Last updated: 29 January 2026

The Studio Bookshop (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to:

• Visitors to our website
• Customers who purchase books or other products from our online shop
• Newsletter subscribers and people who contact us via the website

1. Who We Are

The Studio Bookshop is part of an independent publishing group based in the United Kingdom. For the purposes of data protection law, we are the Data Controller of your personal information.

Contact details:
Address:
Email:

2. What Information We Collect

We may collect and process the following personal data:

• Basic contact details: name, email address, phone number
• Order and delivery information: billing address, delivery address, order history
• Payment information: transaction details (payments are processed securely by third-party payment providers; we do not store full card details)
• Website usage data: IP address, browser type, device information, and data collected via cookies
• Marketing preferences: newsletter sign-ups and consent records
• Customer communications: emails or messages you send to us relating to orders or enquiries

3. How We Use Your Information

We use your personal data for the following purposes:

• To process and fulfil orders placed through our online shop
• To arrange delivery of purchased items
• To communicate with you about your order, enquiry, or account
• To process payments, refunds, or returns
• To comply with legal and accounting obligations (including HMRC requirements)
• To send newsletters or marketing communications where you have given consent
• To analyse and improve the performance, security, and usability of our website

4. Legal Basis for Processing

We process your personal data on one or more of the following legal bases:

• Contract: where processing is necessary to fulfil an order or provide customer support
• Legal obligation: where we must retain data for tax, accounting, or legal compliance
• Consent: where you have opted in to receive marketing communications
• Legitimate interests: for operating, improving, and securing our website and services

5. Sharing Your Information

We do not sell or rent your personal data.

We may share your information with trusted third parties where necessary, including:

• Payment processors (e.g. for handling transactions securely)
• Delivery and fulfilment partners (to ship your orders)
• Website hosting and IT service providers
• Email marketing providers (for newsletters, where consent has been given)
• Legal or regulatory authorities where required by law

All third parties we work with are required to comply with data protection legislation and to process your data securely.

6. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

• Secure hosting and encrypted connections
• Password-protected systems and restricted access
• Two-factor authentication where available
• Regular software updates and security monitoring
• Use of GDPR-compliant third-party providers

While we take all reasonable steps to safeguard your information, no method of transmission over the internet is completely secure. By using our website, you acknowledge this risk.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including:

• Order and financial records: typically up to 6 years, in line with HMRC requirements
• Marketing data: until you withdraw consent or unsubscribe
• Customer enquiries: usually no longer than 12 months after resolution

8. Children’s Data

Our website and shop are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal information, please contact us and we will delete it.

9. International Data Transfers

In some cases, your personal data may be transferred or stored outside the UK or European Economic Area (EEA), for example where we use cloud-based services. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses.

10. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

11. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your data (where legally permissible)
• Restrict or object to certain types of processing
• Request data portability
• Withdraw consent to marketing at any time
• Lodge a complaint with the Information Commissioner’s Office (ICO)

12. Cookies

Our website uses cookies to improve functionality, analyse site traffic, and enhance user experience. For more information, please see our Cookie Policy.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those external sites.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “last revised” date.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Address: 
Acanthus Media & Publishing
St Andrew’s Castle
33 St Andrew’s St. South
Bury St Edmunds
Suffolk, IP33 3PH

Email: hello@thestudiobookshop.co.uk