Privacy policy

We provide a software-as-a-service platform that processesfinancial, transactional, and business data on behalf of our customers.  Our data handling practices comply with thestandards of applicable laws, including where applicable, the California Consumer Privacy Act (“CCPA”), the California PrivacyRights Act (“CPRA”), and the General Data Protection Regulation (“GDPR”). Because we primarily offer softwareservices to business customers, in most cases, we process personal informationon behalf of our customers and according to their instructions and ourcontractual obligations with them. When customers provide data to our Services,we generally act as a service provider under CCPA/CPRA and as a data processorunder GDPR. When we process personal information solely in accordance with the customer'sinstructions and applicable agreements, we do not use customer data for our ownindependent purposes. In these cases, individuals should direct privacyrequests to the relevant customer (business/data controller). When we collectand use the information you submit to us directly and process that data for itsown purposes, we act as a company and data controller under CCPA/CPRA and GDPR,respectively. This role allows us to decide what todo with your personal data, such as account registration, communications withyou, and related informational activities. In these cases, you should submityour privacy requests to us directly by contacting us atprivacy@connectbooks.com.

What Information We Collect and How We Collect It

When you sign-up for or use the Site or Service, we may collect or store personal information (“PI”)from you such as your first name, last name, e-mail address, and phone number. Youmay also interact with us through our customer support or chat communications, e.g.,chatbot. If you choose to interact through chatbot or live support features, wewill collect the information you share to improve our Services. You shouldrefrain from voluntarily disclosing sensitive personal information, financialdata, or your confidential information. We may also collect technical and usagedata automatically when you use our site, i.e., your IP address, browser type, orpages viewed. The kinds of business and transactional  data we collect include: (a) your datathat is imported from other platforms; (b) transaction data (your purchasehistory, billing); and (c) other customer-provided data that you previouslyuploaded to other platforms for the use of our Services. Other categories ofdata we collect include analytics and behavioral data such as your websiteinteraction, navigation patterns, heatmaps, automatically collected data throughcookies or analytical tools, advertising tools, or information from our thirdparties where permitted. Where required by law, we provide notices regardingdata collection and processing. For this data, we are responsible forresponding to your privacy rights requests. You may withdraw your consent atany time, where applicable, by following the instructions in this PrivacyPolicy or by contacting us at privacy@connectbooks.com.  If needed, we may disclose your PI, forexample, to process your transactions, comply with legal requests, or report tocredit-reporting agencies. Additionally, we at times collect publicly availabledata and link such data to data from you for the purpose of marketing ormanaging your account.  We do not usecustomer data for targeted or cross-context behavioral advertising. Your paymentcard data is processed and stored only by third-party payment processors undera tokenized and secure data infrastructure that we cannot access.

Legal Basis forProcessing Your Data

Where applicable under the GDPR, we may rely on thefollowing legal bases: (i) to perform under a contract, e.g. withthird-party platforms that you already conducted purchases, sales, and related financialtransactions, such as data controllers with whom we are under contact orServices delivery; (ii) to meet our legitimate business interests, includingto improve our Services, enhance our security safeguards, and analytical measures;(iii) to ensure consent for cookies or marketing purposes, where required;and (iv) to fulfill our obligations under applicable laws and regulations. We also rely on our customer’s legalbasis and consents.

Cross-Device Tracking, Data Sharing, Cookies, andConsent

We may use data received from one browser or device and linkthat data to another platform or device or at times send such data to our thirdparties. We also use cookies, pixels, and similar technologies to operate,secure, and improve our Site and Services. We will only engage in cross-devicetracking for analytics or advertising once you have provided consent for us todo so through our cookie settings. We use strictly necessary cookies for corefunctionality and data security. Analytics and performance cookies, such asGoogle Analytics, measure usage and improve our Servies. Session/behavioralanalytics are used to understand interactions with our Site, and MarketingCookies may be used on our Site only.

When providing our Services, we act as service provider/contractor(CCPA/CPRA) or data processor (GDPR) so that we can process the personal data onlyaccording to documented customer instructions. We do not use, disclose, retain,or combine personal information for any purpose other than as specified undercontract. We do not sell or share personal information. We do not use personalinformation for cross-content behavior advertising. Our tracking is limited toservice delivery, data security, and Service improvement. Under CCPA/CPRA, ouruse of your personal data is limited to allowable service provider purposes. Whereapplicable, under GDPR, non-essential cookies are used only with your prior andexplicit consent.

Use and Disclosure ofPersonal Information

To provide a seamless experience, we use your personalinformation for business operation and managing your preferences.We only collect data necessary for the purposes described in our Privacy Policy,and any data sharing with our trusted third-party partners is subject to yourprior consent and data protection. We use information for related andadditional purposes as allowed by law such as:

·               servicing your account;

·               processing transactions;

·               communicating with you;

·               improving our Site,products, or Services;

·               legal compliance;

·               responding to court ordersand investigations;

·               responding to creditbureaus;

·               risk management;

·               information security andanti-fraud;

·               marketing or personalizingthe presentation of our products and Services to you;

·               tracking website usage,such as number of hits, pages visited, and the length of user sessions in order to evaluate the usefulness of our sites; and

·               using read-receiptnotifications in our email communications.

We may disclose your personal informationwith other service providers for analytics, cloud hosting, marketing, paymentprocessors, our business partners, such as the third parties that you already engagedin purchase and sales or other financial transactions with and/or connected to youraccount with us for our Services  We mayalso disclose your personal information to meet our legal and compliance dutiesto law enforcement or a regulatory authority or other otherwise enforce validagreements or to protect rights.  We donot sell your personal information.

We may engage in subprocessors to assistus in providing Services to you. Subprocessors may provide hosting, security,customer support, analytics, communications, or other operational functions. Werequire our subprocessors to protect personal data through contractual duties consistentwith applicable data protection and privacy laws. A current list of subprocessors may be madeavailable upon request or through our website or by contacting us at privacy@connectbooks.com.

Data Retention

We retain personal data only for as long as reasonablynecessary to provide our Services and to fulfill the purposes we describe in the Privacy Policy, including accounting, legal, and compliance reporting requirements.We are required to retain customer data according to customer instructionsunder contract, and we delete upon termination stipulated unless legallyrequired otherwise. To assess the proper retention period for data we control,we consider the categories of data, industry standards and regulatory retentioncriteria, and applicable legal timelines. We may delete certain customer data afteraccount termination within a defined time period,subject to legal obligations.

We do not target our marketing to the EU or conduct business in or to theEU in any meaningful way. All Customers are required to have a valid USaddress.

If you are aresident of the European Economic Area (“EEA”), or are accessing thissite from within the EEA, you are not to use the Site or the Services. Our Privacy Policy applies to all users. For EEA residents, additional GDPRrights and information may apply as detailed herein.

Text Messaging

No mobile information will be shared with thirdparties/affiliates for marketing/promotional purposes. All other categoriesexclude text messaging originator opt-in data and consent; this informationwill not be shared with any third parties.

Disclosure ofInformation

We may share your information with relevantparties, as examples:

·               Third-party serviceproviders (i.e. analytics, marketing, web production); and

·               Other third parties tocomply with legal requirements such as:

o     to enforce our Terms orverify information to that end;

o     enforce our other rights;

o     resolve security oroperational concerns;

o     emergency responses; or

o     otherwise to protect ourcustomers or other parties.

Security and BreachNotification

We implement reasonable physical, technical,and administrative safeguards to protect PI.  Despite our technical and organizational measuresand industry standards to protect your data, however, no data transmission orstorage system can be guaranteed to be completely secure. If you believe youhave a security concern relating to this Site or our Services, pleaseimmediately contact us at privacy@connectbooks.com.  Whenacting as service provider or data processor, we will notify the relevantcustomer without undue delay after becoming aware of a confirmed personal databreach affecting customer data and according to contractual duties. When actingas a data controller, we will comply with applicable breach notificationrequirements under relevant laws. Where applicable, and if GDPR applies, wewill notify the relevant authorities within 72 hoursof becoming aware of such breach or as required under applicable laws.

Jurisdiction

Our Site is intended for North Americanvisitors. If you browse this Site or use our Service your information will beprocessed within the United States. If personal information is transferred tous from outside the United States, we use appropriate safeguards to protectyour data. We rely on the following mechanisms, if applicable: (i) standardContractual Clauses (SCCs) under the European Commission as a safeguard fortransfers regarding service providers and other recipients; (ii) the EU-U.S. Data Privacy Framework (DPF)concerning the transfer of data to recipients certified under the DPF; or (iii) other mechanisms as permitted under the GDPR, whereapplicable. You can request more information or a copy of the safeguards weuse for data transfers, where applicable, by contacting us at privacy@connectbooks.com.

We do not intentionally offer our Services toindividuals located outside the United States or within the European EconomicArea or the United Kingdom. If you believe we have inadvertently collected yourpersonal data, please contact us.

CCPA/CPRA Notice (CaliforniaResidents)

LastRevised: June 3, 2026

This Privacy Notice for California Residents supplements theinformation contained in ConnectBook’s Privacy Policyand applies solely to all visitors, users, and others who reside in the Stateof California (“consumers” or “you”) and certain other U.S. jurisdictions.We adopt this notice to comply with the California Consumer Privacy Act of 2018(CCPA), as amended, and any terms defined in the CCPA have the same meaningwhen used in this Notice.

·               Your Rights:  As a California resident, you may have theright to: know what personal information we collect; access personalinformation; correct inaccurate personal information; delete personalinformation; receive personal information in a portable format; opt out of thesale or sharing of personal information; limit certain uses of SensitivePersonal Information where applicable; and be free from discrimination forexercising privacy rights.

·               Sensitive PersonalInformation (SPI):  Wemay process limited categories of Sensitive Personal Information, includingaccount credentials; financial account information; payment-relatedinformation; or information contained within Customer Data submitted bycustomers. We use SPI only as necessary to provide the Services and do not useSPI for profiling or marketing purposes.

1.             Information WeCollect

Our Site collects information that identifies, relates to,describes, references is reasonably capable ofbeing associated with, or could reasonably belinked, directly or indirectly, with a particular consumer, household, ordevice (“personal information”). Personal information does not include:

·               publicly availableinformation from government records;

·               deidentified or aggregatedconsumer information; and

·               information excluded fromthe CCPA’s scope, like:

o     health or medicalinformation covered by the Health Insurance Portability and Accountability Actof 1996 (HIPAA) and the California Confidentiality of Medical Information Act(CMIA) or clinical trial data; and

o      personal information covered by certain sector-specificprivacy laws, including the Fair Credit Reporting Act (FCRA), theGramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act(FIPA), and the Driver’s Privacy Protection Act of 1994.

In particular, our Site hascollected the following categories of personal information from its consumerswithin the last twelve (12) months:

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique  personal identifier, online identifier, Internet Protocol address, email  address, account name, or other similar identifiers.

YES

B. Personal information categories listed in  the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, address, or telephone  number. Some personal information included in this category may overlap with  other categories.

YES

C. Protected classification  characteristics under California or federal law.

Age (40 years or older), race, color,  ancestry, national origin, citizenship, religion or creed, marital status,  medical condition, physical or mental disability, sex (including gender,  gender identity, gender expression, pregnancy or childbirth and related  medical conditions), sexual orientation, veteran or military status, genetic  information (including familial genetic information).

NO

D. Commercial information.

Records of personal  property, products or services purchased, obtained, or considered, or  other purchasing or consuming histories or tendencies.

YES

E. Biometric information.

Genetic, physiological, behavioral, and  biological characteristics, or activity patterns used to extract a template  or other identifier or identifying information, such as, fingerprints,  faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other  physical patterns, and sleep, health, or exercise data.

NO

F. Internet or other similar network  activity.

Browsing history, search history, information  on a consumer’s interaction with a website, application, or advertisement.

YES

G. Geolocation data.

Physical location or movements.

NO

H. Sensory data.

Audio, electronic, visual, thermal,  olfactory, or similar information.

NO

I. Professional or employment-related  information.

Current or past job history or performance  evaluations.

NO

J. Non-public  education information (per the Family Educational Rights and Privacy Act (20  U.S.C. Section 1232g, 34 C.F.R. Part 99)), as  amended.

Education records directly  related to a student maintained by an educational institution or party  acting on its behalf, such as grades, transcripts, class lists, student  schedules, student identification codes, student financial information, or  student disciplinary records.

NO

K. Inferences drawn from other personal  information.

Profile reflecting a person’s preferences,  characteristics, psychological trends, predispositions, behavior, attitudes,  intelligence, abilities, and aptitudes.

NO

Our Site obtains the categories of personal informationlisted above from the following categories of sources:

·               directly from you--forexample, from forms you complete or products and services you purchase; and

·               indirectly fromyou--for example, from observing your actions on our Site.

2.             Use of Personal Information

We may use or disclose the personal information we collectfor one or more of the purposes enumerated in the bullet points immediatelyfollowing this sentence.

·               To fulfill or meet thereason for which you provided the information. For example, if you share yourname and contact information to request a price quote or ask a question aboutour products or services, we will use that personal information to respond toyour inquiry. If you provide your personal informationto purchase a product or service, we will use that information to process yourpayment and facilitate delivery. We may also save your information tofacilitate new product orders or process returns.

·               To provide, support,personalize, and develop our Site, products, and services.

·               To create, maintain,customize, and secure your account with us.

·               To process your requests,purchases, transactions, and payments and prevent transactional fraud.

·               To provide you with supportand to respond to your inquiries, including to investigate and address yourconcerns and monitor and improve our responses.

·               To personalize your Siteexperience and to deliver content and product and service offerings relevant toyour interests, including targeted offers and ads through our Site, third-partysites, and via email or text message (with your consent, where required bylaw).

·               To help maintain thesafety, security, and integrity of our Site, products and services, databasesand other technology assets, and business.

·               For testing, research,analysis, and product development, including to develop and improve our Site,products, and services.

·               To respond to lawenforcement requests and as required by applicable law, court order, orgovernmental regulations.

·               As described to you whencollecting your personal information or as otherwise set forth in the CCPA.

·               To evaluate or conduct amerger, divestiture, restructuring, reorganization, dissolution, or other saleor transfer of some or all of our assets, whether as a going concern or as partof bankruptcy, liquidation, or similar proceeding, in which personal informationheld by us about our Site users is among the assets transferred.

We will not collect additional categories of personalinformation or use the personal information we collected for materiallydifferent, unrelated, or incompatible purposes without providing you notice.

3.             Sharing PersonalInformation

We may disclose your personal information to a third partyfor a business purpose. When we disclose personalinformation for a business purpose, we enter a contract that describes thepurpose and requires the recipient to both keep that personal informationconfidential and not use it for any purpose except performing the contract. TheCCPA prohibits third parties who purchase the personal information we hold fromreselling it unless you have received explicit notice and an opportunity toopt-out of further sales.

We share your personal information with the followingcategories of third parties: 

·               service providers;

·               marketing agencies; and

·               data aggregators.

4.             Disclosures ofPersonal Information for a Business Purpose

In the preceding twelve (12) months, Companyhas not disclosed personal information for a business purpose.

5.             Sales of PersonalInformation

In the precedingtwelve (12)months, Company had not sold personalinformation.

6.             Your Rights andChoices

The CCPA/CPRA provideconsumers (California residents) with specific rights regarding theirpersonal information. This section describes your CCPA/CPRArights and explains how to exercise those rights.

6.1              Access to SpecificInformation and Data Portability Rights

You have the right to request that we disclose certaininformation to you about our collection and use of your personal informationover the past 12 months. Once we receive and confirm your verifiable consumerrequest, we will disclose to you the informationspecified in the bullet points immediately following this sentence.

·               The categories of personalinformation we collected about you.

·               The categories of sourcesfor the personal information we collected about you.

·               Our business or commercialpurpose for collecting or selling that personal information.

·               The categories of thirdparties with whom we share that personal information.

·               The specific pieces ofpersonal information we collected about you (also called a data portabilityrequest).

·               If we sold or disclosedyour personal information for a business purpose, we will provide two separatelists disclosing:

o     sales, identifying thepersonal information categories that each category of recipient purchased; and

o     disclosures for a businesspurpose, identifying the personal information categories that each category ofrecipient obtained.

We do not provide these access and data portability rightsfor B2B personal information.

6.2              Deletion Request Rights

You have the right to request that we delete any of yourpersonal information that we collected from you and retained, subject tocertain exceptions. Once we receive and confirm your verifiable consumerrequest, we will delete (and direct our service providers to delete) yourpersonal information from our records, unless an exception applies.

We may deny your deletion request if retaining theinformation is necessary for us or our service provider(s) to do any of thethings enumerated in the bullet points immediately following this sentence.

(a)          Complete the transactionfor which we collected the personal information, provide a good or service thatyou requested, take actions reasonably anticipated within the context of ourongoing business relationship with you, fulfill the terms of a written warrantyor product recall conducted in accordance with federal law, or otherwiseperform our contract with you.

(b)          Detect security incidents,protect against malicious, deceptive, fraudulent, or illegal activity, orprosecute those responsible for such activities.

(c)          Debug products to identifyand repair errors that impair existing intended functionality.

(d)          Exercise free speech,ensure the right of another consumer to exercise their free speech rights, orexercise another right provided for by law.

(e)          Comply with the CaliforniaElectronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.), as amended.

(f)           Engage in public orpeer-reviewed scientific, historical, or statistical research in the publicinterest that adheres to all other applicable ethics and privacy laws, when theinformation’s deletion may likely render impossible or seriously impair the research’sachievement, if you previously provided informed consent.

(g)          Enable solely internal usesthat are reasonably aligned with consumerexpectations based on your relationship with us.

(h)          Comply with a legalobligation.

(i)           Make other internal andlawful uses of that information that are compatible with the context in whichyou provided it.

We do not provide these deletion rights for B2B personalinformation.

6.3              Exercising Access, DataPortability, and Deletion Rights

To exercise the access, data portability, and deletionrights described above, please submit a verifiable consumer request to us byeither:

·               Emailing us at privacy@connectbooks.com.

·               Calling us at: 845-751-1600

Only you, or someone legally authorized to act on yourbehalf, may make a verifiable consumer request related to your personalinformation. You may also make a verifiable consumer request on behalf of yourminor child.

You may only make a verifiable consumer request for accessor data portability twice within a 12-month period. The verifiable consumerrequest must:

·               provide sufficientinformation that allows us to reasonably verify youare the person about whom we collected personal information or an authorizedrepresentative, which may include:

o      name, contact information, and information related to yourtransaction or relationship with the Company, but the specific informationrequested may differ depending on the circumstances of your request for yoursecurity and to protect privacy rights; and 

o      describe your request with sufficient detail that allows usto properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you withpersonal information if we cannot verify your identity or authority to make therequest and confirm the personal information relates to you.

Making a verifiable consumer request does not require youto create an account with us. However, we do consider requests made throughyour password-protected account sufficiently verified when the request relatesto personal information associated with that specific account.

We will only use the personal information provided in averifiable consumer request to verify the requestor’s identity or authority tomake the request.

6.4              Response Timing and Format

We endeavor to respond to a verifiable consumer requestwithin forty-five (45) days of its receipt. If we require more time (up to 45days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver ourwritten response to that account. If you do not have an account with us, wewill deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-monthperiod preceding the verifiable consumer request’sreceipt. The response we provide will also explain the reasons we cannot complywith a request, if applicable. For data portability requests, we will select aformat to provide your personal information that is readily useable and shouldallow you to transmit the information from one entity to another entity withouthindrance.

We do not charge a fee to process or respond to yourverifiable consumer request unless it is excessive, repetitive, or manifestlyunfounded. If we determine that the request warrants a fee, we will tell youwhy we made that decision and provide you with a cost estimate beforecompleting your request.

6.5              Personal InformationSales Opt-out and Opt-In Rights

If you are 16 years of age or older, you have the right todirect us to not sell your personal information at any time (the “right toopt-out”). We do not sell the personal information of consumers whom weactually know are less than 16 years of age, unless we receive affirmativeauthorization (the “right to opt-in”) from either the consumer who is atleast 13 but not yet 16 years of age, or the parent or guardian of a consumerless than 13 years of age. Consumers who opt-in to personal information salesmay opt-out of future sales at any time. 

7.             Non-Discrimination

We will not discriminate against you for exercising any ofyour CCPA/CPRA rights. Unless permitted by the CCPA/CPRA, we will not:

·               deny you goods or services;

·               charge you different pricesor rates for goods or services, including through granting discounts or otherbenefits, or imposing penalties;

·               provide you a differentlevel or quality of goods or services; or

·               suggest that you mayreceive a different price or rate for goods or services or a different level orquality of goods or services.

However, we may offer you certain financial incentivespermitted by the CCPA that can result in different prices, rates, or qualitylevels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms thatdescribe the program’s material aspects. Participation in a financial incentiveprogram requires your prior opt-in consent, which you may revoke at any time.

8.             Other CaliforniaPrivacy Rights

California’s “Shine the Light” law (Civil Code Section §1798.83) permits users of our Site that are California residents to requestcertain information regarding our disclosure of personal information to thirdparties for their direct marketing purposes. We may request informationnecessary to verify identity before responding to such requests. To makesuch a request, please send an email to privacy@connectbooks.comor write us at ConnectBooks, 21 Grove Street, Suite 210,Spring Valley, New York 10977, United States of America.

9.             Changes to OurPrivacy Notice

We reserve the right to amend this CCPA/CPRA Privacy Noticeat our discretion and at any time. When we make changes to this CCPA/CPRAPrivacy Notice, we will post the updated notice on the Site and update thenotice’s effective date. Your continued use of our Site following the postingof changes constitutes your acceptance of such changes.

10.         ContactInformation

If you have any questions or comments about this notice, theways in which Company collects and uses your information described here and inthe Privacy Policy (see above), your choices and rights regarding such use, orwish to exercise your rights under California law, please do not hesitate tocontact us at

Site: https://Connectbooks.com

Email: privacy@connectbooks.com

Postal Address: ConnectBooks, 21 Grove Street, Suite 210,Spring Valley, New York 10977

GDPR Privacy Notice

LastRevised: June 9, 2026

This Privacy Notice supplements the information contained inConnectBook’s Privacy Policy and applies solely to all visitors, users, andothers who are residents of or located in the EU or EEA. Wedo not target our marketing to the EU/EEA or conduct business in or to theEU/EEA in any meaningful way; however, the GDPR may apply where EU/EEA personaldata is processed or submitted to us.  

Your Rights Under the GDPR 

If you are a resident ofor located in the EU/EEA, you have the following rights regarding your personaldata. ConnectBooks may act as a data processor when processing data on your behalfand may act as a data controller for activities such as website operations,analytics, and communications.

·               Right ofAccess: Youhave the right to request a copy of the personal data we hold about you. 

·               Right toRectification: You have the right to requestcorrection of any incomplete or inaccurate data we hold about you. 

·               Right toErasure (“Rightto be Forgotten”): You can ask us to delete your personal data whenthere is no good reason for us to continue processing it. 

·               Right toRestrict Processing: You have the right to block orsuppress further use of your personal data in certain circumstances. 

·               Right to DataPortability: Youcan request the transfer of your personal data to you or a third party in astructured, commonly used, machine-readable format. 

·               Right toObject: Youcan object to our processing of your personal data where we rely on alegitimate interest or use it for direct marketing. 

·               Right toWithdraw Consent: If processing is based on consent, youcan withdraw your consent at any time. 

Toexercise any of these rights, please contact us at privacy@connectbooks.com. Youalso have the right to lodge a complaint with a European Union supervisoryauthority in the Member State of your habitual residence, place of work, orplace of the alleged infringement. In our role as a dataprocessor, we rely on our customers and partners to do obtain mandatoryconsents. When we act as a data processor, your data requests should bedirected to the relevant customer who is acting as a data controller. If wereceive a request from you that relates to customer data, we will timely forwardthat request to the appropriate customer for a response

Ifyou have any questions or comments about this notice, the ways in which Companycollects and uses your information described here and in the Privacy Policy(see above), your choices and rights regarding such use, or wish to exerciseyour rights under California law, please do not hesitate to contact us at

Site: https://Connectbooks.com

Email: privacy@connectbooks.com

Postal Address: Connectbooks, 21Grove Street, Suite 210, Spring Valley, New York 10977

‍

UK Residents – Additional Privacy Information

This section applies to individuals in the United Kingdomand supplements our main privacy policy. It covers our compliance with UKGDPR, the Data Protection Act 2018, and the Data (Use and Access)Act 2025.

Our Role

We are the data controller for any personal data we processfrom UK individuals. Our contact details are the same as in the main policy: privacy@connectbooks.com

Data We Process

As a B2B bookkeeping SaaS, we only process limited personaldata for our very limited UK business customer base (e.g., contact name, email,phone, and basic billing information of finance contacts). We do not target UKconsumers.

Legal Basis

We process personal data mainly to perform our contract withyour business and for our legitimate business interests (e.g., servicedelivery, billing, and support). We may also rely on Recognised LegitimateInterests under UK law where applicable.

Your Rights

You have the right to:

·               Access your personal data

·               Correct inaccurate data

·               Request erasure orrestriction

·               Object to processing

To exercise these rights, contact us at privacy@connectbooks.com. We will respondwithin one month.

International Transfers

We are a US-based company. When we transfer data from the UKto the US, we use appropriate safeguards such as Standard Contractual Clausesor other UK-approved mechanisms.

Children’s Data

Our service is for businesses only. We do not knowinglyprocess data of children under 13.

Cookies and Tracking

We use essential cookies for service functionality. You canmanage preferences through your account or browser settings.

Complaints

Please contact us first if you have any concerns. You canalso complain to the UK regulator: Information Commissioner’s Office (ICO)Website: www.ico.org.uk