Privacy Policy
Hello and welcome to ZunTold.
ZunTold (company number 10311055) is both a publishing company and a provider of counselling services. You can buy books from us directly and we work with professional authors publishing their work for education and trade. We also offer consultancy to companies, local authorities, NHS and third- sector organisations working in the digital health space.
In addition, we also run a digital bibliotherapy and therapeutic writing service for the social care and health sector whereby you can access books, write for our community and work alongside a therapist who has been trained in therapeutic writing skills as well as other therapeutic approaches.
We have developed our privacy policy to make sure that everyone we come into contact with, whether that be authors, customers who purchase books, employees and trainees and service users who use our therapy services, can be assured that their data is safe and that we operate to the highest levels of confidentiality, security and that we comply with our legal duties.
This notice explains who we are, and details how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information, and how to contact me, as ZunTold’s Data Protection Officer in the event you have a question or a complaint.
We have split our Privacy policy into two sections. One section covers ZunTold customers who use the store to purchase books and others we work with us such as professional authors, employees, trainees or in a consultancy capacity. The second section relates to the Privacy Policy for our Fiction as Therapy service users.
How to contact us
First of all, if you have any questions about our privacy policy or the information we hold about you, please feel free to contact me directly:
Elaine Bousfield, Founder of ZunTold and Data Protection Officer on elaine@zuntold.com
Our registered office is 71-75 Shelton Street, Covent Gardens, London, United Kingdom, WC2H 9JQ
Contents of this page
Who are we?
ZunTold Ltd collects, uses and is responsible for certain personal information about you. When we do so we are subject to the Data Protection Laws described below and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Key terms
Here are some key terms used in this notice:
Data protection laws
The General Data Protection Regulation and the Data Protection Act 2018 in each case as amended, updated or replaced and as they apply to the UK.
Personal information - known as Personal Data
Any information relating to an identified or identifiable individual.
Special category personal information,
This is personal information which reveals racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation.
Contractual service or ‘contract’.
This relates to data we have to collect from you in order for us to be able to fulfil our obligations to you that may have arisen from us agreeing to deliver a product, service or intervention for you or alongside you. It may also relate to a contract we have with a third party such as a health provider such as the NHS or Social Care (for example) to supply you with a service that they have commissioned from us.
Legitimate interest
Legitimate interests relate to the data we have to collect so we are able to fulfil our business and contractual interests. These have been weighed against the rights of the individual and we have ensured we only collect the data we need in order to be able to fulfil our promises to our end users and our customers.
In the context of our services we expect that the special category personal information which we are most likely to process will be for our fiction as therapy service and will be data concerning your wellbeing and mental health, ethnicity, gender and age. Our legal basis for processing this data in our fiction as therapy service is to deliver a ‘contractual service’ to you. It is also collected under the legal basis ‘legitimate interest’ as it helps us to measure how we are performing as a service and how to improve our service.
WEBSITE PAYMENTS
We do not currently store credit card details nor do we share financial details with any 3rd parties. All payments are processed via PayPal.
CHILDREN UNDER 13 YEARS OF AGE
We do not collect information from children under the age of 13 outside our Fiction as Therapy service. No personal information (such as name, address or email address) is collected by, or should be submitted to us by children under 13 without the consent of their parent or guardian.
If you are under 13 and would like to register your details with us for any reason, unless you have been referred into our fiction as therapy service by one of our commissioned organisations, please ask your parent or guardian to read our privacy policy on your behalf. A guardian always has the right to question what information we store on a child and ask for that information to be deleted.
SECTION ONE
Personal information we collect about you
Customers
If you are a customer shopping in our online store for books, we may collect and use the following personal information about you:
- your name and contact information, including email address and telephone number
- your personal interests such as genres you like, authors, and audiences
- any feedback you choose to give us
Authors, employees, consultancy customers
- your name and contact information, including email address and telephone number
- your personal interests such as genres you like, authors, and audiences
- any feedback you choose to give us
- your gender and ethnicity information
- your date of birth
- medical, personal, bank details and other information and/or options that you provide to us during interviews and/or discussions with you.
How your personal information is collected
We may collect certain information or data about you in various ways. The main ways we do this are outlined below:
- When you submit enquiries or feedback through one of our website forms, or sign up for email updates, we may collect your name, email address, telephone number and other information.
- When you apply to work with ZunTold as an employee, trainee or as an author
- When you use our website we will collect:
- your IP address, and details of web browser and which version of it you used.
- information on how you use our website, using cookies, that will help us improve the website.
- When you participate in any of our research projects (including through interviews and focus groups) we may collect your name, contact and other details.
- When you commission ZunTold to undertake consultancy activity, we may collect your name, email address, role, organisation and other information.
- When you contact us directly, we may keep a record of that correspondence.
How and why we use your personal information
Under data protection laws, we can only use your personal information if we have a proper reason for doing so.
The points below explains what we use (process) your personal information for and our reasons for doing so.
To fulfil your customer orders
If you purchase books from us we need to know who and where to send it to. We will only use information on your buying practises to recommend other books to you if you have agreed to join our mailing list. We may contact you by email if you have bought from us prior to us establishing a mailing list, to see if you would like to join. If you elect not to, no other contact will be made with you.
Products and services
We need to process your personal data when we provide you with information, products and services that you have requested from us. We do so because it is necessary for our legitimate interests and/or because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract.
Marketing
When we send marketing communications to you at a business email address, we do so because it is necessary for our legitimate interests. Our legitimate interests include disseminating our research and analysis, as well as highlighting relevant products and services, in order to fulfil our mission to bring better mental health through fiction and through bibliotherapy and therapeutic writing to everyone.
In respect of personal email addresses, we will only send you marketing with your explicit consent and you can opt out at any time.
We will always treat your personal information with the utmost respect and never share it with other organisations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by contacting us on the contact us tab
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Personal data gathered from publicly available sources
We gather limited personal data from publicly available sources (such as announcements about job moves in the publishing sector, authors pages, announcements by agents or in the health and social care sector) so that we can contact individuals who we think will be interested in our products and services or in working with u We do so in connection with our legitimate interests as referred to above under 'Marketing'.
Other bases for processing
We may need to process your personal data for compliance with our legal and regulatory obligations, including where it is necessary for the prevention and detection of crime, or for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property).
Who we share your personal information with
We routinely share personal information only with our service provider Dropbox as a data back-up service provider.
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information (excluding special category personal information) with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
We will not share your personal information with any other third party.
Where your personal information is held
Information may be held at our offices and on the servers of our service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’).
How long your personal information will be kept
We will retain your personal data no longer than is necessary for the purposes for which it is processed. For example, it may be kept for the duration of a service or product you receive from us or as part of our legal obligations.
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. Further details on this are available on request.
When it is no longer necessary to retain your personal information, we will delete or anonymise it.
Your rights
You have the following rights, which you can exercise free of charge:
Access
The right to be provided with a copy of your personal information (the right of access).
Rectification
The right to require us to correct any mistakes in your personal information.
To be forgotten
The right to require us to delete your personal information - in certain situations.
Restriction of processing
The right to require us to restrict processing of your personal information - in certain circumstances, e.g. if you contest the accuracy of the data.
Data portability
The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations.
To object
The right to object:
- at any time to your personal information being processed for direct marketing (including profiling);
- in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email, call or write to our Data Protection Officer; see above: ‘How to contact us’; and
- let us have enough information to identify you (e.g. your full name and address);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request relates.
Keeping your personal information secure
We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
The data protection laws also give you right to lodge a complaint with a supervisory authority. In the UK, the supervisory authority is the Information Commissioner who may be contacted at ico.org.uk/concerns or by telephone: 0303 123 1113.
Changes to this privacy policy
This privacy notice was published on January 1, 2021 and last updated on January 1, 2021.
We may change this privacy notice from time to time. When we do, if you've given us your email address as part of registering for our services, we will inform you via email.