GDPR Policy

GDPR Compliance Policy

Effective Date: 2025/04/04

At The Ordinary Book Co., we take data privacy seriously and comply with the General Data Protection Regulation (GDPR) when processing data from individuals in the EU/EEA.

1. Who We Are

We are a South African-based online bookstore. For GDPR purposes, we act as the data controller of your personal data.

2. What Data We Collect

• Name, address, email, phone number
• Payment info (handled securely via third-party gateways)
• Browsing data and preferences (via cookies)

3. Why We Collect It

• To process and deliver your orders
• To communicate with you
• To improve our website and services
• To send marketing messages (if you opted in)

4. Lawful Basis for Processing

We process data based on consent, contract necessity, legal obligations, or legitimate interests.

5. Your GDPR Rights

• Access, correct, delete, or restrict your data
• Withdraw consent at any time
• Request data portability

Email requests to info@ordinarybooks.co.za.

6. How We Protect Your Data

We use encryption, secure servers, firewalls, and access controls to keep your data safe.

7. International Transfers

If you're in the EU, your data may be transferred to South Africa. We ensure appropriate safeguards are in place.

8. Data Retention

We retain data only as long as necessary for processing or legal compliance.

9. Sharing of Data

We do not sell your data. We only share it with providers who help us fulfil your order (e.g., couriers, payment services).

10. Contact Us

If you have questions or data requests, please contact us at info@ordinarybooks.co.za.