Binding Thread Press

Privacy Policy

Binding Thread Press

Effective Date: October 15, 2025

This Privacy Policy explains how Binding Thread Press ("Company," "we," "us," or "our") collects, uses, discloses, and protects personal information obtained from users of the website located at BindingThreadPress.com ("Website" or "Site") and through related services, including newsletter subscriptions and downloadable content. This policy applies to all individuals who access or use the Website, regardless of geographic location ("Users," "you," or "your").

We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including the European Union General Data Protection Regulation (Regulation 2016/679, "GDPR"), Spain's Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales ("LOPDGDD"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA"), and Canada's Anti-Spam Legislation ("CASL").

1. Controller Identification and Contact Information

For purposes of GDPR and other data protection regulations, Binding Thread Press is the data controller responsible for processing personal information collected through this Website. The Company is a sole proprietorship registered under Spanish law and operating from Spain.

Contact Information for Privacy Matters:

Business Name: Binding Thread Press

Principal Place of Business: Spain

Contact for Data Protection Inquiries: Available through the contact page on our Website

Users wishing to exercise rights regarding their personal data or submit privacy-related inquiries should use the contact information provided on the Website. Requests will be responded to within the timeframes required by applicable law (typically 30 days under GDPR, with possible extension to 60 days in complex cases).

2. Categories of Personal Information Collected

The types of personal information we collect depend on how you interact with our Website and services. We collect information directly from you, automatically through your use of the Website, and in limited circumstances from third parties.

A. Information You Provide Directly

When you voluntarily submit information through forms on our Website, we collect the following categories of personal data:

Newsletter Subscription Information. When you subscribe to our newsletter, you provide your email address. Optionally, you may also provide your name or other identifying information if our subscription forms request such data. This information is collected with your explicit consent for the purpose of sending marketing communications.

Contact Form Information. If you submit inquiries through contact forms on the Website, you may provide your name, email address, and the content of your message. This information is processed for the purpose of responding to your inquiry, based on our legitimate interest in communicating with Website visitors or, where applicable, contractual necessity.

Download Requests. Currently, our downloadable content is available without requiring registration or submission of personal information. Should we modify this practice in the future and require email addresses or other data to access downloads, we will update this policy accordingly and obtain appropriate consent where required.

B. Information Collected Automatically

When you access our Website, certain technical information is collected automatically through standard web server operations and, if implemented, through third-party services:

Technical and Usage Data. Web servers automatically log certain information when you visit websites, including IP addresses, browser type and version, operating system, referring URLs, pages viewed, time spent on pages, and access times. This information may constitute personal data under GDPR, particularly IP addresses, which are considered online identifiers.

Cookies and Similar Technologies. Currently, we employ minimal cookie usage. MailerLite may employ cookies in connection with newsletter subscription forms embedded on our Website. Should we implement additional cookies or tracking technologies (such as Google Analytics), we will update our separate Cookie Policy and implement consent mechanisms as required under GDPR and applicable law. Under current GDPR enforcement guidance, consent for non-essential cookies must be obtained before such cookies are placed, and pre-checked consent boxes are prohibited.

C. Information from Third-Party Sources

MailerLite Engagement Data. When you subscribe to our newsletter, MailerLite collects and provides us with engagement metrics regarding your interactions with newsletter emails, including open rates, click-through rates, and device information. This data is processed pursuant to our legitimate interest in understanding newsletter effectiveness and improving our communications, subject to your right to object.

Affiliate Link Click Data. When you click affiliate links (Amazon Associates links or universal book links generated through Booklinker or GeniusLink), you are redirected to third-party platforms. We may receive aggregated data regarding click-through rates and purchases, though this data typically does not identify individual users to us. Amazon's privacy policy governs data collected once you reach their platform.

3. Purposes of Processing and Legal Bases

Under GDPR, we must identify the purposes for which personal data is processed and the legal basis for each processing activity. The following table outlines our processing purposes and corresponding legal bases:

Purpose	Legal Basis (GDPR)	Data Categories
Sending newsletter communications	Consent (Article 6(1)(a))	Email address, name (if provided), subscription preferences
Responding to inquiries	Legitimate interest (Article 6(1)(f)) or contractual necessity	Name, email address, inquiry content
Website operation and security	Legitimate interest (Article 6(1)(f))	IP addresses, technical data, access logs
Analyzing newsletter effectiveness	Legitimate interest (Article 6(1)(f)), subject to right to object	Email engagement metrics
Compliance with legal obligations	Legal obligation (Article 6(1)(c))	Various categories as required by law
Establishing, exercising, or defending legal claims	Legitimate interest (Article 6(1)(f))	Any relevant personal data

Consent-Based Processing. Newsletter subscriptions require explicit, informed consent. Consent is obtained through affirmative action (clicking a subscribe button) after you have been informed of the purposes of processing and have accessed this Privacy Policy. Pre-checked boxes are not employed, consistent with GDPR requirements. You may withdraw consent at any time by unsubscribing through the link in newsletter emails or by contacting us directly.

Legitimate Interest Processing. Where we rely on legitimate interest as a legal basis, we have conducted balancing assessments to ensure our interests do not override your fundamental rights and freedoms. You possess the right to object to processing based on legitimate interest.

4. Newsletter Communications and Email Marketing Compliance

Our newsletter operations comply with multiple regulatory frameworks applicable to electronic marketing.

A. GDPR Requirements (EU and Spain)

Under GDPR, marketing emails may be sent only with the recipient's consent. We obtain explicit, informed consent through clearly labeled subscription forms that explain the nature of newsletter content (publication announcements, promotional materials, content previews, occasional free downloads). Each newsletter email includes:

Clear identification of the sender (Binding Thread Press)
A functional unsubscribe mechanism allowing immediate withdrawal of consent
Our contact information
Transparent disclosure of affiliate relationships where applicable

Spain's LSSI supplements GDPR by requiring that commercial communications be clearly identifiable as such and that senders be clearly identified. We comply with these requirements in all newsletter communications.

B. CCPA Requirements (California Residents)

While CCPA primarily governs sale and sharing of personal information rather than email marketing per se, California residents possess specific rights regarding their personal data. Email addresses collected from California residents are subject to CCPA protections. We do not sell personal information, including email addresses, to third parties. Section 7 below details CCPA rights available to California residents.

C. CASL Requirements (Canadian Recipients)

Canada's Anti-Spam Legislation establishes stringent requirements for commercial electronic messages sent to Canadian recipients. CASL requires:

Express Consent. We obtain express consent when Canadian residents subscribe to our newsletter through affirmative action after being informed of the purposes. Implied consent (based on existing business relationships or inquiries) may apply in limited circumstances, but we primarily rely on express consent.

Clear Identification. Each message clearly identifies the sender and includes our contact information.

Unsubscribe Mechanism. Every commercial electronic message contains a functional unsubscribe mechanism that can be readily performed, typically a one-click link. Unsubscribe requests are processed promptly, typically within 10 business days as required by CASL.

CASL enforcement is active, with significant penalties assessed for non-compliance. We maintain robust compliance procedures to ensure adherence to CASL requirements.

5. Third-Party Service Providers and Data Processors

We engage third-party service providers to facilitate certain functions of our Website and services. Under GDPR terminology, these providers act as data processors, processing personal data on our behalf pursuant to contractual instructions.

A. MailerLite (Email Marketing Platform)

MailerLite provides our newsletter infrastructure, including email transmission, subscription management, analytics, and data storage. MailerLite is certified as GDPR-compliant and has implemented appropriate technical and organizational security measures.

Data Processing Addendum. MailerLite's Data Processing Addendum is incorporated into their Terms of Use and establishes the contractual safeguards required under Article 28 of GDPR. The DPA specifies the subject matter, duration, nature, and purpose of processing; the types of personal data processed; categories of data subjects; and obligations and rights of the controller and processor.

Sub-Processors. MailerLite employs carefully selected sub-processors to provide email marketing services. A list of sub-processors is available in Annex 3 of MailerLite's DPA. All sub-processors are subject to GDPR-compliant contractual obligations.

Data Location and International Transfers. MailerLite's data centers are located in the European Union (certified with ISO 27001 information security standards). Where data is transferred outside the European Economic Area, MailerLite has implemented Standard Contractual Clauses approved by the European Commission pursuant to Article 46 of GDPR. These clauses provide appropriate safeguards for international data transfers in the absence of an adequacy decision.

MailerLite's Privacy Practices. Further details regarding MailerLite's data processing practices, security measures, and privacy commitments are available in MailerLite's Privacy Policy at https://www.mailerlite.com/legal/privacy-policy.

B. Amazon (Affiliate Platform)

When you click affiliate links and are redirected to Amazon, you enter Amazon's platform and Amazon's Privacy Policy governs data collected during your visit and any subsequent purchase. Amazon does not share individual user purchase data or personally identifiable information with us. We receive only aggregated reporting regarding sales generated through our affiliate links.

C. Booklinker and GeniusLink (Universal Book Link Services)

These services generate universal book links that employ geolocation technology to redirect users to appropriate Amazon marketplaces. This functionality may involve processing of IP addresses to determine geographic location. We recommend reviewing the privacy policies of these services for details regarding their data processing practices.

D. Future Analytics Services

Should we implement website analytics services (such as Google Analytics) in the future, we will update this Privacy Policy to disclose such implementation, describe the data collected and purposes of processing, identify the service provider and any international data transfers, and implement consent mechanisms as required under applicable law. Under current GDPR enforcement standards, analytics cookies require prior consent.

6. Data Retention and Storage Limitation

GDPR's storage limitation principle requires that personal data be kept only as long as necessary for the purposes for which it is processed. We have established the following retention periods:

Newsletter Subscriber Data. Email addresses and related subscription information are retained for the duration of your active subscription and for a reasonable period thereafter to maintain unsubscribe records and prevent inadvertent re-subscription. If you unsubscribe, your email address is retained in a suppression list to ensure we do not send you marketing communications in the future, which serves your interests in not receiving unwanted emails. You may request complete deletion of your data by exercising your right to erasure (see Section 7 below).

Contact Form Inquiries. Information submitted through contact forms is retained for the duration necessary to respond to your inquiry and for a reasonable period thereafter to maintain records of our communications, typically no longer than two years unless ongoing correspondence or legal obligations require longer retention.

Technical Logs and Access Data. Web server logs containing IP addresses and technical information are retained for security purposes and to detect and respond to technical issues or security incidents. These logs are typically retained for a period not exceeding 12 months unless longer retention is required for legal compliance or establishment, exercise, or defense of legal claims.

Engagement Analytics. Newsletter engagement data (open rates, click-through rates) is retained for analytical purposes to assess newsletter effectiveness. This data is reviewed periodically, and data older than 24 months is typically deleted unless ongoing analysis requires retention.

When retention periods expire, personal data is securely deleted or anonymized such that it can no longer identify individuals.

7. Your Rights Regarding Personal Data

Depending on your jurisdiction and the applicable legal framework, you possess various rights regarding your personal data.

A. Rights Under GDPR (EU Residents, Including Spain)

If you are located in the European Union or European Economic Area, GDPR grants you the following rights :

Right of Access (Article 15). You may request confirmation of whether we process your personal data and, if so, obtain access to that data along with information about the purposes of processing, categories of data, recipients, retention periods, and your rights. We will respond to access requests within 30 days, with possible extension to 60 days for complex requests.
Right to Rectification (Article 16). You may request correction of inaccurate personal data and completion of incomplete data. Rectification requests are processed within 30 days.
Right to Erasure / "Right to be Forgotten" (Article 17). You may request deletion of your personal data where one of the following grounds applies: the data is no longer necessary for the purposes for which it was collected; you withdraw consent (for consent-based processing) and there is no other legal basis for processing; you object to processing and there are no overriding legitimate grounds; the data has been unlawfully processed; or deletion is required for compliance with a legal obligation. MailerLite provides a "Forget" function that completely and permanently deletes all subscriber data from their system in compliance with the right to erasure. Erasure requests are processed within 14 days under enhanced 2025 GDPR guidance.
Right to Restriction of Processing (Article 18). You may request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability (Article 20). For data processed based on consent or contractual necessity, and where processing is carried out by automated means, you may request to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller. MailerLite provides functionality supporting data portability for subscriber information.
Right to Object (Article 21). You may object to processing based on legitimate interest or for direct marketing purposes. Where you object to direct marketing, we will cease such processing immediately. For objections based on legitimate interest for other purposes, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or processing is necessary for establishment, exercise, or defense of legal claims.
Right to Withdraw Consent. Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal. For newsletter subscriptions, consent may be withdrawn by clicking the unsubscribe link in any email or by contacting us directly.
Right to Lodge a Complaint. You possess the right to lodge a complaint with a supervisory authority, particularly in your country of habitual residence, place of work, or place of the alleged infringement. In Spain, the supervisory authority is the Agencia Española de Protección de Datos (AEPD). A list of EU supervisory authorities is available at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

B. Rights Under CCPA (California Residents)

If you are a California resident, CCPA grants you the following rights:

Right to Know. You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purposes for collection, the categories of third parties with whom we share personal information, and the categories of personal information disclosed or sold. We will respond within 45 days, with possible 45-day extension if necessary.
Right to Delete. You may request deletion of personal information we have collected from you, subject to certain exceptions (such as where retention is necessary to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech rights).
Right to Correct. You may request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing. You have the right to opt out of the sale or sharing of your personal information. We do not sell personal information and do not share personal information for cross-context behavioral advertising purposes as defined by CCPA.
Right to Limit Use of Sensitive Personal Information. If we process sensitive personal information (as defined by CCPA) for purposes beyond those permitted without limitation, you may request that we limit use of such information. Currently, we do not collect or process sensitive personal information as defined by CCPA.
Right to Non-Discrimination. You have the right to non-discriminatory treatment for exercising your CCPA rights. We will not deny goods or services, charge different prices, provide different quality of services, or suggest you will receive different treatment for exercising your rights.
Submitting CCPA Requests. California residents may submit requests to know, delete, or correct personal information through the contact information provided on our Website. We will verify your identity before processing requests, which may require providing information enabling us to match the request to personal data we maintain. You may designate an authorized agent to submit requests on your behalf, subject to verification procedures.

C. Rights Under Other Jurisdictions

Residents of other jurisdictions may possess rights under local data protection or privacy laws. We will honor requests to exercise privacy rights consistent with applicable law, even where not specifically required by GDPR or CCPA.

8. Data Security Measures

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Safeguards. Secure server configurations, encryption of data in transit (HTTPS/SSL/TLS), access controls limiting personnel access to personal data on a need-to-know basis, and regular security assessments.

Organizational Safeguards. Policies and procedures governing data processing, employee training regarding data protection obligations, contractual requirements imposed on third-party processors, and incident response procedures.

Third-Party Security. We select service providers based in part on their security practices and contractually require them to implement appropriate security measures. MailerLite's data centers are ISO 27001 certified, demonstrating compliance with international information security management standards.

Despite these measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, though we continually review and update our security practices in accordance with industry standards.

9. International Data Transfers

Binding Thread Press operates from Spain within the European Union. Personal data collected through our Website is primarily processed within the EU through MailerLite's EU-based data centers.

Where personal data is transferred outside the European Economic Area, appropriate safeguards are implemented to ensure adequate protection. MailerLite has adopted Standard Contractual Clauses approved by the European Commission on June 4, 2021, which provide contractual guarantees for international transfers in accordance with Chapter V of GDPR. These clauses establish obligations for both data exporters and data importers to protect transferred data and provide enforceable rights for data subjects.

Additional information regarding MailerLite's international transfer mechanisms is available in their Data Processing Addendum.

10. Children's Privacy

This Website is not directed to children under the age of 16 (or under 13 in the United States). We do not knowingly collect personal information from children without verifiable parental consent as required by applicable law, including GDPR (which sets the age of digital consent at 16, with member states permitted to lower it to 13) and the United States Children's Online Privacy Protection Act ("COPPA").

While some of our published books are intended for children and pre-adolescent readers, those books are sold through Amazon, and any data collection related to purchases occurs under Amazon's privacy policies, not through our Website. Our Website's primary functions (newsletter subscription and informational content) are directed to adults, including parents, educators, and adult readers.

If we become aware that we have collected personal information from a child without appropriate parental consent, we will take steps to delete that information promptly.

11. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or Website functionality. Material changes will be announced by updating the "Effective Date" at the top of this policy and posting a notice on our Website. For significant changes affecting your rights or the purposes for which personal data is processed, we may also send notification via email to newsletter subscribers or seek renewed consent where required by law.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. CCPA requires that privacy policies be updated at least annually; we will review and update this policy at least once per year or more frequently as circumstances require.

12. Contact Information for Privacy Inquiries

Questions regarding this Privacy Policy, requests to exercise your data protection rights, or concerns about our privacy practices should be directed to the contact information provided on our Website's contact page.

For formal requests to exercise GDPR or CCPA rights, please provide sufficient detail to enable us to identify you and the personal data to which your request relates. We will respond within the timeframes required by applicable law (typically 30 days under GDPR, 45 days under CCPA, with possible extensions for complex requests).

If you are located in the European Union and are dissatisfied with our response to a privacy inquiry or believe we are processing your personal data unlawfully, you may lodge a complaint with your national data protection supervisory authority.