Effective date: 21 March 2026 Last updated: 21 March 2026
publishing.co.uk is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we handle your personal data in accordance with these regulations.
Our Commitment
As a UK-based business providing book formatting services, we take data protection seriously. We process personal data lawfully, fairly, and transparently, and we only collect data that is necessary for the purposes outlined in our Privacy Policy.
Data Controller
The data controller for personal data collected through publishing.co.uk is:
publishing.co.uk Email: hello@publishing.co.uk
Lawful Basis for Processing
We process personal data under the following lawful bases as defined by Article 6 of the UK GDPR:
| Processing Activity | Lawful Basis | Details |
|---|---|---|
| Order fulfilment | Contract (Art. 6(1)(b)) | Processing your manuscript and delivering formatted files |
| Payment processing | Contract (Art. 6(1)(b)) | Collecting payment via Stripe for services rendered |
| Customer support | Legitimate interest (Art. 6(1)(f)) | Responding to enquiries and resolving issues |
| Website analytics | Legitimate interest (Art. 6(1)(f)) | Understanding how users interact with our site to improve it |
| Marketing emails | Consent (Art. 6(1)(a)) | Only sent with your explicit opt-in consent |
Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access (Article 15): You can request a copy of all personal data we hold about you. We will respond within 30 days.
Right to Rectification (Article 16): If any personal data we hold is inaccurate or incomplete, you can request correction.
Right to Erasure (Article 17): You can request deletion of your personal data, subject to legal retention requirements (e.g., HMRC requires financial records for 6 years).
Right to Restrict Processing (Article 18): You can request that we limit how we use your data while a complaint or query is resolved.
Right to Data Portability (Article 20): You can request your data in a structured, commonly used, machine-readable format.
Right to Object (Article 21): You can object to processing based on legitimate interests. We will cease processing unless we have compelling legitimate grounds.
Rights Related to Automated Decision-Making (Article 22): We do not make any decisions based solely on automated processing that produce legal effects concerning you.
How to Exercise Your Rights
To exercise any of your rights, contact us:
Email: hello@publishing.co.uk
Please include sufficient information to verify your identity. We will respond to all valid requests within 30 days. If a request is complex, we may extend this by a further 60 days, and we will inform you of the extension.
Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) where processing is likely to result in a high risk to individuals' rights and freedoms, in accordance with Article 35 of the UK GDPR.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
- Notify affected individuals without undue delay where the breach is likely to result in a high risk
International Data Transfers
Where personal data is transferred outside the UK (e.g., to service providers in the United States), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the ICO
- Adequacy decisions where applicable
Sub-Processors
We use the following sub-processors who may process personal data on our behalf:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | United States |
| Google (Analytics) | Website analytics | United States |
| Hetzner | Server hosting | Germany |
Supervisory Authority
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: https://ico.org.uk
- Telephone: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Updates
This GDPR compliance page is reviewed and updated regularly. The "Last updated" date at the top of this page indicates when the most recent changes were made.