Effective Date: 02/07/2025
Legal entity: TOTTBOOKS LLP (“TOTTBOOKS”, “we”, “our”, “us”)
Registered office: TP 15/360, Thazhuthala, Kannanalloor PO , Kollam, Kerala 691576
Operating Office: L116, LIC Lane, Pattom, Trivandrum, Kerala 695004
Contact: info@tottbooks.com
1. Scope
This Privacy Policy explains how we collect, use, disclose and safeguard the personal data (“Personal Data”) of visitors to https://tottbooks.com (“Site”), buyers of our print and digital books, and any other services we offer (collectively, “Services”).
2. Data We Collect
| Category | Examples | Legal basis |
|---|---|---|
| Identification | Name, postal address, phone, email | Consent / contract |
| Transaction | Order ID, books purchased, payment status | Contract / legitimate interest |
| Technical | IP, browser, device type, cookies | Legitimate interest / consent (analytics) |
| Children’s data | We do not knowingly collect data from under-13s. | Consent by parent/guardian |
3. How We Use Data
- Fulfill and deliver your orders
- Provide downloadable e-books and updates
- Respond to queries and service requests
- Send optional marketing with opt-out in every email
- Detect fraud, maintain security, comply with law
4. Cookies & Similar Tech
A banner on your first visit lets you accept or reject non-essential cookies. Manage preferences anytime via the “Cookie Settings” link in our footer.
5. Sharing & Disclosure
We share data only with:
- Payment processors (Razorpay, Stripe, PayPal)
- Logistics partners (India Post, DHL, etc.)
- Analytics & email platforms (e.g., Zoho, Mailchimp)
All vendors sign data-processing agreements committing to DPDP 2023, GDPR and CCPA safeguards. dlapiperdataprotection.com
6. International Transfers
Where data leaves India or the EEA we rely on:
- Adequacy decisions or approved Standard Contractual Clauses (SCCs)
- The DPDP Act’s cross-border transfer rules (when notified) privacyworld.blog
7. Your Rights
- Access, correct, delete, or port your data
- Withdraw consent at any time
- Complain to the Indian Data Protection Board or your local authority
8. Security
We use HTTPS, AES-256 database encryption at rest, and role-based access for staff.
9. Retention
We keep order records for 7 years (tax law) then delete or anonymise them. Newsletter data is erased within 30 days of unsubscribe.
10. Changes
We will post any privacy changes here and email registered users 14 days before they take effect.
