Privacy Policy

Who we are

Our website address is:

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

We will never sell your information. Our contact forms are powered by HubSpot. View their privacy policy here.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


We monitor analytics in order to better understand and serve our customers. Some of the data we analyze includes  age, gender, race, and spending habits. 

Who we share your data with

We share your data with our Customer Management Systems (CMS) in order to manage your account and orders as well as our analytics software. We never sell your data.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.


What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service. Your data will also be sent through our analytics programs and Customer Management Systems.

Your contact information

If you have any privacy concerns, please email with the subject line PRIVACY CONCERNS. 


Additional information


How we protect your data

Our website has end-to-end encryption in place to keep your data secure.


What data breach procedures we have in place

HUES Book Box has implemented the following procedures to follow in
the event of a data breach involving personally identifying information (PII)
or other confidential information maintained on personal computers, agency
networks, or internet programs used by staff and volunteers. 

The following staff have key responsibility for implementing
and executing the data breach procedures:

·        Chá Merri 

·        X.E.M. 

In an effort to prevent a breach of data and PII, HUES Book Box has
implemented the following measures to prevent the breach of data:

·         Installed anti-virus intrusion notification software. 

·         Limited access to customer data to necessary personnel only (approximately 1-3 people).   

HUES has identified the following items as critical
systems and files that will be uploaded to a back-up system on a monthly basis: 

·         Customer data files.    

In the event of a data breach or imminent breach of PII data, in order to contain the data breach and minimize the extent of the intrusion:

·        Disconnect the affected and related systems or
networks from Internet access.

·        Contact 1st responder to notify them of the data breach or imminent breach of PII data.

·        Document date and time the breach occurred, what files the user was accessing at the time of the breach, the breach team member contacted, and actions taken to secure data.

·        Contact technical support to detect and remove
the malware or other information related to the breach.

·        Notify the VOCA Administrator at GCC within 24
hours of the breach occurrence or detection of breach/recognition of imminent

·        Review virus/malware/other protective software
to review system vulnerabilities and increase the level of protection for the system.

·        If possible, reimage the system and restore from
backup files.

Within 24 hours of the breach the Project Director (Chá) must notify the GCC VOCA
Administrator of the data breach, to forward the information to appropriate
staff at the Office for Victims of Crime.

Following the incident, HUES staff will review procedures to determine if any actions by
the user or the team contributed to the data breach.  Staff will be updated on policies to protect against data breaches or imminent breaches of PII data.

A computer technician will review software, updates, and software/data protection programs
to improve the security of the data and operating system to prevent further incidents. Information related to the data breach will be documented on the incident log, repairs or modifications implemented will be included on the log and kept in a secure location. 

If necessary, the management team will review procedures and make necessary changes to the
procedures to improve the security of PII and other secure information.  


What third parties we receive data from

Google analytics, Facebook, Instagram, TikTok, and HubSpot.

What automated decision making and/or profiling we do with user data

Targeted emails & advertisements and automatic subscription renewals. 
© 2020 HUES Book Box