logo
logo logo

Privacy Policy

Last updated: 17 February 2026

1. Introduction

This Privacy Policy explains how Noble Legacy Publishing Ltd (“Noble Legacy”, “we”, “our”, or “us”) collects, uses, and safeguards personal data in connection with our website and publishing services.

Noble Legacy Publishing Ltd is a company registered in England and Wales and registered with the Information Commissioner’s Office (ICO) as a data controller.

We process personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018

This Privacy Policy should be read alongside our Terms & Conditions, Publishing Framework, and Cookie Policy.

2. Data Controller Information

Noble Legacy Publishing Ltd
Company Number: 16407756
ICO Registration Number: ZC034329
Registered Office:
34–35 Hatton Garden
Suite 3085tz, Unit 3ab
London
England
EC1N 8DX
Email: [email protected]

For all data protection matters, including subject access requests, please contact us at the email address above.

3. Categories of Personal Data Collected

We collect and process personal data necessary for operating our publishing business and website.

3.1 Contact Information
  • Name
  • Email address
  • Telephone number
  • Postal address
3.2 Enquiry and Consultation Data
  • Information submitted via contact forms
  • Correspondence content
  • Publishing objectives and project requirements
3.3 Author and Publishing Data

In connection with publishing services, we may process:

  • Manuscripts and related editorial materials
  • Author biographical information
  • Publishing metadata (including title, description, genre, and ISBN allocation)
  • Contracts and service agreements
  • Project communications and editorial records

Manuscripts may contain references to identifiable individuals. Authors are responsible for ensuring they have lawful authority to include such data. Applicable warranties and indemnities are governed by the relevant Publishing Agreement.

Where Noble Legacy Publishing Ltd is listed as publisher of record through ISBN assignment, we retain bibliographic and compliance records necessary to fulfil statutory and archival obligations under UK law.

3.4 Financial and Platform Configuration Data

Where necessary for the provision of publishing services, we may process:

  • Invoicing information
  • Payment transaction confirmations
  • Bank account details provided for configuration of third-party distribution platforms (including account name, account number, sort code, IBAN or equivalent identifiers)
  • Tax or payment-related identifiers required by Amazon KDP, IngramSpark, or similar platforms

Financial information provided for distribution setup is processed solely to enable direct royalty payments from third-party platforms to the author.

Platform accounts remain owned and controlled by the author. Noble Legacy Publishing Ltd does not receive, hold, or distribute retail royalties.

Payment card details are processed by regulated third-party providers, including Stripe, and are not stored on our systems.

Bank account details provided for platform configuration are retained only for the period necessary to complete account setup and verification. Once configuration is confirmed and operational, such financial details are securely deleted and not retained on our systems.

3.5 Website Usage Data
  • IP address
  • Device and browser information
  • Pages visited and session duration
  • Referral source
  • Cookie and tracking data

Further details are provided in our Cookie Policy.

4. How Personal Data Is Collected

4.1 Directly from You

We collect personal data when you:

  • Submit an enquiry
  • Correspond with us
  • Enter into a Publishing Agreement
  • Provide manuscript or publishing materials
  • Provide information required to configure third-party distribution accounts
  • Subscribe to updates (where applicable)
4.2 Automatically Through Website Use

Where consent is provided via our cookie management platform (Cookiebot), we may collect data through:

  • Cookies and similar technologies
  • Google Analytics
  • Meta Pixel

Non-essential cookies and tracking technologies are not activated until consent is obtained.

5. Lawful Basis for Processing

5.1 Performance of a Contract

Where processing is necessary to:

  • Provide publishing services
  • Configure distribution platforms
  • Administer royalty-related setup
  • Take steps prior to entering into a Publishing Agreement
5.2 Legitimate Interests

Where necessary for the legitimate interests of operating and administering our publishing business, including:

  • Responding to enquiries
  • Managing editorial workflows
  • Maintaining publishing and compliance records
  • Preventing fraud or misuse
  • Establishing, exercising, or defending legal claims

These interests are balanced against the rights and freedoms of individuals.

5.3 Consent

We rely on explicit consent for:

  • Non-essential cookies
  • Marketing communications

Consent may be withdrawn at any time.

5.4 Legal Obligation

Where processing is required to comply with:

  • UK tax and accounting regulations
  • The Legal Deposit Libraries Act 2003
  • Regulatory or court orders

6. Use of Personal Data

6.1 Publishing Services
  • Reviewing manuscripts
  • Preparing bibliographic metadata
  • Assigning ISBNs
  • Supporting distribution configuration
  • Fulfilling legal deposit obligations
  • Maintaining publishing records
6.2 Author and Client Management
  • Managing contractual relationships
  • Communicating project updates
  • Responding to queries
6.3 Business Administration
  • Processing invoices
  • Maintaining accounting records
  • Ensuring regulatory compliance
6.4 Website Operation
  • Maintaining website security
  • Analysing usage patterns
  • Improving functionality
6.5 Marketing (Where Consent Is Provided)
  • Sending newsletters or service updates

We do not sell, rent, or trade personal data.

7. Special Category Data

Where manuscripts contain special category data relating to identifiable individuals (such as health information or political views), such data is processed solely in connection with publishing services and subject to author warranties.

We do not independently collect special category data outside of author-provided materials.

8. Data Retention

Personal data is retained only for as long as necessary for operational, legal, and compliance purposes.

8.1 Enquiries

Retained for up to 12 months where no contractual relationship is established.

8.2 Publishing and Author Records

Retained for the duration of the publishing relationship and for six years thereafter in accordance with HMRC requirements and legal defence purposes.

Bibliographic records associated with ISBN assignment may be retained indefinitely where required for statutory and archival compliance.

8.3 Financial and Platform Configuration Data

Bank account details provided for distribution setup are retained only for the duration required to complete platform configuration and verification. Following confirmation that the author’s account is operational, such financial data is securely deleted.

Invoicing and accounting records are retained for six years in accordance with UK tax legislation.

8.4 Analytics Data

Retained in accordance with the policies of relevant analytics providers.

Where data is no longer required, it is securely deleted or anonymised.

9. Data Sharing

9.1 Service Providers
  • IT and hosting providers
  • Payment processors (including Stripe)
  • Professional advisers
9.2 Publishing and Industry Bodies
  • ISBN agencies
  • Legal deposit libraries
  • Bibliographic data services
  • Distribution platforms where required
9.3 Legal and Regulatory Authorities

Where disclosure is required by law.

All third parties are required to process data in accordance with applicable data protection law.

9.4 Customer Relationship Management and Marketing Platform

We use HubSpot, Inc. as our customer relationship management and marketing automation provider.

HubSpot processes personal data submitted via website forms, enquiry submissions, and subscription preferences. This includes contact information, correspondence records, and engagement history.

HubSpot may store and process data on servers located outside the United Kingdom. Where such transfers occur, appropriate safeguards are implemented in accordance with UK GDPR, including standard contractual clauses and other lawful transfer mechanisms approved by the Information Commissioner's Office.

HubSpot acts as a data processor on our behalf and processes data strictly in accordance with contractual data processing agreements.

For further information, please refer to HubSpot's privacy policy at https://legal.hubspot.com/privacy-policy

10. International Transfers

Where personal data is processed outside the United Kingdom, appropriate safeguards are implemented in accordance with UK GDPR, including adequacy regulations or standard contractual clauses.

11. Data Security

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or destruction.

These include:

  • Secure hosting environments
  • Encrypted data transmission (SSL/TLS)
  • Restricted internal access to financial and configuration data
  • Access controls and account security measures

12. Individual Rights

Under UK GDPR, individuals have the right to:

  • Access personal data
  • Rectify inaccurate data
  • Request erasure (subject to legal obligations)
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent where applicable

Requests may be submitted to:

[email protected]

We respond within statutory timeframes.

13. Complaints

If you believe your personal data has been processed unlawfully, you may contact:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
www.ico.org.uk

14. Updates to This Policy

This Privacy Policy may be updated to reflect changes in legal requirements or operational practices. The current version will always be available on our website with an updated revision date.