Return to Index Page

Privacy Policy and GDPR Requirements

Effective Date: May 25, 2018


1. Overview
Archan has developed this Privacy Policy to explain how we may collect, retain, process, share and transfer your Personal Data when you visit our Site or use our Services. This Privacy Policy applies to your Personal Data when you visit Site or use Services, and does not apply to online Web Site or services that we do not own or control, including Web Site or services of other Archan users. For the avoidance of doubt, this Privacy Policy does not constitute a “framework contract” for the purpose of the EU Payment Services Directive (2007/64/EC) or any implementation of that Directive in the European Economic Area.

The EU has substantially expanded the definition of personal data under the GDPR. To reflect the types of data organisations now collect about people, online identifiers such as IP addresses now qualify as personal data. Other data, like economic, cultural or mental health information, are also considered personally identifiable information. This Privacy Policy is designed to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our Site and Services.

Please contact us if you have questions about our privacy practices that are not addressed in this Privacy Policy.

We have retained or original Privacy Policy for reference. You may view by Clicking here

2. Corporate Governance
The Managing Director of Archan is the Controller who determines the purposes and means of processing personal data, maintains records of personal data and processing activities, and also the processor, responsible for processing personal data on behalf of a controller function. The Data Protection Act 1998 requires every data controller (e.g. organisation, sole trader) who is processing personal information to register with the ICO, unless they are exempt. Archan has analysed its data responsibility and has established that registration with the Information Commissioners Office (ICO), is not required, and consequently also not required under the GDPR Controllers keep a record of individual who may wish withdraw their consent to the retention of purchase records. This will be enacted within 7 days. Any personal data supplied directly to the companies Controller will be held for the period required to achieve the informations objective only, then deleted. Unless it need to be retained for legal purposes (Tax Requirements), then it may be held up to 5 years. The Controller is responsible for telling other organisations (for instance, Google) to delete any links to copies of that data, as well as the copies themselves. Controller must now store people's information in commonly used formats (like CSV files), so that they can move a person's data to another organisation (free of charge) if the person requests it. Our Controller will action this within one month.

3. Awareness
The Managing Director of Archan is fully aware that the law is changing to the GDPR. We understand that as the GDPR is developed and is implemented, review of data risks will be addressed as an on-going activity. Archan’s system will also identify a purchasing error due to incorrect customer information supplied, our sales unit will endeavour to contact the customer to correct the information. This action is completed within a period of 24 hours. All customers are requested to supply a second email address with order, to counter and information errors. However, this is up to the customer to supply or not.

4. What Personal Data Do We Collect?
We collect Personal Data about you when you process a payment through PayPal, including the following: Transaction informationwhen you use our Services or access our Site, for example, to make purchases from our eBook portfolio. You complete the information required for PayPal to process the purchase (PayPal is the Processor). For each customer we receive the following purchasing information in the form of a purchase order:

1. Customer identification The may be customers name (real or fictional) or unique identifier
(pseudonymised).
2. Customers email address.
3. Customers purchase(s).
4. Date of purchase. This information is supplied by the customer and forwarded to Archan from PayPal, as all purchases are processed automatically via necessary PayPal software as a purchase order. Any purchasing error in customer data (email address) is generated by the customers when completing purchasing information. PayPal forwards this information as a purchase order, so we can ensure your eBook download was successful.

To see what information PayPal collects from you, when you puchase an eBook from Archan, ormore importantly your personal information when opening an PayPal Account, please refer to PayPals Privacy Policy. You need to access PayPals website. In order to do this please click here:

https://www.paypal.com/en/webapps/mpp/ua/privacy-full

https://www.paypal.com/uk/webapps/mpp/ua/upcoming-policies-full

Archan also takes the stance that processing personal data for EU residents by PayPal, it must by default, comply with GDPR and all its requirements. Other information we collect related to your use of our Site or Services - we may collect additional information from you when you communicate with us, or contact our customer sale team.

5. Lawful Basis for Processing Personal Information
The information that Archan uses is to facilitate the processing of a customers purchases only, and as the purchase is in the form of an eDocument, an email address is the minimum  required to supply the purchase. Therefore in simple terms a customers purchase data is required to process the purchased and consequent emailing of a customer purchased eBook. This notification is supplied by PayPal and retained on our system for a period of 7 days. This enables us to has instantaneous access to your purchase order without resorting to PayPal. If your order has be processed correctly your purchase request copy is deleted from our system within the 7 day period.

6. Why Do We Retain Personal Data?
We retain Personal Data in an identifiable format for the least amount of time necessary to fulfil our legal or regulatory obligations and for our business purposes. We do not retain Personal Data for longer periods than required by law. We will continue to use and disclose such Personal data in accordance with this Privacy Policy. The cookies we use have defined expiration times; unless you visit our Site or use our Services within that time, the cookies are automatically disabled and retained data is deleted. Please consult our Cookie Policy for more information.

7. How Do We Process Personal Data?
We may Process your Personal Data for a variety of reasons that are justified under data protection laws.

To operate the Site and provide the Services, including to: initiate a payment, or send a refund, or communicate with you about your purchase.

To manage our business needs - such as monitoring, analysing, and improving the Archan’s Services and Site’ performance and functionality. For example, we analyse successful downloads and unsuccessful downloads to improve our processing service.

To manage risk and protect the Site, the Services and you from fraud by verifying your identity - helping to detect and prevent fraud and abuse of the Site or Services.

To comply with our obligations and to enforce the terms of our Site and Servicesincluding to comply with all applicable laws and regulations.

For our legitimate interests, including to - enforce the terms of our Site and Services and manage our everyday business needs, such as monitoring, analysing; and With your consent - to respond to your requests, for example to contact you about a question you submitted to our customer service team.

You can withdraw your consent at any time and this service is free of charge.

8. Do We Share Personal Data?
We DO NOT share your Personal Data or other information about you to any company. With other third parties for our business purposes or as permitted or required by law - we may share information about you with other parties for Archan’s business purposes or as permitted or required by law, including:

- If we need to do so to comply with a law, legal process or regulations; to law enforcement authorities or other government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to Archan or Archan’s corporate family; - If we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;

- With credit agencies and data processors for credit reference checks and anti-fraud and compliance purposes; - To investigate violations of or enforce a user agreement or other legal terms applicable to any Service;
- To protect our property, Services and legal rights; - To help assess and manage risk and prevent fraud against us, our customers and fraud involving our Site or use of our Services, including fraud that occurs; - To support our audit, compliance, and corporate governance functions.

We will not share your Personal Data with any third party for their marketing purposes at all!: Nor do we have any plans in the future to share such data.

9. How Do We Work with Other Services and Platforms?
A significant benefit and innovation of Archan’s Services is that you can use PayPals payment services. This offers the customer a secure payment platform. For the purposes of this Privacy Policy, an “account connection” with such a third-party is a connection you authorise or enable between your Account and Archan, payment instrument,  which you lawfully control. When you authorise such a connection, Archan and the third-party will exchange your Personal Data and other information directly. Example of account connection is: - Linking of your PayPal Account;

- Using your PayPal Account to make payments to Archan.

- If you choose to create an account connection, you may receive information from the third-party about your use of the third-party’s service (PayPal). Archan has no powers over PayPal and you are encouraged to review their Privacy Policy when you open an account with PayPal or use thier services.

https://www.paypal.com/en/webapps/mpp/ua/privacy-full

10. International transfers
Our operations are supported by, but not limited to, third-party internet service provider (PayPal). The parties mentioned above may be established in jurisdictions other than your own and outside the European Economic Area. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with EEA data protection law, to protect your Personal Data.

Currently the company is regulated by the Zambia Information and Communications Authority (ZICTA) is the regulatory body for the country’s ICT sector. Established under the Information and Communication Technologies Act of 2009, ZICTA is known to be generally autonomous in its decision-making, although the government has some ability to influence ZICTA’s activities. The Minister of Information and Broadcasting Services is mandated to oversee ZICTA’s activities and appoint the members and chairperson of the ZICTA board. The minister is also entitled to issue general directives, which the regulator is obligated to carry out. This may change in the future, if proposed plans are to relocate operations to the United Kingdom.

11. How Do We Use Cookies and Tracking Technologies?
When you visit our Site, use our Services, or visit a third-party website, we and our business partner (PayPal) may use cookies and other tracking technologies (collectively, “Cookies”) to recognise you as a User and to customise your online experience. If you choose to disable or decline Cookies, your use of the Site and Services may be limited or not possible. Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We recommend that you enable this browser option. Also refer to our Cookie Policy – Please Click here.

12. What Privacy Choices Are Available To You?
You have a choice when it comes to the privacy practices and communications described in this Privacy Policy e.g. Cookie acceptance. Choices Relating to the Personal Data We may request Personal Data. - you may decline to provide Personal Data when it is requested by Archan, but certain Services or all of the Services may be unavailable to you.

Choices Relating to Account Connectionsif  you authorise an account connection to a third-party account or platform, such as PayPal, you may be able to manage your connection preferences from your third-party account or platform. Please refer to the privacy notice that governs the third-party platform for more information on the choices you may have.

https://www.paypal.com/en/webapps/mpp/ua/privacy-full

Choices Relating to Cookies - you have options available to manage your cookies preferences with Archan. For example, your browser or internet device may allow you delete, disable, or block certain cookies and other tracking technologies. You can learn more by visiting AboutCookies.org. You may choose to enable these options, but doing so may prevent you from using many of the core features and functions available on a Service or Site:

Choices Relating to Communication - Notices, Alerts and Updates from Us - we currently DO NOT use your information to send any form of  marketing content about our Site, Services, products, or products;

We will send communications to you that are required or necessary to send to Users of our Services, notifications that contain important information purchasing information.

13. What Are Your Rights?
Subject to limitations set out in EEA data protection laws, you have certain rights in respect of your Personal Data. In particular, you have a right of access, rectification, restriction, opposition, erasure and data portability. Please contact us if you wish to exercise these rights. If you wish to complete an access request to all personal data that Archan holds on you, please note that photo identity will be required to prove your identity.
  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.
14. Consent
Archan shall review how we seek, record and manage consent and whether you need to make any changes, as required However, we do not need to review existing consent requirement as customers have a choice to purchase our eBooks or not. If they do they need to supply as a minimum an email address during the purchase process with PayPal IP Address - an IP address is a number automatically assigned to your computer whenever you access the Internet. All computer identification on the Internet is conducted with IP addresses, which allow computers and servers to recognize and communicate with each other. The Site/Company does not collect IP addresses In order to conduct system administration, report aggregate information to sponsors and advertisers, and to conduct site analysis. If a visitor requests pages from Archans website the servers enter the visitor's IP address into a log. To maintain visitor anonymity, Archan does not associate IP addresses with records containing personal information. However, we will use IP addresses to identify any visitors who refuse to comply with websites rules or terms of service, and to identify visitors who threaten our service, site, customers or others. There identified individals shall be block from access in website.

If you wish to take advantage of our Free eBook Update service you will also need to give use permission to end the updates to your email address. Click here for more information.

We have included a CONSENT notice on each page where your personal data is required.

15. How Do We Protect Your Personal Data?
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorisation controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of Archan Supplied password(s) and verifying that the Personal Data we maintain about you is accurate and current. We are not responsible for protecting any Personal Data that we share with a third-party based on an account connection that you have authorised.

16. Can Children Use Our Services?
The Site and Services are not directed to children under the age of majority. We do not knowingly collect information, including Personal Data, from children or other individuals who are not legally able to use our Site and Services. If we obtain actual knowledge that we have collected Personal Data from a child under the age of majority, we will promptly delete it, unless we are legally obligated to retain such data. Please contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of majority. 17. Data Protection by Design and Data.
Archan has adopted the practice to privacy by a design approach and will carry out Privacy Impact Assessments as part of this design approach Protection Impact Assessment is only required where a new technology is being deployed; where a profiling operation is likely to significantly affect individuals; or where there is processing on a large scale of the special categories of data. The current operation of the Site/Company does not require a DPIA.

18. Security.
Archan has a SSL certificate which enhances customer processing security. Communications are therefore encrypted.

19. Data Breaches. Archan’s purchase notifications are securely held on a password protected computer until deleted, and therefore the chance of a data breach is not possible. If in the unlikely situation a data breach is detected, the Regulator shall be informed of such a breach within 72 hours of the occurance.

20. Changes to this Privacy Policy.
We may revise this Privacy Policy from time to time to reflect changes to our business, the Site or Services, or applicable laws. The revised Privacy Policy will be effective as of the published effective date.
If the revised version includes a substantial change, we will provide you with 30 days prior notice by posting notice of the change on the “Policy Update” page of our website. We also may notify Users of the change using email or other means.
This policy was last modified on 12/04/2018. To comply with GDPR.

21. Communicating Our Privacy Policy.
When you collect personal data you currently have to give people certain information, such as your identity and how you intend to use their information. This is usually done through a privacy notice. The ICO’s Privacy notices code of practice reflects the new requirements of the GDPR. Publication of Our Privacy Policy - Our Privacy Policy is available for review on-line (This document) and previous edition, Click Here Your Acceptance of Our Privacy Policy - By using our site, you consent to our privacy policy. If you do not accept these terms please leave the site immediately. Changes to this Privacy Policy - If we decide to change our privacy policy, we will post those changes on this page. Request Deletion of Personal Data - There is no need to request the deletion of personal purchase order data, as these notifications are deleted within 7 days of the order being placed automatically. Data Portability - Only applies:

- to personal data an individual has provided to a controller;

- where the processing is based on the individual’s consent or for the performance of a contract;
and when processing is carried out by automated means. The purchase data make be supplied to the individual in the form of a spreadsheet format within 7 days of the request.
22. Training
.
Relevant Data Protection knowledge training is undertaken as required.

23. Contacting Us.
You may contact us if you have general questions or concerns about this Privacy Policy and supplemental notices or the way in which we handle your Personal Data.
We want to make sure your questions go to the right place: If you are not satisfied by the way in which we address your concerns, you have the right to lodge a complaint with the Supervisory Authority for data protection in your country.

The Managing Director
Archan

Updated 16/05/2018