Privacy policy

Mestiza Books
Effective Date: 18 September 2025
Last Updated: 18 September 2025

1. Introduction

Mestiza Books ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, purchase our products, or interact with our services.

By using our services, you consent to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Personal Information You Provide

We may collect personal information that you voluntarily provide to us, including:

  • Account Information: Name, email address, username, password, and profile preferences

  • Contact Information: Mailing address, phone number, and other contact details

  • Payment Information: Credit card details, billing address, and payment preferences (processed securely through third-party payment processors)

  • Purchase History: Records of books purchased, order details, and transaction history

  • Communication Data: Messages you send us through contact forms, email, or customer service interactions

  • Marketing Preferences: Newsletter subscriptions and communication preferences

  • User-Generated Content: Reviews, comments, ratings, and other content you submit

2.2 Information Automatically Collected

When you use our services, we may automatically collect:

  • Device Information: IP address, browser type, operating system, device identifiers

  • Usage Data: Pages visited, time spent on pages, click-through rates, search queries

  • Location Information: General geographic location based on IP address

  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies

2.3 Information from Third Parties

We may receive information about you from:

  • Social Media Platforms: If you connect your social media accounts or use social login features

  • Payment Processors: Transaction information necessary to process payments

  • Marketing Partners: Information from advertising and analytics partners

  • Public Sources: Publicly available information relevant to our services

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Provision

  • Processing and fulfilling orders

  • Managing your account and providing customer support

  • Facilitating communication between users and authors

  • Personalizing your experience and recommendations

3.2 Business Operations

  • Processing payments and preventing fraud

  • Analyzing usage patterns to improve our services

  • Maintaining security and preventing unauthorized access

  • Complying with legal obligations and resolving disputes

3.3 Marketing and Communications

  • Sending newsletters, promotional materials, and updates (with your consent)

  • Notifying you about new releases, events, and special offers

  • Conducting surveys and gathering feedback

  • Providing targeted advertising based on your interests

3.4 Legal Basis for Processing (GDPR)

We process personal information based on:

  • Consent: Where you have given explicit consent

  • Contract: To fulfill our contractual obligations to you

  • Legitimate Interest: For our business operations and improving services

  • Legal Obligation: To comply with applicable laws and regulations

4. Information Sharing and Disclosure

4.1 We Share Information With:

  • Service Providers: Third-party vendors who help us operate our business (payment processors, shipping companies, email service providers, analytics providers)

  • Authors and Publishers: Information necessary to facilitate book sales and royalty payments

  • Marketing Partners: With your consent, for promotional purposes

  • Legal Authorities: When required by law or to protect our rights and safety

4.2 We Do Not:

  • Sell your personal information to third parties for monetary compensation

  • Share sensitive personal information without your explicit consent

  • Use your information for purposes beyond those described in this policy

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: Data transmission and storage using industry-standard encryption

  • Access Controls: Limited access to personal information on a need-to-know basis

  • Security Monitoring: Regular security assessments and monitoring for threats

  • Incident Response: Procedures for responding to data breaches and security incidents

  • Employee Training: Regular privacy and security training for all staff members

While we strive to protect your information, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 General Rights

  • Access: Request information about the personal data we hold about you

  • Correction: Request correction of inaccurate or incomplete information

  • Deletion: Request deletion of your personal information (subject to legal requirements)

  • Opt-Out: Unsubscribe from marketing communications at any time

6.2 Enhanced Rights (GDPR, CCPA, and Similar Laws)

  • Data Portability: Receive your data in a structured, machine-readable format

  • Restriction of Processing: Limit how we process your information

  • Object to Processing: Object to processing based on legitimate interests

  • Automated Decision-Making: Opt out of automated decision-making processes

6.3 Exercising Your Rights

To exercise these rights, contact us at [privacy@mestizabooks.com]. We will respond to your request within the timeframe required by applicable law (typically 30 days).

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

  • Essential Cookies: Necessary for website functionality

  • Performance Cookies: Help us understand how visitors use our site

  • Functional Cookies: Remember your preferences and settings

  • Advertising Cookies: Deliver personalized advertisements

7.2 Cookie Management

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

7.3 Third-Party Tracking

We use Google Analytics, Facebook Pixel, and other third-party tracking tools. These services have their own privacy policies governing their use of information.

8. International Data Transfers

If you are located outside of the United Kingdom, your information may be transferred to and processed in countries with different data protection laws. We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses: EU-approved contractual provisions

  • Adequacy Decisions: Transfers to countries with adequate protection levels

  • Certification Programs: Participation in recognized privacy frameworks

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Typical Retention Periods:

  • Account information: Until account deletion plus 30 days

  • Purchase records: 7 years for tax and accounting purposes

  • Marketing data: Until you opt out plus 30 days

  • Support communications: 3 years from last interaction

10. Children's Privacy

Our services are not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

11.1 Right to Know

You can request information about the categories and specific pieces of personal information we have collected about you in the past 12 months.

11.2 Right to Delete

You can request that we delete your personal information, subject to certain exceptions.

11.3 Right to Opt-Out of Sale

We do not sell personal information. If this changes, we will provide an opt-out mechanism.

11.4 Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation:

  • Lawful Basis: We will only process your data when we have a lawful basis

  • Data Protection Officer: Contact our DPO at [dpo@mestizabooks.com]

  • Supervisory Authority: You can file complaints with your local data protection authority

13. Contact Information

13.1 Privacy Inquiries

For privacy-related questions or to exercise your rights:

Email: privacy@mestizabooks.com
Mail: Mestiza Books, Attn: Privacy Officer, [Address]
Phone: [Phone Number]

13.2 Data Protection Officer (EU)

Email: dpo@mestizabooks.com

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will post the updated policy on our website

  • We will update the "Last Updated" date at the top

  • For material changes, we will provide additional notice (email notification, website banner, etc.)

  • Your continued use of our services constitutes acceptance of the updated policy

15. Governing Law

This Privacy Policy is governed by the laws of the United Kingdom. Any disputes will be resolved in the courts of [Jurisdiction].

This Privacy Policy is effective as of 18 September 2025 and replaces any previous versions. By continuing to use Mestiza Books' services, you acknowledge that you have read and understood this Privacy Policy.