top of page

The Bookmill Ltd Privacy Policy


This privacy notice provides you with the information of how we collect and use your personal data.

THE BOOKMILL LTD t/a JARROLD PUBLISHING is the Data Controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice) when you share it with us.

To contact us our email address is

Or you can write to us at Jarrold Publishing, 8a Crowland Road, Eye, Peterborough, PE6 7TN.

It is important that we have accurate and up to date information about you, so please let us know if any of your personal information changes so we can update our records. You can do this by emailing us at



We will only use your personal information when we have a reason to use it. This might be because:

  • You gave us consent, for example when signing up for our newsletter

  • We have business dealings with you (contract), 

  • We have to collect the information to fulfil a legal or regulatory obligation; or

  • We believe we have a legitimate business interest in using your personal information. 


We aim to be open about the way we use your personal information at the point we collect it, so we will always tell you why we need the information and what we will use the information for. 

Here are the ways we would intend to use your personal data and the legal basis for the processing.

Reason for Collection - Accounting purposes; 

Customer Information - Name, Address, Email, Phone Number;

Legal Basis - Contract


Reason for Collection - Customer Information;

Customer Information - Name, Email Address, Postal Address, Phone Number, Payment type;

Legal Basis -  Contract


Reason for Collection - Marketing;

Customer Information - Name, Postal Address, Email Address;

Legal Basis - Consent or Legitimate interests


We may process your personal data for more than one purpose and therefore there may be more than one legal basis in use. If you would like more detail about how we use your personal information please email us at and we will be happy to respond. 

Sensitive Data

Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences. We do not collect any Sensitive Data about you.



We may send you marketing communications if you have:

  • requested information about our products or services or made a purchase from us; or 

  • if you provided us with your information and requested that we send you marketing communications; and

  • you have not opted out of receiving further marketing from us. 


We do not share your personal information with any other company for marketing purposes.


If at any time you want to stop receiving any marketing information you can email us at and we will remove you from the marketing list [Please allow us up to 14 working days for the unsubscribe to work through our systems].


If you opt out of receiving any marketing communications, this will not apply to any communications related to the purchase of a product or service [Guidebook/Leaflet/Book]. 



On occasion we may have to share your personal information with third parties in order to meet our obligations or provide a service. These parties are set out below for your reference:

  • Service providers who provide IT and system administration services.

  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.

  • Printers, photographers, editors, delivery companies, mailing houses.

  • Third parties to whom we sell, transfer, or merge parts of our business or our assets. 


Before we transfer or share your information with any third parties we will make sure that they have in place processes and procedures to ensure the security of your information and to treat it in accordance with data protection legislation. We would only allow third parties access to your information for specified purposes and in accordance with our instructions. 



We do not transfer your personal data outside the European Economic Area (EEA).


We sometimes need to share your personal data outside the European Economic Area. Some countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.

Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or

  • Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or 

  • Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.


If none of the above safeguards is available and the transfer of data is essential then we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

If you would like more information about how we transfer your personal information, please email us at



To ensure the security of your personal data, we have put in place various security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to personal information to those employees, agent, contractors and third parties who require access in order to be able to perform a required service. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.


We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.



We will only retain your personal data for as long as necessary and to meet the need for which it was collected, including any legal, accounting and reporting requirements. 


We have in place a retention policy for personal data and in defining the retention period, we considered the amount, nature and sensitivity of the personal data held as well as the purposes it was collected for and the potential harm that could arise from the unauthorised access or disclosure of the information. Additionally any legal, regulatory or compliance requirements for the data to be held was also considered.   


By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes.


In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.



 You have a number of rights about how the personal information you provide can be used. These are:

  • Transparency over how we use your personal information (right to be informed).

  • The ability to request a copy of the information we hold about you, which will be provided to you within one month (right of access).

  • Update or amend the information we hold about you if it is wrong (right of rectification).

  • Ask us to stop using your information (right to restrict processing).

  • Ask us to remove your personal information from our records (right to be 'forgotten').

  • Object to the processing of your information for marketing purposes (right to object).

  • Obtain and reuse your personal information for your own purposes (right to data portability).

  • Not be subject to a decision when it is based on automated processing (automated decision making and profiling).


If you would like to know more about your rights under the data protection law, you can find out more at the Information Commissioners Office website.

Remember, you can change the way you hear from us or withdraw your permission for us to processing your personal information at any time by contacting us on



If you wish to talk through anything in our privacy policy, find out more about your rights or obtain a copy of the information we hold about you, please contact us (details are at the top of the policy, we will be happy to help. 

If you wish to raise a complaint on how we have handled your personal information, you can contact us and we will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal information in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

bottom of page