Privacy Policy

Welcome to Stack’s Law Library and our website at www.stackslawlibrary.com operated by Stack’s Law Library LLC of 9480 Main Street #1221, Fairfax, VA 22031 acting as the Data Controller in accordance with Virginia`s Consumer Data Protection Act (“VCDPA”) and the EU`s Privacy and electronic Communications Directive (“PECD”). 

Below you will find more information about data collection, processing and use when visiting and using our website and service. 

This Privacy Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum, to make sure you understand the information provided. However, to achieve this objective we would like to explain you the following two concepts. 

What is Personal Data?

"Personal Data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie or an IP Address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What is Processing?

"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

The Person responsible (“Data Controller”)

The person responsible for the processing of Personal Data is:

Stack’s Law Library LLC

9480 Main Street #1221

Fairfax, VA 22031

If you have any questions about the processing of your Personal Data, please contact us using our Contact Form or call us at (703)783-7833.

Purpose and legal basis of processing

In accordance with the VCDPA and the GDPR we need to have both a purpose and a legal basis to process Personal Data. The purposes are:

  • the provision of the website and shop and their functions and contents,

  • responding to contact requests and communicating with users,

  • providing our services, and

  • security measures.

Of course, we can only do that if we have at least one of the following legal bases or in other words lawful reasons to do so. Unless specifically described below, we typically link the above purposes to one of the following:

  • Consent: the individual has given clear consent to process Personal Data for a specific purpose.

  • Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract.

  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).

  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your Personal Data which overrides those legitimate interests.

General Principles

  1. Security

Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us. 

You can recognize an encrypted connection if the address line of your browser contains a "https://" instead of a "http://" and also has a lock symbol. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We have also implemented numerous security measures (“technical and organizational measures”) to ensure the most complete protection of Personal Data processed through this website. Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. 

Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

  1. Retention and Storage 

We will retain your Personal Data as necessary in connection with the purposes described in this Privacy Policy, and in accordance with Virginia`s Statutory Retention Periods as per § 55.1-2537. for up to 5 years.

  1. Minors

When it comes to the collection of Personal Data from children under the age of 13 years, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. As such, we will not knowingly collect, use or disclose Personal Data from minors without first obtaining consent from a legal guardian through direct contact.

  1. Automated decision-making

Automated decision-making including profiling does not take place.

  1. Do Not Sell

We do not sell data to third parties. However, we might, making available, transfer, communicate electronically, consumer’s Personal Data by the business to a business affiliated inclusive with a third party but not for monetary but for other valuable consideration. 

  1. Special Category Data

Unless specifically required and consent is obtained, for a particular service, we do not process Special Category Data.

  1. Social Media

We are present on social media on the basis of our legitimate interest (currently Facebook and Instagram). If you contact or connect with us via social media platforms, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis for the use of the relevant social media platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service, if any.

  1. Recipients outside the USA

We may transfer your Personal Data to other companies and/or business partners as necessary for the purposes described in this Privacy Policy. In doing so, your Personal Data may be transferred to countries outside the USA. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.

  1. Sharing and Disclosure

We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services for example with our webhost (see below), b) you have consented to the disclosure c) or if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfill our legitimate interests.

Processing of Personal Data by us

  1. Log files

Each time a user accesses our website and each time a file is retrieved, data about this process is temporarily processed in a log file. In detail, the following data is stored for each access/retrieval: a) Date and time of the retrieval (time stamp), as well as the IP address of the accessing device or server, b) request details and destination address (protocol version, HTTP method, referrer, User Agent string), c) name of the retrieved file and transferred data volume (requested URL incl. query string, size in bytes) and d) Message as to whether the retrieval was successful (HTTP status code).

On the basis of our legitimate interest in a secure website, we store this data to protect against attacks for up to 7 days beyond the time of your visit. This data is analyzed and required for legal and criminal prosecution in the event of attacks on communications technology. The data is deleted as soon as it is no longer required for the performance of tasks.

  1. Cookies

We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. The legal basis for the use of cookies is your consent as well as our legitimate interest.

  1. Hosting

To provide our website, we use the services of Squarespace Inc who processes all data to be processed in connection with the operation of this website on our behalf. The legal basis is our legitimate interest.

  1. Contacting us

Personal Data is processed depending on the contact method. In addition to your name and e-mail address, IP address or telephone number, we usually collect the context of your message which may also include certain Personal Data. The Personal Data collected when contacting us is processed for the purpose of dealing with your request and the legal basis is your consent. The use of your IP address takes place exclusively in the context of law enforcement and security measures in compliance with our legal requirements.

  1. Orders

You can order our limited-edition paperbacks and authors bundles via our online shop. In doing so, we process your Personal Data that is required for processing your order and for customer care, as well as the data that you also provide to us voluntarily. When you order via our online shop we have to ask, for example, for your name, e-mail address and shipping address. We will process this data for order processing: Name, Address(es), E-mail address, Order data, Payment data, Telephone number, IP address.

The processing of this Personal Data is necessary for the ordering process. We process this data insofar as this is necessary for the processing of the contract, and for the assertion of possible claims on our part. The legal bases for processing are contract and our legitimate interest.

  1. Payment Data

The provision of bank details is subject to our payment processor Stripe. We do not collect or store payment information or bank details ourselves. The legal basis for the data processing is the fulfillment of our contractual obligations and the fulfillment of our legal obligations.

  1. Order Delivery 

To ensure that you receive your ordered products, we pass on the necessary data to the selected service provider for order processing. In this case, we transmit your e-mail address and, in some cases, also your telephone number to the logistics service provider. In this way, they can inform you that your order is being sent. The legal basis for the data processing is the fulfillment of our contractual obligations and the fulfillment of our legal obligations.

  1. Purchasing our books and publications through third parties

We also offer our books and publications using the services of Kindle Direct Publishing and IngramSpark. When you purchase our books or publications through third parties, Amazon and Ingram process various data within the framework of the purchase and for the initiation and processing of the relevant contract. As such purchases are subject to Amazon`s and Ingram`s Privacy Policies and that we have no influence on their privacy practices. 

  1. Newsletter

If you have consented to receive our newsletter, we will use your e-mail address and, if applicable, your name to send you information about us, our books and publications, promotions, and news. You can revoke your consent to receive the newsletter or to the creation of personalized user profiles at any time with effect for the future. You will find the unsubscribe link at the end of each newsletter. The revocation leads to the deletion of the collected user data. Our newsletter is sent as part of processing on our behalf by Mailchimp by Intuit Inc to whom we pass on your e-mail address for this purpose.

Marketing

Insofar as you have also given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to. 

You consent can be obtained in a number of ways, including by selecting a box on a form or implied from your interactions with us or our contractual relationship. Implied consent however is limited to the assumption that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us. 

Our Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.

Economic analyses and market research

For business reasons and in order to be able to recognize market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors, and users of our online offer.

The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized, i.e., anonymized values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).

Your Rights and Privileges 

  1. Privacy rights 

Under the VCDPA and GDPR, you can exercise the following rights:

  • Right to information

  • Right to rectification

  • Right to object to processing

  • Right to deletion

  • Right to data portability

  • Right of objection

  • Right to withdraw consent

  • Right to complain to a supervisory authority

  • Right not to be subject to a decision based solely on automated processing.

If you have any questions about the nature of the Personal Data we hold about you, or if you wish to request the erasure or rectification of Personal Data we hold about you, or to exercise any of your other rights as a data subject, please contact us.

  1. Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us. 

  1. Withdrawing your consent 

You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

  1. Access Request 

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

  1. Complaint to a supervisory authority

You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The competent data protection authority in Virginia is: The Office of the Attorney General, 202 North 9th Street, Richmond, Virginia 23219, USA www.oag.state.va.us 

Validity and questions

This Privacy Policy was last updated on Thursday, March 23, 2023, and is the current and valid version. However, we want to point out that from time to time due to actual or legal changes a revision to this policy may be necessary. If you have any data protection questions, please feel free to contact us.