Our systems hold transactional data. In terms of volume, the vast majority of this data is related to orders for products. Associated with each order may be ancillary data: who the customer is, whether it has been downloaded, whether an update is available, author royalty information and so on. The second biggest volume of data we hold is that associated with customers.
We hold this data in order to provide support to our customers. For example, if you have an account, and if you have told us you want to receive notifications, our system will automatically send you an email should a free updated version of something you purchased become available. Some of our customers have opted in to our weekly newsletter, where we announce new titles, upcoming author events, and so on.
We think that holding this information is a privilege, and we protect it to the best of our abilities. After all, the owners, employees, and authors of the Bookshelf have their data stored in there, too.
About Us and this Web Site
We are based in the United States and the majority of our customers are US based as well. Our main business is our imprint, The Pragmatic Bookshelf, which publishes books for professional software developers, managers, and related professions, directly through this website and through retail channels. Our contact details are:
|Organization Name:||The Pragmatic Programmers, LLC|
|Address:||9650 Strickland Rd Ste 103-255|
|Raleigh NC 27615|
Information We Collect
You can access our Web site home page and browse our site without disclosing your personal data.
We collect the personal data that you may volunteer while using our services. We do not collect information about our visitors from other sources, such as public records or bodies, or from private organizations.
You may choose to register yourself, giving us your e-mail address to enable us to identify you. You may optionally elect to have us send you email using that address. This email falls into two categories. One is information on orders (for example, telling you that a download is available, or sending you a receipt). The second category is informational, low-volume marketing information—in particular we send out a weekly newsletter, and very occasionally send out information about sales. You may opt in to one or both of these email options.
In order to purchase things at our online store, you will need to give us certain personal information (name, e-mail address, telephone number, address(s), credit card type, number, expiration, and CVV2 value). We store your contact information in our order entry system. We do not store your credit card details. In fact, your credit card information never passes through our site—it is captured directly by our payment gateway provider, Braintree Payments (https://www.braintreepayments.com).
If you are an author, we may ask you to provide us with bank account information which we use to electronically pay royalties, this information is shared with our third party payment provider to facilitate ACH payments.
Automatic Collection of Information
We have always respected your right to privacy, and will continue to do so as a matter of course. However, we now operate in a world where governments are becoming more active in their efforts to police their citizen’s rights.
If you are a citizen of the European Union, our responsibilities regarding your data are laid out in the EU General Data Protection Regulation (GDPR). We believe we conform to this regulation. However, if you have a complaint, you have the right to object. Our goal is always to do the right thing, but if we can’t reach an agreement you have the right to have your personal data deleted from our systems. You also have the right to download the data we store related to you at no charge.
Our Site and Children
We do not knowingly collect personal data from children. We do not take specific steps to protect the privacy of children who disclose their personal data to us. We ask users to confirm that they are at least 18 years old before creating accounts with us.
Specifics of Data Held
If you have an account with The Pragmatic Bookshelf, information about this account is stored by our systems:
- Your email address
- A one-way salted hash of your password (from which the password itself cannot be reasonably recovered)
- The IP address from which the account was created. We use this solely to look for patterns in bot-created spam accounts
- The date and time of your last login, and a count of the number of logins
- Information you chose to make publicly available to other users of our site:
- The url of your website
- The url of your rss feed
- Your twitter handle
- A freetext biography
- Data that records the last login announcement that was displayed to you. These typically cover events such as system outages.
- A number of yes/no flags:
- whether you want to be sent occasional emails about new releases and other events at the Pragmatic Bookshelf
- The fact that you accepted the terms and conditions of using our site
- Whether you are a US tax-exempt entity If you have posted to our forums, either as an initial article or a reply to an article, we record
- The content of that post
- The date and time of creation
- The data and time of the last edit you made
- Whether you have chosen to monitor a thread
- The number of times other readers have flagged that this post might be spam
If you have bought from our online store and did not do so using an account on our system, we require and record your email address and name. If you order tangible goods, we require that you give us your shipping address, which we record.
You may optionally provide us with a purchase order number (or other identifying number) which we store simply so we can add it to any receipt we generate for you.
As part of the order, we store the items that you bought, any discounts or coupons you used, and the net, tax, shipping, and gross amounts you paid.
We record the type of payment you make (credit card, Paypal, and so on) and we record any confirmation numbers returned to us by the payment processor. Our systems do not receive, not do we store, any information such as account numbers, credit card details, expiry dates, and so on.
If you bought from our store while logged in to an account on our system, we associate that order with your account, allowing you to see a summary of all your purchases in one place. In the case of ebooks we also keep information on the most recent version of a product you own. This allows us to tell you what updates are available when you log in.
If you have written or created products we sell (you are an author), then we store all the information that we do for a normal user account. In addition, we record the products that are associated with you and a royalty percentage associated with each. We also record sales of your products (both direct and as reported by our partners), and use this to calculate your total royalty earnings. We record the amount and type of each royalty payment we make.
Access To The Information We Hold
Most of the information we hold about you is available to you via our normal website: log in and you can see your profile, your orders, and so on.
You may also request a copy of all the data we hold. Please email `firstname.lastname@example.org` to request it.
Data Retention and Deleting Data
We do not automatically expire your data: we store it to provide you with access to things you bought, conversations you had, and so on.
You may request that we delete all the data we store for a given email address/account by emailing `email@example.com` using the email address in question. We will confirm that you want all your personal data deleted.
This has a number of ramifications:
- If you had purchased any products from our store, you will no longer be able to see these orders (as you will not have an account)
- You will no longer get updates to products you own (as we won’t know that you own them)
- You will no longer be eligible for upgrade coupons (for example when we release a new edition of a title), again because we won’t know that you own the previous edition.
- If you are an author, you will no longer receive royalties, nor will you have access to past royalty records. This will not terminate your contract or other contractual obligations.
Some data cannot be deleted. For example, if you bought something from us, our system records a corresponding order. The amounts in this order are used in the future when calculating royalties for the authors of the products you bought. If you are an author, your contract and electronic records of it cannot be deleted.
Order information and certain identifying information must be kept in accordance with various taxation authority and other governmental requirements.
In these cases, we will remove all traces of your identity from the system, and will replace those traces with references to a single, internal, anonymous user.
Deleting your data from our system is a one-way process—one initiated, we cannot recover it.
Backups and archives
We perform daily backups of our data. The last 60 days of backups are retained. These are intended to be used only in the event of a catastrophic loss of our production database.
Controlling Access to Your Data
Access to your data is controlled at a number of levels:
- Nonadministrative users of our system can only see the data you have chosen to explicitly share with them (for example in your profile, comments in our forums, and so on)
- Our support personnel have a higher level of access, allowing them to see order details and other information. They also have to ability to change some of this information (typically in response to a customer request). These support accounts are tightly controlled and the personnel using them have contracts that bind them not to access or share your data unless dealing with a request from you.
- Our developers, in general, do not have access to your data. There is one exception to this: staff who deploys new releases of software have access to our production servers, and hence indirectly have access to production data. These people have similar contractual constraints to our support staff.
- Our hosting provider (Amazon AWS) might possibly be able to access data (for example as it passes through their internal networks). All external information flow is encrypted using SSL, but some interserver traffic can not be encrypted, and is outside our control.
- Our payment processor, Braintree Payments, handles all payment-specific data. For this to work, we pass it the order details (including your name, email, and (for tangible orders) shipping address).
- Our fulfillment company, ORM, ships physical products on our behalf. We pass them details on each order to ship, including your name, email, shipping address, and the items to ship.
- If you have opted-in to our weekly newsletter, then we will include your email address in the mailing list we maintain at Twilio SendGrid, If you opt out (either by changing your preferences on our site or by clicking the unsubscribe link in every newsletter) your email address will be removed from their list or added to their suppression list, depending on your method of unsubscription. Other Twilio group entities, who may also assist Twilio as sub-processors are listed in Appendix 1 of Twilio’s Sendgrid “Processor Policy” here: https://www.twilio.com/legal/bcr/processor#appendix-1
We use Google Analytics to measure the use of our site. As part of this, we use Google Analytics Demographics and Interest Reporting. This does not give us specific information about you—we only see aggregated data. However, you can opt out using Google’s Ads Settings.
Our intent is to use this information to tune the way we organize our site and the information it contains.