and cookies.
Any information obtained from third parties will be handled in accordance with this Privacy Policy. See also the section below on Third-Party Websites and Links.
How We Use Your Personal Information
-
Providing Products and Services: We use your personal information to provide the Services, fulfill our contract with you, including processing payments, fulfilling your orders, sending notifications related to your account, purchases, returns, exchanges, or other transactions, creating, maintaining, and managing your account, arranging shipping, facilitating any returns and exchanges, and other account-related features and functionalities. We may also improve your shopping experience by allowing Shopify to link your account with other Shopify services you choose to use. In that case, Shopify will handle your information as described in their Privacy Policy and Consumer Privacy Policy.
-
Marketing and Advertising: We may use your personal information for marketing and promotional purposes, such as sending marketing communications, advertising, and promotional messages via email, text message, or postal mail, and to display product or service advertisements. This may include using your personal information to better tailor the Services and advertising on our Website and other websites. If you reside in the EEA, the legal basis for these processing activities is our legitimate interest in selling our products, in accordance with Article 6(1)(f) of the GDPR.
-
Security and Fraud Prevention: We use your personal information to detect, investigate, or take action regarding potential fraudulent, illegal, or malicious activity. If you choose to use the Services and register an account, you are responsible for keeping your account credentials secure. We strongly recommend not sharing your username, password, or other login details with anyone. If you believe your account has been compromised, contact us immediately. For EEA residents, the legal basis for these processing activities is our legitimate interest in keeping our Website safe for you and others, per Article 6(1)(f) of the GDPR.
-
Communicating with You and Improving Services: We use your personal information to provide customer support and improve our Services. This processing is based on our legitimate interest to respond to you, provide effective services, and maintain our business relationship with you, in accordance with Article 6(1)(f) of the GDPR.
Cookies
Like many Websites, we also use cookies. For specific information on the cookies we use in connection with our Shopify-powered store, please visit https://www.shopify.com/legal/cookies. We use cookies to power and improve our Website and Services (including remembering your actions and preferences), to perform analytics, and better understand your interaction with the Services (our legitimate interest to administer, improve, and optimize the Services). We may also allow third parties and service providers to use cookies on our Website to better tailor services, products, and advertising on our Website and other Websites.
Most browsers accept cookies by default, but you may configure your browser to remove or reject cookies via its controls. Note that removing or blocking cookies may negatively affect your user experience and may cause some Services, including certain features and general functionalities, to malfunction or become unavailable. Additionally, blocking cookies may not fully prevent the sharing of information with third parties such as our advertising partners.
Our Website also recognizes the Global Privacy Control (GPC) signal, which allows you to opt-out of certain uses or disclosures of your information. If you notify us of your preference via GPC, we will treat that signal as a valid opt-out request from sharing/targeted advertising for the browser or device sending the signal, and if we can associate the device sending the signal with a Shopify account, we will apply the opt-out to that account as well. To learn more about Global Privacy Control, visit https://globalprivacycontrol.org/. Beyond Global Privacy Control, we do not recognize other "Do Not Track" signals that may be sent by your browser or device.
How We Disclose Personal Information
Under certain circumstances, we may disclose your personal information to third parties for contractual, legitimate, and other purposes subject to this Privacy Policy. Such circumstances may include:
-
To vendors or other third parties who provide services on our behalf (e.g., IT management, payment processing, data analysis, customer support, cloud storage, order fulfillment).
-
To business and marketing partners to provide services and advertising. Our business and marketing partners will use your information according to their own privacy notices.
-
When you direct, request, or otherwise consent to us disclosing certain information to third parties, such as to ship products or through your use of social media widgets or login integrations.
-
To our affiliates or otherwise within our corporate group, in our legitimate interest in managing a successful business.
-
In connection with a business transaction, such as a merger or bankruptcy, to comply with applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.
In the past 12 months, we have disclosed the following categories of personal information and sensitive personal information about users for the purposes described above under "How We Collect and Use Your Personal Information" and "How We Disclose Personal Information":
| Category | Recipient Categories |
|---|---|
| Identifiers, such as basic contact data and certain order/account information | Service providers (e.g., ISPs, payment processors, customer support partners, data analytics providers) |
| Business information, such as order and purchase details and customer support information | Business and marketing partners |
| Internet or similar network activity data (Usage Data) | Business and marketing partners |
| Geolocation data, such as location derived from IP address or other technical measures | Affiliates |
We do not use or disclose sensitive personal information without your consent or for the purpose of inferring characteristics about you.
With your consent, we share personal information for advertising and marketing activities as follows:
| Category of Personal Information | Recipient Categories |
|---|---|
| Identifiers such as name, email address, and phone number | Business and marketing partners |
| Business information such as records of products or services purchased | Business and marketing partners |
| Usage Data | Business and marketing partners |
Third-Party Websites and Links
Our Website may provide links to third-party websites or other online platforms. If you follow links to websites not affiliated or controlled by us, you should review their privacy and security policies, as well as other terms and conditions. We do not guarantee and are not responsible for the privacy or security of those websites, including the accuracy, completeness, or reliability of the information found there. Information you provide in public or semi-public areas, including information you share on third-party social media platforms, may also be viewed by other users of the Services and/or users of those third-party platforms, without limitation as to our or third parties' use. Our inclusion of such links does not imply any endorsement of the content or owners/operators of those platforms, except as disclosed in the Services.
Children's Data
The Services are not intended for use by children, and we do not knowingly collect any personal information from children. If you are a parent or guardian of a child who has provided us with personal information, you may contact us using the contact details below to request its deletion.
As of the Effective Date of this Privacy Policy, we have no actual knowledge that we "sell" or "share" (as defined by applicable law) personal information of individuals under 16 years of age.
Security and Retention of Your Information
Please note that no security measure is perfect or impenetrable, and we cannot guarantee "perfect security." Additionally, any information you send to us may not be secure during transmission. We recommend not using insecure channels to communicate sensitive or confidential information.
The period for which we retain your personal information depends on various factors, such as the need to maintain your account, provide Services, comply with legal obligations, resolve disputes, or enforce contracts and applicable policies.
Your Rights
Depending on the place where you live, you may have some or all of the rights listed below concerning your personal information. However, these rights are not absolute and may only apply under certain circumstances. In some cases, we may refuse your request if the law allows us to do so.
Right of access / knowledge: You may have the right to request access to the personal information we hold about you, including details related to how we use and share your information.
Right of deletion: You may have the right to request the deletion of the personal information we hold about you.
Right of correction: You may have the right to request the correction of inaccurate personal information we hold about you.
Right of portability: You may have the right to receive a copy of the personal information we hold about you and to request its transfer to third parties, under certain circumstances and with some exceptions.
Right to refuse sale, sharing, or targeted advertising: You may have the right to instruct us not to "sell" or "share" your personal information or to opt out of processing your personal information for purposes considered as "targeted advertising," as defined by applicable privacy laws. Please note that if you visit our website with the Global Privacy Control opt-out signal enabled, depending on your location, we will automatically treat this as an opt-out request for the "sale" or "sharing" of information for the device and browser you use to visit the website.
Restriction of processing: You may have the right to ask us to stop or restrict our processing of personal information.
Withdrawal of consent: When we rely on consent to process your personal information, you may have the right to withdraw that consent.
Appeal: You may have the right to appeal our decision if we refuse to process your request. You can do this by responding directly to our refusal.
Management of communication preferences: We may send you promotional emails, and you may opt out of receiving them at any time using the unsubscribe option provided in our emails. If you opt out, we may continue to send you non-promotional emails, such as those related to your account or orders you have placed.
You may exercise any of these rights as indicated on our website or by contacting us through the contact details provided below.
We will not discriminate against you for opting to exercise any of these rights. We may need to collect some information from you to verify your identity, such as your email address or account information, before providing a concrete response to the request. According to applicable law, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof that you have authorized them to act on your behalf, and we may need to verify your identity directly with us. We will respond to your request in a timely manner as required by applicable law.
Complaints
If you have complaints about how we handle your personal information, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on your place of residence, you may have the right to appeal our decision by contacting us through the contact details below or by filing your complaint with the local data protection authority. For the EEA, you can find a list of authorities responsible for supervising data protection here.
International Users
Please note that we may transfer, store, and process your personal information outside the country where you reside. Your personal information is also processed by employees and third-party service providers and partners in those countries.
If we transfer your personal information outside Europe, we rely on recognized transfer mechanisms, such as the European Commission’s Standard Contractual Clauses or equivalent contracts issued by the relevant UK authority, as applicable, unless the data transfer is to a country determined to provide an adequate level of protection.
Contact
If you have any questions about our privacy practices or this Privacy Policy, or if you wish to exercise any of your rights, please contact us by email at bookhavenstorecontact@gmail.com.
For purposes of applicable data protection law, and unless expressly stated otherwise, we are the data controller responsible for processing your personal information.