Privacy & Data Protection Policies

Privacy Policy

Effective Date: 03.14.17
Last Updated Date: 03.12.26

New Growth Press respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, purchase products, subscribe to communications, or otherwise interact with us.

This policy is designed to comply with applicable privacy laws, including the General Data Protection Regulation (GDPR) and applicable U.S. state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA) and similar laws in Virginia, Colorado, Connecticut, and Utah.

By using our website, you agree to the terms of this Privacy Policy.

Order details
Product preferences

Payment Information

Payments are processed through third-party payment processors. We do not store full credit card information on our servers.

Internet or Network Activity

When you visit our website, we may automatically collect:

IP address
Browser type and version
Device information
Pages visited
Time spent on pages
Referral URLs
Cookies and similar tracking technologies

How We Use Your Information

We may use your personal information to:

Process and fulfill orders
Deliver purchased products or services
Manage customer accounts
Provide customer service and respond to inquiries
Send order confirmations and service communications
Send newsletters, updates, or marketing emails (with consent where required)
Improve our website, services, and product offerings
Analyze website usage and performance
Detect fraud and maintain security
Comply with legal obligations

Legal Basis for Processing (GDPR)

For individuals located in the European Economic Area (EEA), United Kingdom, or similar jurisdictions, we process personal data based on the following legal bases:

Contractual necessity – to process orders and provide requested services
Consent – for marketing emails, cookies, or optional services
Legitimate interests – improving our services, preventing fraud, and maintaining website security
Legal obligations – compliance with applicable laws

You may withdraw consent at any time.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

Enable core website functionality
Remember preferences
Analyze traffic and user behavior
Support marketing and advertising

Some cookies are essential, while others require user consent under applicable laws such as GDPR and ePrivacy regulations.

You can manage cookie preferences through:

Your browser settings
Our cookie consent banner (where applicable)

How We Share Personal Information

We do not sell your personal information.

We may share personal information with trusted service providers who help us operate our business, such as:

Website hosting providers
Payment processors
Shipping and fulfillment services
Email and marketing platforms
Analytics providers
Customer service platforms

These service providers may only use personal information as necessary to provide services to us.

We may also disclose information when required by law or to protect our legal rights.

International Data Transfers

Because we operate in the United States, information collected from individuals outside the United States may be transferred to and processed in the United States.

When required by law, we implement appropriate safeguards for international data transfers, such as Standard Contractual Clauses (SCCs) or similar mechanisms.

Data Retention

We retain personal information only for as long as necessary to:

Fulfill the purposes described in this policy
Maintain business and financial records
Comply with legal obligations
Resolve disputes and enforce agreements

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information.

GDPR Rights (EU/EEA/UK)

You may have the right to:

Access the personal data we hold about you
Request correction of inaccurate information
Request deletion of your data
Restrict or object to certain processing
Request data portability
Withdraw consent at any time

U.S. State Privacy Rights (Including California)

Residents of certain U.S. states may have the right to:

Request disclosure of personal information collected
Request deletion of personal information
Request correction of inaccurate personal information
Opt out of certain data sharing for targeted advertising
Appeal a denial of privacy rights requests (in some states)

To exercise these rights, please contact us using the contact information below.

We will not discriminate against you for exercising your privacy rights.

Children's Privacy

Our website is not intended for children under the age of 18, and we do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

Security of Your Information

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction.

However, no internet transmission or storage system can be guaranteed to be completely secure.

Third-Party Websites

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties.

We encourage users to review the privacy policies of external websites.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the Last Updated date at the top of this page.

Your continued use of our website following updates constitutes acceptance of those changes.

Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

New Growth Press
Email: Customerservice@newgrowthpress.com
Phone: (336)-378-7775

You may also contact us to submit data access, correction, or deletion requests.

Cookie Policy

Effective Date: 03.14.17
Last Updated: 03.12.26

This Cookie Policy explains how New Growth Press uses cookies and similar technologies on our website. It also explains what these technologies are, why we use them, and your rights to control their use.

This policy is designed to comply with applicable privacy regulations including the EU General Data Protection Regulation (GDPR) and ePrivacy Directive, as well as applicable U.S. privacy laws.

What Are Cookies?

Cookies are small text files stored on your computer or mobile device when you visit a website. Cookies help websites function properly, improve user experience, and provide information to website owners about how visitors interact with their sites.

Cookies may be:

Session Cookies
Temporary cookies that expire when you close your browser.

Persistent Cookies
Cookies that remain on your device until they expire or are deleted.

Cookies may also be:

First-party cookies – set by our website.
Third-party cookies – set by external services such as analytics or advertising providers.

Why We Use Cookies

We use cookies for several purposes:

Essential Cookies

These cookies are necessary for the website to function properly. They enable core features such as:

Page navigation
Secure login
Shopping cart functionality
Payment processing

Without these cookies, the website cannot function correctly.

Performance and Analytics Cookies

These cookies help us understand how visitors use our website so we can improve it.

They may collect information such as:

Pages visited
Time spent on pages
Navigation paths
Error messages

Analytics cookies may be provided by services such as Google Analytics or similar tools.

Functional Cookies

These cookies allow the website to remember your preferences such as:

Language preferences
Region settings
Saved user preferences

Marketing and Advertising Cookies

These cookies may be used to:

Deliver relevant advertising
Measure marketing campaign effectiveness
Limit how often you see certain ads

They may be set by third-party services such as social media platforms or advertising networks.

Marketing cookies are only used where user consent is provided where required by law.

Legal Basis for Cookies (GDPR)

Under the GDPR and EU ePrivacy rules:

Essential cookies are used based on legitimate interest because they are necessary for the website to operate.
Analytics and marketing cookies are used only with user consent where required.

Users in jurisdictions requiring consent will be asked to accept or reject non-essential cookies through a cookie banner or consent tool when visiting our website.

Managing Cookie Preferences

You can manage cookies in several ways.

Cookie Consent Tool

When available, you may adjust your cookie preferences through the cookie banner or settings on our website.

Browser Settings

Most browsers allow you to:

View stored cookies
Delete cookies
Block cookies from specific websites
Block all cookies

Disabling cookies may affect website functionality.

Helpful browser guides:

Google Chrome
Mozilla Firefox
Safari
Microsoft Edge

Third-Party Cookies

Some cookies on our website may be set by third-party services that appear on our pages.

Examples may include:

Website analytics providers
Payment processors
Embedded video services
Social media integrations

These third parties may collect information about your browsing activity across different websites.

We recommend reviewing their privacy policies for more information about how they use cookies.

How Long Cookies Are Stored

Cookies remain on your device for different lengths of time depending on their type.

Session cookies expire when you close your browser.
Persistent cookies remain until they expire or are manually deleted.

Retention periods vary depending on the service provider and purpose of the cookie.

Updates to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in technology, legal requirements, or our website practices.

When we update the policy, we will revise the Last Updated date at the top of this page.

Contact Us

If you have questions about this Cookie Policy or our privacy practices, please contact us:

New Growth Press

Email: Customerservice@newgrowthpress.com
Phone: (336)-378-7775

Data Retention Policy

Effective Date: 03.14.17
Last Updated: 03.12.26

New Growth Press is committed to managing personal data responsibly and in compliance with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR) and applicable United States privacy laws.

This Data Retention Policy outlines how long we retain different categories of personal data and the procedures we use to securely delete or anonymize data when it is no longer needed.

Purpose of This Policy

The purpose of this policy is to ensure that personal data collected by New Growth Press is:

retained only for as long as necessary to fulfill legitimate business purposes
protected from unauthorized access
deleted or anonymized when no longer required
managed in compliance with applicable legal and regulatory requirements

Scope

This policy applies to all personal data processed by New Growth Press, including data collected through:

our website
online stores and ecommerce platforms
customer service interactions
marketing and email communications
author and contributor relationships
business operations and administrative systems

Data Retention Principles

New Growth Press follows these key principles when determining retention periods:

Purpose Limitation
Data is retained only for the purpose for which it was collected.

Storage Limitation
Personal data is not kept longer than necessary.

Legal Compliance
Certain data must be retained to comply with tax, accounting, or legal obligations.

Security
Data retained for legitimate purposes is protected through administrative and technical safeguards.

Data Retention Schedule

The following schedule describes typical retention periods for common categories of data processed by New Growth Press.

Data Category	Purpose	Retention Period	Notes
Customer purchase records	Order fulfillment, accounting, and tax compliance	7 years	Required for financial and tax reporting
Customer accounts	Account access and order history	Until account deletion or 5 years of inactivity	Accounts may be deleted upon request
Payment transaction records	Payment processing	Maintained by payment processors	New Growth Press does not store full payment card details
Email marketing subscribers	Newsletters and promotional communications	Until unsubscribe or 24 months of inactivity	Consent records retained for compliance
Website analytics data	Website performance analysis	Up to 5 years	Retention controlled through analytics provider settings
Cookie consent records	Demonstrate user consent	2–5 years	Maintained by consent management system
Customer support communications	Responding to inquiries and service requests	2–3 years	Retained for quality and dispute resolution
Business contacts and partners	Business relationship management	Duration of relationship plus 3 years	Includes vendors and partners
Author and contributor information	Publishing agreements and royalty administration	Duration of contract plus required legal retention period	May be retained longer if required by law
Website security logs	System security monitoring	30–90 days	Used for fraud prevention and system integrity

Retention periods may vary when necessary to comply with legal obligations, resolve disputes, or enforce agreements.

Data Deletion and Disposal

When personal data reaches the end of its retention period, New Growth Press will take reasonable steps to securely:

delete the data
anonymize the data so individuals cannot be identified
archive the data when legally required

Deletion methods may include secure database deletion, encrypted storage removal, or automated deletion through service providers.

Data Subject Rights

Individuals may have rights under applicable privacy laws, including the right to:

request access to personal data
request correction of inaccurate data
request deletion of personal data
restrict or object to certain processing activities

Requests regarding personal data may be submitted using the contact information below.

Policy Review and Updates

This Data Retention Policy may be updated periodically to reflect changes in legal requirements, business practices, or technology.

Any updates will be posted with a revised Last Updated date.

Contact Information

For questions about this policy or requests related to personal data, please contact:

New Growth Press
Email: Customerservice@newgrowthpress.com
Phone: (336)-378-7775

Record of Processing Activities (ROPA)

Effective Date: 03.12.26

This Record of Processing Activities is maintained in accordance with Article 30 of the General Data Protection Regulation (GDPR) and documents how New Growth Press processes personal data.

Data Processing Activities

Processing Activity	Data Subjects	Data Collected	Purpose	Legal Basis	Data Recipients	Retention Period
Ecommerce order processing	Customers	Name, email, address, order history	Process and fulfill orders	Contractual necessity	Payment processor, shipping carriers	7 years
Customer accounts	Website users	Name, email, login credentials	Account management	Contractual necessity	Website hosting provider	Until deletion or 3 years inactivity
Email marketing	Newsletter subscribers	Name, email	Marketing communications	Consent	Email marketing platform	Until unsubscribe or 24 months inactivity
Customer support	Customers	Name, email, support messages	Respond to inquiries	Legitimate interest	Customer service platform	2–3 years
Website analytics	Website visitors	IP address, device data, browsing activity	Improve website performance	Consent / legitimate interest	Analytics providers	Up to 26 months
Cookie consent tracking	Website visitors	Consent preferences, IP address	Demonstrate compliance	Legal obligation	Consent management provider	2–5 years

Security Measures

New Growth Press implements reasonable technical and organizational measures including:

Secure website hosting (HTTPS)
Access control and authentication
Vendor security review
Data minimization practices
Regular system updates

International Data Transfers

Some service providers may process data outside the European Economic Area. Where applicable, data transfers rely on safeguards such as:

Standard Contractual Clauses (SCCs)
Contractual data protection obligations

Responsible Department

Privacy compliance is overseen by:

New Growth Press Administration

Cookie Inventory

New Growth Press Website

This inventory documents the cookies used on the New Growth Press website.

Cookie Name	Provider	Purpose	Type	Duration
session_id	Website	Maintains user session	Essential	Session
cart_cookie	Website	Stores shopping cart contents	Essential	Session
_ga	Google Analytics	Distinguishes users for analytics	Analytics	24 months
_gid	Google Analytics	Tracks website usage	Analytics	24 hours
cookie_consent	Consent manager	Stores cookie preferences	Essential	12 months
marketing_pixel	Marketing platform	Tracks marketing campaign performance	Marketing	3–12 months

Cookies categorized as analytics or marketing are only activated after user consent where required by law.

Data Breach Response Policy

Effective Date: 03.12.26

New Growth Press is committed to protecting personal data and responding promptly to any suspected data security incident.

Definition of a Data Breach

A personal data breach includes any incident resulting in:

unauthorized access to personal data
loss or theft of personal data
accidental disclosure of personal data
destruction or corruption of personal data

Breach Identification

Employees and contractors must immediately report suspected breaches involving:

customer data
employee data
author or contributor information
website user data

Reports should be submitted to internal management as soon as possible.

Investigation Procedure

When a breach is suspected, New Growth Press will:

Identify the nature of the incident
Contain and mitigate the breach
Assess the scope and risk to affected individuals
Document the breach and response actions

Regulatory Notification

Where required under GDPR or other applicable laws:

Relevant supervisory authorities may be notified within 72 hours of discovering the breach.
Affected individuals may be notified if there is a high risk to their rights or freedoms.

Breach Documentation

All breaches will be documented internally, including:

date and time of the breach
type of data involved
number of affected individuals
corrective actions taken

Prevention Measures

New Growth Press maintains safeguards including:

secure hosting infrastructure
access control policies
employee awareness of security practices
vendor security evaluations

These measures are designed to reduce the likelihood of data breaches.

Data Processor / Vendor List

Effective Date: 03.14.17
Last Updated: 03.12.26

This document lists the third-party service providers (“data processors”) that may process personal data on behalf of New Growth Press in connection with operating our website, ecommerce services, marketing communications, and business operations.

This list is maintained to support compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Under GDPR, New Growth Press acts as the Data Controller, and the vendors listed below act as Data Processors that process personal data according to our instructions.

Categories of Data Processors

New Growth Press may use processors that support the following business functions:

Website hosting and infrastructure
Ecommerce and order processing
Payment processing
Email marketing and communication
Website analytics
Customer service systems
Shipping and fulfillment services
Security and fraud prevention
Cloud storage and collaboration tools

All processors are required to maintain appropriate technical and organizational safeguards to protect personal data and must enter into a Data Processing Agreement (DPA) with New Growth Press where required.

Current Data Processors

Vendor / Service Provider	Service Provided	Personal Data Processed	Processing Location	Safeguards
Go Daddy	Website infrastructure and hosting	IP address, browsing activity, technical logs	United States	Contractual security obligations
BigCommerce	Online store functionality and order management	Name, email, billing/shipping address, purchase history	United States	Data Processing Agreement
Braintree by PayPal	Secure payment processing	Payment details, billing information	United States / Global	PCI-DSS compliance
Klaviyo	Newsletter distribution and marketing campaigns	Name, email address, marketing preferences	United States	Data Processing Agreement
Google Analytics	Website traffic and performance analysis	IP address, device information, browsing behavior	United States	Standard Contractual Clauses where applicable
ShipStation	Order delivery services	Customer name, shipping address, phone number	United States / Global	Contractual data protection terms
ShipperHQ	Order delivery services	Customer name, shipping address, phone number	United States / Global	Contractual data protection terms
Microsoft Outlook	Customer inquiries and support requests	Name, email, support communications	United States	Data Processing Agreement
Facebook/Instagram	Customer inquiries and support requests	Name, email, support communications	United States	Data Processing Agreement
	Customer inquiries and support requests	Name, email, support communications	United States	Data Processing Agreement
Affiliately	Affiliate Application	Name, email, support communications	United States	Data Processing Agreement
VerTax	Tax	Name, email, purchase history, sales tax data	United States	Data Processing Agreement

International Data Transfers

Some processors may store or process data outside the European Economic Area (EEA).

Where international data transfers occur, New Growth Press relies on appropriate safeguards, including:

Standard Contractual Clauses (SCCs)
Contractual data protection obligations
Vendor security and privacy compliance programs

Vendor Security and Compliance Requirements

All processors used by New Growth Press are expected to:

process personal data only under documented instructions
implement appropriate security measures
notify New Growth Press of any data breaches
support compliance with applicable privacy regulations
delete or return personal data upon request or contract termination

Updates to This Vendor List

This processor list may be updated periodically as vendors or services change. Updates will be reflected in the Last Updated date above.

Contact Information

If you have questions regarding this processor list or our data protection practices, please contact:

New Growth Press
Customerservice@newgrowthpress.com
(336)-378-7775

Data Subject Access Request (DSAR) Process

Effective Date: 03.14.17
Last Updated: 03.12.26

This Data Subject Access Request (DSAR) Process establishes how New Growth Press handles requests from individuals seeking to exercise their privacy rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

A Data Subject Access Request (DSAR) is a request made by an individual (“data subject”) to access, correct, delete, or otherwise exercise rights related to their personal data.

Purpose

The purpose of this procedure is to ensure that New Growth Press:

responds to requests from individuals regarding their personal data
complies with GDPR and other privacy regulations
maintains clear documentation of all requests and responses
protects personal data during the request process

Scope

This process applies to all personal data processed by New Growth Press, including data collected through:

the company website
ecommerce transactions
marketing communications
customer support interactions
business relationships with authors, partners, and vendors

Types of Data Subject Requests

Individuals may submit requests to exercise the following rights where applicable:

Right of Access

Request confirmation of whether personal data is being processed and obtain a copy of that data.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure (“Right to be Forgotten”)

Request deletion of personal data where there is no legal basis for continued processing.

Right to Restrict Processing

Request that personal data processing be temporarily limited.

Right to Data Portability

Request personal data in a portable format for transfer to another organization.

Right to Object

Object to processing based on legitimate interests or direct marketing.

Right to Withdraw Consent

Withdraw consent previously given for data processing activities such as marketing communications.

How Requests Can Be Submitted

Individuals may submit a request by contacting New Growth Press through:

Email: Customerservice@newgrowthpress.com

Requests should include sufficient information to allow New Growth Press to identify the requester and locate the relevant data.

Identity Verification

Before responding to a request, New Growth Press may verify the identity of the requester to ensure personal data is not disclosed to unauthorized individuals.

Verification methods may include:

confirmation via the email associated with the request
additional identifying information where necessary
account authentication where applicable

If identity cannot be verified, the request may be declined.

Response Time

New Growth Press will respond to DSAR requests within one month of receiving the request.

If the request is complex or numerous, the response period may be extended by up to two additional months. If an extension is necessary, the requester will be informed within the initial one-month period.

Processing a Request

Upon receiving a DSAR, the following steps will be taken:

Log the request in the DSAR tracking log
Verify the identity of the requester
Determine the type of request and applicable legal rights
Locate relevant personal data across systems
Review the data to ensure no third-party information is improperly disclosed
Prepare the response and supporting documentation
Provide the response securely to the requester
Document completion of the request

Situations Where Requests May Be Limited or Denied

New Growth Press may decline or limit requests where permitted by law, including situations where:

the request is manifestly unfounded or excessive
fulfilling the request would adversely affect the rights of others
data must be retained to comply with legal obligations
identity verification cannot be completed

When a request is denied, New Growth Press will provide an explanation where required by law.

Fees

In most cases, DSAR responses are provided free of charge.

A reasonable administrative fee may be charged for requests that are excessive, repetitive, or clearly unfounded.

Documentation and Record Keeping

New Growth Press maintains records of all DSAR requests, including:

date the request was received
identity verification steps
type of request
actions taken
date of response

These records help demonstrate compliance with data protection laws.

Security of Data During the DSAR Process

All personal data gathered in response to a DSAR will be handled securely and shared only with authorized personnel involved in responding to the request.

Contact for Privacy Requests

Individuals who wish to exercise their privacy rights may contact:

New Growth Press
Email: Customerservice@newgrowthpress.com

Requests will be processed in accordance with this procedure and applicable data protection laws.