Privacy policy
Last Updated: 17 October 2025
1. Introduction
Pelagic Publishing Ltd ("we," "us," or "our") is committed to protecting your privacy. This policy explains how we collect, use, and share your personal data when you visit our website (www.pelagicpublishing.com), purchase books, or interact with us online. Pelagic Publishing is the Data Controller responsible for your personal data.
2. The Data We Collect
We may collect and process the following categories of personal data:
Identity Data: Name, title, username, or similar identifiers.
Contact Data: Billing address, delivery address, email address, and telephone numbers.
Financial Data: Payment card details for transactions (Note: We do not store full payment card details; they are processed securely by third-party payment processors).
Transaction Data: Details about payments made, books purchased, and other services you have acquired from us.
Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this website.
Usage Data: Information about how you use our website, products, and services, including navigation paths and content viewed.
Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.
3. How We Use Your Data (Legal Basis)
We rely on the following legal bases to process your personal data:
| Purpose/Activity | Type of Data | Legal Basis for Processing |
| Process and deliver your order (Contract Performance) | Identity, Contact, Financial, Transaction | Performance of a contract with you. |
| Manage payments, fees, and charges | Financial, Transaction, Identity, Contact | Performance of a contract with you & Necessary for our Legitimate Interests (processing orders). |
| Send you marketing updates (e.g., newsletters, promotions) | Contact, Marketing | Consent. |
| Improve our website, products, and services (Analytics) | Technical, Usage | Necessary for our Legitimate Interests (to study how customers use our services, to improve user experience). |
| Administer and protect our business and this website (Security) | Identity, Contact, Technical | Necessary for our Legitimate Interests (for running our business, network security, preventing fraud) and to comply with a Legal Obligation. |
| Recommend products to you (Targeted Advertising) | Usage, Technical, Marketing | Necessary for our Legitimate Interests (to develop our products and inform our marketing strategy). |
4. Sharing Your Personal Data
We may share your personal data with the following categories of parties:
Payment Processors: To process your purchases securely (e.g. Shopify, Stripe, PayPal).
Delivery and Fulfilment Partners: To pack and ship your orders (e.g., couriers, postal services, distributors).
Service Providers: IT and system administration services, hosting providers, and customer support platforms.
Professional Advisors: Lawyers, bankers, auditors, and insurers who provide professional services to us.
Third Parties for Business Transfers: In the event we sell, transfer, or merge parts of our business or assets.
Analytics and Advertising Partners: To analyze website usage and serve relevant advertisements (in aggregated or anonymized form where possible).
5. International Data Transfers
We primarily store and process your personal data within the UK and the European Economic Area (EEA).
If we transfer your data outside the UK/EEA (e.g., to a US-based cloud or service provider), we ensure a similar degree of protection is afforded by ensuring at least one of the following safeguards is implemented, as is standard practice:
We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK or European Commission.
6. Your Legal Rights (UK GDPR/GDPR)
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data (The "Right to be Forgotten").
Object to processing of your personal data. - Request the restriction of processing your personal data.
- Request the transfer of your personal data (data portability).
- Withdraw consent at any time (where consent is the basis for processing).
To exercise any of these rights, please contact us using the details in the ‘Contact Us’ section below.
The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
7. Data Security and Retention
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
8. Contact Us
If you have any questions about this privacy policy or your rights, please contact us:
Data Protection Officer nigelmassen@pelagicpublishing.com