PRIVACY NOTICE

This Privacy Notice is effective as of 26th March 2025

 

SCOPE AND LEGAL BASIS

(1) In Pocketbook we respect your privacy and are committed to protecting your personal data while you running the website pocketbook.com (“website”). This Privacy Notice (“Notice” or “Privacy Notice”) will help you to understand who we are, how and what for we collect, use and store your personal data, how we keep your data secured, as well as your privacy rights and our commitments to comply with them. This Notice is provided in a layered format so you can click through to the specific areas set out below.

(2) This Privacy Notice was drafted in accordance with the UK Data Protection Act 2018 and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data in a version adopted as a United Kingdom General Data Protection Regulation (“UK GDPR”).

 

Contents

1. IMPORTANT INFORMATION AND WHO WE ARE
2. WHAT DATA WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
3. WHAT ARE THE PURPOSES FOR WHICH WE COLLECT YOUR PERSONAL DATA
4. WHAT ARE THE GROUNDS BASED ON WHICH WE COLLECT YOUR PERSONAL DATA
5. WITH WHOM DO WE SHARE YOUR PERSONAL DATA
6. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
7. HOW WE SECURE YOUR DATA
8. HOW LONG SHALL WE RETAIN YOUR DATA
9. WHAT RIGHTS DO YOU HAVE
10. CHANGES TO THIS PRIVACY NOTICE

 

1. IMPORTANT INFORMATION AND WHO WE ARE

(1) This Notice aims to give you information on how Pocketbook International SA (sometimes may be referred to as either “Pocketbook”, “us,” “we,” or “our”) collects and processes your personal data. Pocketbook is the controller in respective to this website and responsible for your personal data you shared with us when visiting our website and/or contacting us. Below, you may find our business details:
Pocketbook International SA
Crocicchio Cortogna, 6, 6900 Lugano, Switzerland
Reg.No: CHE-416.098.857
Tel/fax: +41 91 922 07 05
pocketbook.com
Email: [email protected]
We have a dedicated communication channel with which you can request more information about processing of your personal data. If you have any questions, comments or complaints regarding how we handle information about you, or if you want to assert any of your rights under the applicable data protection rules please send an email to [email protected].
The contact details of our UK representative for privacy matters are the following:
Name: Anna Krat
Email: [email protected]

 

2. WHAT DATA WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

(1) We may collect personal data from you. Personal data or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

(2) The Personal data we may collect from you could include:

- Account data. When you create an account on our website, you should provide certain personal data, such as your email address, and choose a password. If you want to order the products from our website, we shall ask you to provide us with an additional personal information such as your first and last name, and additional contact details (telephone number), as well as your payment card or other payment instrument data, as well as your billing address.

- Personal data collected through the contact forms you complete on our website. We encourage you to include only the personal data that is essential and sufficient to fulfill your request (your name and contact details at the least). Meanwhile, the decision about what personal data should be included in the contact form remains your responsibility.

- Personal data collected through your interaction with our chat-bot. As a general rule, our chat-bot may ask you about your name and contact details. The decision about what additional personal data should be shared with us during your interaction with our chat-bot remains your responsibility.

- Personal data collected through your direct communication with us. It may happen that you`ll need our support with respect to our goods and services, and/or handling your personal data as well. We are happy to assist you every time you need our help. Using such communication channels, as email and/or phone and/or face-to face (including online) meetings, you may address all your questions and concerns regarding our products and services. Based on our assessment, we`ll ask you to provide us with the personal data that is essential and sufficient to reply to your request. It could include inter alia, your first and last name, your contact details, purchase details that may include, for example, billing address.

- Geolocation data (IP-address) when you visit our website. Due to our contractual undertakings, distribution of certain digital content may be subject to the territory restrictions. That’s why we may ask for a consent from you to share your geolocation with us.

- Information we collect automatically when you interact with our website. Such information may include both personal (id number of your device) and non-personal data (device type, language preferences, access time, data gathered from cookie files, notification of successful access, browser type and version, the user's operating system).

You are not legally obliged to provide us with your personal data. However, if you do not provide this information, we will not be able to provide you with certain services, including our online offers.

Note that we DO NOT request and collect any sensitive data (such as information about your religion, etc.), unless you voluntarily provide us with. If you believe you have unintentionally provided with sensitive data, please request us and we will remove your sensitive data.

We DO NOT carry out automated decision making or any type of automated profiling.

It is your responsibility to ensure that information you submit does not violate any third party’s rights. You should keep your data up to date and inform us of any significant changes to it.

To collect your personal data we use certain technologies, including so-called cookies, on various pages for our online offering. Cookies are small text files or other storage notes that store information on the user's device and read information from the device. This is primarily information about a user during or after a visit to our online offering. The information stored may include, for example, the language settings, login status, shopping cart contents or the user's wish list. Cookies can also be used for the purposes of the functionality, security and comfort of our online offering, to create analyzes of visitor flows or for marketing purposes. Please visit our webpage with the Cookies Declaration to learn more.

 

3. WHAT ARE THE PURPOSES FOR WHICH WE COLLECT YOUR PERSONAL DATA

We support data minimization principle, that is why all the data we collect is attributed to the specific purpose of data collection. To decide what personal data should be collected within the course of our business, we make data assessments regularly. Based on our final assessment, we are collecting your personal data for the following purposes:

• to set-up an account on our website.
• to negotiate and further conclude a contract with you.
• to communicate with you.
• to fulfill any orders you make on our website.
• to provide you with PocketBook Cloud services.
• to provide you with customer support.
• to reply to your requests and enquiries.
• to send you the marketing and promotional materials (if applicable. For example, if you sign up to receive our promotional materials).
• to ensure security and functionality of the online offers.
• to conduct our marketing and analytics researches.
• to improve our goods and services.
• to associate your browser and/or device with other browsers or devices you use for the purpose of ensuring a single – sign in option (if applicable).
• to mitigate unlawful activity on our website.
• for the termination of our contractual relationship (in exceptional cases).
• to comply with our legal obligations (for example to keep our records for the tax purposes).

 

4. WHAT ARE THE GROUNDS BASED ON WHICH WE COLLECT YOUR PERSONAL DATA

We only process your personal data in compliance with the relevant data protection regulations. This means that your personal data will only be processed if there is legal permission.

When we process your personal data, we rely on the following grounds:

(a) Performance of a contract to which you are a party or taking steps at your request to enter into a contract with us (Art. 6 Paragraph 1 Sentence 1 Letter b) UK GDPR). This ground is applicable to the collection of the Account data and data you share with us when communicating with us about our products and services.

(b) Legitimate interest (Article 6 Paragraph 1 Sentence 1 Letter f) of the UK GDPR). We rely on this ground when we use the personal data to study how customers and users use our products and services in order to improve them, to grow our business and to develop our further marketing strategy.

(c) Compliance with our legal obligations (Article 6 Paragraph 1 Sentence 1 Letter c) of the UK GDPR). We rely on this ground in case we need collect and further process your personal information due to the requirements, established by the applicable laws.

(d) Your consent (Article 6 Paragraph 1 Sentence 1 Letter a) and Article 7 of the UK GDPR). We rely on your consent

- to process the data we collect using cookies and web-beacons. Unless unnecessary in exceptional cases, we obtain your consent before using cookies. However, consent is not necessary if the storage and reading of the information is absolutely necessary in order to provide users with a telemedia service they have expressly requested (our online offering). These cookies are categorized as “strictly necessary” cookies in the Cookie Consent Management Tool, appearing on the website. Revocation/objection: If you have consented to the use of the technologies in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) UK GDPR, you can change and revoke your consent at any time using the cookie icon on the home page: Cookie Consent Management Tool. You can also object to the processing in accordance with the legal requirements of Article 21 UK GDPR and Article 99 of the UK Data Protection Act 2018. You can also declare your objection using your browser settings.

- to send you marketing and promotional materials, including newsletters. Registration for our newsletter takes place in a so-called double opt-in process. This means that after you register you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can submit someone else's email address. Kindly note, that our newsletters contain “web beacons”, i.e. a pixel-sized file that is retrieved from the shipping service provider's server when the newsletter is opened. As part of this retrieval, technical information is initially collected, such as information about the browser and your system, as well as your IP address and the time of retrieval. You can revoke your consent to receive our newsletter at any time. You will find a link to exercise your right of withdrawal at the end of each newsletter. Registered users can also unsubscribe from the newsletter via their personal settings in their customer account. Unfortunately, it is not possible to revoke the success measurement separately. In this case, you must unsubscribe from the newsletter altogether.

If you opt out of receiving marketing communications, this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.

There can be rare occasions where it becomes necessary to use your personal information to protect your interests (or someone else's interests).

 

5. WITH WHOM DO WE SHARE YOUR PERSONAL DATA

(1) In order to provide you with the services of high quality we engage the corresponding service providers. Such service providers may have access to your personal data by processing your personal data on our behalf or with whom we have to share your personal data because of our contractual relations. Kindly note, that not all our service providers are located in the United Kingdom. In such cases international data transfer may take place in line with the section 6 of this Privacy Notice. You may find below the list of our engaged service-providers:

(a) The catalogue of our digital content is ensured and provided by the company GARDNERS BOOKS LIMITED (a company incorporated and registered in England and Wales with registration number 2010127 and whose registered office is at 1 Whittle Drive, Eastbourne, East Sussex BN23 6QH). You`ll receive the link to the downloadable content directly from GARDNERS BOOKS LIMITED. We are obligated to keep records of all the orders placed on our website to proof all our transactions towards GARDNERS BOOKS LIMITED (in case of request). You may learn how GARDNERS BOOKS LIMITED handles the personal data following the link https://www.littlegroup.com/group-policies/.

(b) Our newsletters and reminders are sent via CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as “shipping service provider” (website: https://www.cleverreach.com/de; data protection declaration: https://www.cleverreach.com/de/datenschutz/). The email addresses of our newsletter and/or reminder recipients as well as their other technical data described in this information are stored on the shipping service provider's servers. The shipping service provider uses this information to send and evaluate the newsletter on our behalf. Furthermore, the shipping service provider can, according to its own information, use this data in pseudonymous form, ie without assigning it to a user, to optimize or improve its own services, e.g. to technically optimize the shipping and presentation of the newsletter or reminder or for statistical purposes, e.g. to determine which countries the recipients come from. However, the shipping service provider does not use the data of our newsletter or reminder recipients to write to them themselves or to pass them on to third parties. We trust in the reliability and IT and data security of the shipping service provider. For this purpose, we have concluded an order processing contract with the shipping service provider. This is an agreement in which the shipping service provider undertakes to protect our users' data, to process it in accordance with the data protection provisions in our contract and, in particular, not to pass it on to third parties.

(c) We use Google Analytics and Google Ads, web analysis and advertising services respectively, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics and Google Ads also uses cookies, i.e. text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. On our behalf, Google will use your personal data to evaluate your use of the website, to compile reports on website activity and to provide us as website operator with other services related to website activity and internet usage.

Please note, Google Services do not store and process your IP address. To find out more, please visit Data privacy and security page of Google Analytics service.

Consent and objection: The Google Analytics cookies are stored and thus your usage behavior is only tracked if you have previously consented to this tracking. You can revoke this consent at any time with future effect. Users can find details about the cookies used within our online offering, in particular information about the type and functionality of the cookies, the storage period and the respective provider, in the Cookie Consent Management Tool we use. You can also prevent the storage of cookies by setting your browser software accordingly. In addition, you can prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=en-GB. You can find Google's privacy policy here: https://www.google.com/policies/privacy/partners/?hl=en.

(d) We use Adobe Commerce (Magento), the e-commerce B2B platform on which our website is based and operated. This platform is owned and operated by Adobe Inc. and its U.S. subsidiaries Marketo Inc, Magento (X-commerce, Inc) (345 Park Ave San Jose, CA, 95110-2704 USA). Adobe and its U.S. subsidiaries Marketo Inc, Magento (X-commerce, Inc) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Adobe has also certified to the US Department of Commerce that it adheres to EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF (as does its U.S. subsidiaries Marketo Inc, Magento (X-commerce, Inc). Adobe has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (as does its U.S. subsidiaries Marketo Inc, Magento (X-commerce, Inc).

You can find out more about how Adobe Inc. handles personal data by visiting the Adobe Privacy Center at https://www.adobe.com/privacy.html.

(e) We use an analytical service Fact Finder, provided by the company Omikron Data Quality GmbH (Habermehlstr. 17 75172 Pforzheim Germany). This is a search platform that assists businesses across the retail sector with conducting a search, navigation, personalization, merchandising and recommendations. FACT-Finder will use this information on our behalf to accept and validate orders you put with online offer, to analyze your customer activity, evaluate your use of the online offer, to compile reports on activity of online offer, and to provide further services related to website and Internet use to us as an operator of our online offer. You can find its privacy policy here: https://www.fact-finder.com/privacy.html

(f) We use Econda by Dymatrix (Econda Analytics), a web analytics service provided by DYMATRIX GmbH (Lautenschlagerstraße 2 70173 Stuttgart Phone: +49 (711) 2200788-0 Email: [email protected]). Dymatrix has strong security and privacy commitments that can be found by following their Data protection statement https://www.dymatrix.de/en/data-protection. Your data collected using Econda tools will be deleted after 12 months at the latest.

(g) We use the CookieScript tool for this website to inform users about the use of cookies and other technologies and to obtain their consent, if necessary, to their use and to the processing of their personal data through these technologies, to manage and document. This is necessary in accordance with Article 6 Paragraph 1 Sentence 1 Letter c) UK GDPR in order to fulfill our legal obligation in accordance with Article 7 Paragraph 1 GDPR to be able to prove the consent of the users. CookieScript is an offer from the provider Objectis Ltd. (Laisves st. 60, LT-05120 Vilnius, Lithuania, Company registration number: 304037472). CookieScript stores information about the categories of cookies used within our online offering and whether users have given or withdrawn their consent to the use of the individual categories. The data is stored in a cookie (so-called opt-in cookie) in order to be able to assign the consent to a user or their device. The duration of storage of the consent is up to 13 months. Here, a pseudonymous user identifier is created and stored with the time of consent, information about the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system, and device used. 

(h) To allow you a single sign-on with identity and access management across our products and services, we implemented an open source software product Keycloack, initially developed by the company Red Hat, Inc. (100 East Davie Street Raleigh, North Carolina 27601 USA). Keycloak is self-hosted so we have full control over the information, traffic and users who login, to control and manage the operation of our website. To learn more about the cookies that are used if you consent to the single sign-on mode, provided with the help of the Keycloack software, please revie the following link https://www.keycloak.org/docs/latest/server_admin/index.html#password-policy-types.

(i) To send you the messages, we made integration with the Mailgun platform provided by the Mailgun Technologies, Inc. (112 E Pecan St Ste 1100, San Antonio, TX 78205). Any data shared with this service provider is processed only for email deliverability purposes, in line with the Mailgun Privacy Policy (https://www.mailgun.com/legal/privacy-policy/). Mailgun Technologies, Inc complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

(j) In order to process your payments, we implemented Mollie payment method to provide you with one of the available payment options on our website. The operating company of Mollie is Mollie UK Ltd (the company is established in the UK (company number 14013554) with the registered office at: Huckletree Bishopsgate 8 Bishopsgate, City of London, London, England, EC2N 4BQ.

If you choose Mollie as a payment option during the order process on our website, you will be automatically transferred to the payment page hosted by Mollie’s PCI-DSS verified servers. By choosing Mollie as a payment option, you consent to the transfer of personal data required for processing the payment. This information may include first and last name, address, e-mail address, IP address, phone number, ordered products including prices and other information required for payment processing and fraud prevention. Mollie UK Ltd is fully PCI-DSS Level 1 certified, and also complies with the European Banking Authority’s guidelines on internet payment security. Since Mollie UK Ltd only requires your Mollie login credentials to pay, card or bank details are never revealed and thus kept safe from third-party individuals and organizations. The data about the collection, processing and use of personal data by Mollie UK Ltd you may find https://www.mollie.com/legal/privacy#3-data.

(k) If you are not yet registered for our Pocketbook Cloud service, a customer account will be created for you when you first purchase digital content via our online shop so that the purchased digital content can be made available to you in PocketBook Cloud. The terms of use published there apply to the use of PocketBook Cloud service, which you must confirm when logging in for the first time. The same applies to the information on data protection. To find out more, visit our Pocketbook Cloud website https://cloud.pocketbook.digital/browser/en/. PocketBook Cloud server is hosted by One Microsoft Way, Redmond, Washington, 98052, United States. Your data is protected by the service provider entering into the Standard Contractual Clauses as approved by the European Commission (EU-US DPF). EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here. EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here.

(2) If required by law, we may have an obligation to disclose your data to law enforcement, supervisory and other public authorities (i.e., obligatory disclosures). However, we undertake to reliably verify the legality, basis, competence, jurisdiction of such requests, containing any requirements regarding your data and your legal rights.

(3) At Pocketbook, we are a united Group of companies, jointly responsible for compliance with data protection laws. We work together to ensure an effective and sufficient online offering of our products and services. As part of this collaborative effort, we may transmit your data to the employees within group departments of software development, IT services, and customer support (i.e., intra-group data sharing).

 

6. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

(1) If, as part of our processing, we disclose data to other people and companies (contract processors or third parties), transmit it to them or otherwise grant them access to the data, this only takes place on the basis of legal permission. This applies, for example, if the data is transmitted to third parties, such as to the shipping service providers and after-sales services in accordance with Article 6 Paragraph 1 Sentence 1 Letter b) UK GDPR, as this is necessary to fulfill the contract if you have consented to this, a legal obligation or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

(2) If we make a transfer to the countries located outside the UK, we rely on:

- the UK adequacy regulations. The following countries are specifically covered by the UK adequacy regulations, EU countries, Switzerland, the EEA countries, the United States of America (covers data which is transferred under the UK Extension to the EU-US Data Privacy Framework). All our service providers are covered by the UK adequacy regulations as you may see in the section 5 of this document.

Please note that certain of our departments are located outside the countries that are not covered by the UK adequacy regulations. In this case, when we transmit your personal data for these purposes within the Pocketbook Group, we rely on:

1. a) International Data Transfer Agreement (IDTA); and an International Data Transfer Addendum (Addendum) – this is an addendum to the new standard contractual clauses issued by the European Commission under the EU GDPR on 04 June 2021 (new EU SCCs) The new EU SCCs are not valid for restricted transfers under UK GDPR on their own but using the Addendum allows us to rely on the new EU SCCs for the transfers under UK GDPR. AND
2. b) confidentiality obligations, ensuring your data is handled with care and responsibility.

 

7. HOW WE SECURE YOUR DATA

(1) We take your security seriously and take reasonable steps to protect and secure your personal information. Following provisions of Art. 99 of the UK Data Protection Act 2018, Art. 32 UK GDPR and taking into account state of the art, the implementation costs and the type, scope, circumstances, and purposes of the processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons, we have implemented adequate technical and organizational measures to protect your data against unauthorized, accidental, or unlawful destruction, loss, alteration, misuse, disclosure, access, and other unlawful forms of processing.

(2) We have established the Group’s data management policies to commit to privacy and security controls, as well as IT security policy and confidentiality statement; we also constantly monitor our data inventory to keep it updated. We have accurately performed and documented privacy impact assessments concerning certain operations and processing activities of our online offer to analyze and detect privacy risks towards your personal data. From time to time and when needed so, we perform security training and awareness sessions for the Group’s employees and contractors.

(3) The security measures include the encrypted data transmission between your browser and our server. In addition, we have set up procedures that ensure the exercise of the rights of those affected, the deletion of data, and a response to threats to the data.

(4) We limit access to your personal data to a genuine business need-to-know basis. Our personnel accessing your data act under our internal data protection rules and policies. Third parties will only process your personal information in an authorized manner, following our instructions and subject to a confidentiality duty.

(5) Unfortunately, information transmitted via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted online. Therefore, any transmission remains at your own risk.

 

8. HOW LONG SHALL WE RETAIN YOUR DATA

We have developed and implemented an internal Data Retention and Destruction Policy that governs processing activities and scenarios we have carefully developed for each specific activity, specific terms for keeping your data, the legal basis we rely on, and justifications, as well as data destruction methods when retention periods expire. Herewith, we are providing you with several examples of retention periods according to the purposes for which we collect, use, and store your personal data, as well as a legal basis we rely on:

For the fulfillment of our contractual obligations and services in accordance with Article 6 Paragraph 1 Sentence 1 Letter b) UK GDPR, we are keeping your data during the term of a contract. To find out more, please refer to the Terms and Conditions of our online offer.

For the purpose of sending you newsletters in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) UK GDPR, we are keeping your data for as long as you consented us. You may revoke your consent at any time by clicking “unsubscribe” in e-mail footer.

For the fulfilment of tax and accounting obligations in accordance with Art. 6 Para. 1 Sentence 1 Letter c) UK GDPR, we will retain your personal data usually for 10 years (depends on the applicable law).

Cookies data and other log files will be stored until the relevant cookies expire. To find out more, go to Sections 3 and 4 above. You can always check the duration of cookies storage in our Consent Management Tool.

When we process your data for the purposes of exercising your privacy rights and respond to your access requests, we will retain your data for 5 years.

When we process your data for the purpose of establishing, exercising, or defending against legal claims, we will keep the data for as long as it is necessary to defend our specific rights and interests, and, in the case of a dispute, until the final execution of the binding decision of the competent supervisory authority.

Upon expiration of data storage, we will securely destroy your data in accordance with Data Retention and Destruction Policy and applicable laws and regulations.

If we seek to retain your personal data on file on the basis that a further opportunity may arise in future, we will inform you with the notice, seeking your explicit consent to retain your personal data for a fixed period on that basis.

If you believe that we keep your data illegally, please send the respective notice request to [email protected]. We will review your request at the earliest convenience and delete your data, unless we are required by law to keep it for a longer period, or unless we can demonstrate legitimate grounds for the processing which override the interests, rights and freedoms of you. If deletion is impossible, we will securely store your personal data and isolate it from any further processing until deletion is permitted.

 

9. WHAT RIGHTS DO YOU HAVE

To the extent the respective legal requirements are met, you have the following rights:

(1) You have the right to obtain confirmation from us as to whether personal data concerning you is being processed (commonly known as a "data subject access request"); if this is the case, you have the right to be informed of this personal data (Art. 15 UK GDPR). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

(2) You have the right to ask us for correction of incorrect personal data concerning you and, if necessary, for completion of incomplete personal data (Art. 16 UK GDPR). This enables you to have any incomplete or inaccurate information we hold about you corrected.

(3) You have the right to request us for an erasure of the personal data relating to you immediately if one of the reasons listed in Art. 17 UK GDPR applies, for example, if the data is no longer needed for the purposes for which it was collected (right to deletion). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object as specified below. You can also delete your account from your profile page.

(4) You have the right to request us for the restriction of processing if one of the conditions listed in Art. 18 UK GDPR applies. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it or if you have lodged an objection to processing, for the duration of the examination by us.

(5) You have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing. You also have the right to object at any time to processing operations carried out pursuant to Art. 6 (1) clause 1 lit. e) or f) UK GDPR for reasons arising from your particular situation (Art. 21 UK GDPR).

We will then no longer process the personal data for the purposes of direct advertising and otherwise only if we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

(6) You have the right to revoke a given consent at any time with effect for the future (right of revocation), where the legal ground for processing your personal data is consent.

(7) You have the right to data portability (Art. 20 UK GDPR), meaning that you can request to receive from us the data concerning you which you have provided us with in a structured, common and machine-readable format. You may also transmit this data to other entities or have it transmitted by us.

(8) Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority if you consider that the processing of personal data relating to you is in breach of the GDPR (Art. 77 UK GDPR).You may file a complaint with a supervisory authority which is an Information Commissioner`s Office (ICO), if you believe the collection and use of your data infringe this Notice or applicable law. You can find details about how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.

(9) If you would like to exercise any of your rights, or if you would like more information about these rights or the rights which may apply in your country, send a respective request to:

Pocketbook International SA

Crocicchio Cortogna, 6, 6900 Lugano, Switzerland

Reg.No: CHE-416.098.857

Tel/fax: +41 91 922 07 05

pocketbook.com

Email: [email protected]

We may need to request specific information from you to confirm your identity and ensure your right to access the information (or to exercise any of your other rights).

You will not be expected to pay a fee to obtain your data unless we consider that your access request is unfounded or excessive. In these circumstances, we may charge you a reasonable fee or refuse to comply with your request. We may charge a reasonable fee if you request another copy of the information already provided to us.

Children`s Personal Data

Our website is developed for a general audience and is not directed to children. We do not knowingly collect or solicit personal information from children under the age of thirteen (13) (or other relevant ages, which may apply by virtue of applicable law) through our website. If we become aware that we have collected personal information from a child under such age, we will promptly delete the information from our records. Please contact us if you believe a child under such age may have provided us with his/her personal information.

 

10. CHANGES TO THIS PRIVACY NOTICE

We will notify you whenever we update this Notice by posting a new version on this page and identifying the date of update. In the event of substantial changes to this Notice, we will take additional steps to ensure you are aware of them. We also ensure the visibility and accessibility of this Notice by publishing and communicating it on all communication channels.