1. Introduction
NursLibrary ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This policy explains what information we collect when you visit our website or place an order for a physical book (with bundled digital PDF access), how we use that information, who we share it with, and the rights you have over it.
This policy is designed to meet the requirements of the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA).
2. Who is the data controller
The data controller for personal data collected through nurslibrary.com is Nurs Library, 7P64+R6J Abu Dhabi, Abu Dhabi 20000, United Arab Emirates. You can reach us at [email protected] for any privacy-related question.
3. Information we collect
We collect the following categories of personal data:
- Order & shipping data: name, shipping address, billing address, email, phone (optional), and the items you ordered. Required to ship your physical book and send the digital PDF.
- Payment data: card payments are processed by Stripe. We do not see or store your full card number — Stripe returns only a token and the last 4 digits.
- Account & communication data: emails you send us, support tickets, and replies.
- Technical data: IP address, browser type, device type, referring URL, pages visited, and timestamps. Collected via cookies and analytics tags.
- Marketing data: whether you opened our emails or clicked links (where applicable).
4. How we use your information
We use personal data only for clearly defined purposes:
- To process your order, take payment, ship your physical book, and email your digital PDF link.
- To send order-confirmation, shipping-confirmation, and delivery emails.
- To respond to support requests, refund requests, and customer enquiries.
- To detect and prevent fraud, chargebacks, and abuse.
- To comply with tax, accounting, and consumer-protection laws.
- To improve the website, measure marketing performance, and analyse aggregate traffic.
5. Legal bases (GDPR)
Where GDPR or UK GDPR applies, we rely on the following legal bases:
- Contract — to fulfil your order and deliver the book.
- Legal obligation — to keep accounting and tax records.
- Legitimate interests — to prevent fraud, secure the site, and analyse aggregate usage.
- Consent — for non-essential cookies and marketing emails. You can withdraw consent at any time.
6. Who we share data with
We share personal data only with vetted service providers who help us run the business:
- Stripe — payment processing and fraud prevention.
- Shipping carriers — to deliver your physical book (name, address, contact details).
- Cloudflare — hosting, DNS, and security.
- Google (Analytics & Ads) — aggregated traffic measurement and conversion tracking.
- Email delivery providers — to send order confirmations and the digital PDF link.
We never sell your personal data. We do not share data with third parties for their own marketing.
7. International data transfers
Some of our service providers are located outside your country (for example in the United States). Where data is transferred internationally, we rely on the EU Standard Contractual Clauses or equivalent safeguards.
8. How long we keep your data
- Order records: 7 years (required for tax and accounting).
- Support emails: 3 years from the last contact.
- Marketing data: until you unsubscribe or 2 years of inactivity, whichever comes first.
- Analytics data: up to 14 months in aggregated form.
9. Cookies and analytics
We use a small set of cookies and tags:
- Essential cookies — required for the cart, checkout, and login to work.
- Analytics (Google Analytics 4) — aggregated page-view and conversion metrics.
- Advertising (Google Ads) — measures the performance of our advertising campaigns.
You can disable cookies in your browser settings. Essential cookies cannot be disabled without breaking checkout.
10. Your rights
Depending on your country, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Request deletion of your data (subject to legal retention requirements).
- Object to or restrict processing.
- Withdraw consent for marketing at any time.
- Request a copy of your data in a portable format.
- Lodge a complaint with your local data-protection authority.
To exercise any of these rights, email [email protected]. We respond within 30 days.
11. Children
NursLibrary is intended for adults — primarily nursing students and licensed healthcare professionals. We do not knowingly collect data from children under 16. If you believe a child has provided us data, contact us and we will delete it.
12. Security
We use HTTPS across the entire site, payment tokenization via Stripe, encrypted database storage, and access controls to protect your data. No method of transmission is 100% secure, but we apply industry-standard safeguards.
13. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top of the page shows when it was last revised. Material changes will be announced on the site.
14. Contact
Privacy questions or data requests:
Email: [email protected]
Response time: within 1 business day, Monday–Friday.