Privacy Policy

We take data privacy very seriously and this document describes how we handle and manage your data.

On May 25, 2018, a new European Union (EU) data protection law, the General Data Protection Regulation (GDPR), took effect. The GDPR gives individuals in the EU more control over how their data is used and places certain obligations on businesses that process information of those individuals. We’ve updated our Privacy Policy to take into account the new requirements of the GDPR.


  • We are Ness Publishing, and you can contact us at
  • We process your data to provide our service to you, or for our legitimate interests.
  • We only process your data for as long as we need to, and then we delete it.
  • We do not share your data with others unless they are providing a service to us (such as payment service providers), or unless you ask us to share your data.
  • Our service includes a number of places where you can send data to third parties. If you want to use these, you should check you are happy with the way they use your data.
  • We do not market to you without your consent and, if you give us your consent, you can withdraw it at any time.
  • You’ve got lots of rights, including the right to complain to the Information Commissioner’s Office. If you need a hand in exercising your rights, feel free to contact us

Who we are

Ness Publishing ("we", "us", "our") is a two-person Partnership, Colin and Eithne Nutt, operating from 47 Academy Street, Elgin, Moray, IV30 1LR, United Kingdom. This privacy policy covers how we will use, collect and process any data provided to us.

How we process your data

Throughout your interactions with us we will collect only the data that we require in order to provide you with the service that you are requesting. The key information that we process is shown below for your information:

IP Addresses

When you access our service we will store a record of your IP address along with details of your request in our logs. This information is stored and used by our web developer to ensure the integrity of our service.

Authorisation and session data

Whenever you use our service we use several third party cookies that identify you to our service. This is necessary to provide the service to you.

Some cookies are used to associate and authenticate you with our site, and retain information pertaining to your use of our shop, and your shopping basket.

In addition to these cookies, there are other third party cookies which are used to track your actions on our site so we can identify areas in which we can improve the functionality of our site. These are optional, and are disabled by default. You can explicitly grant and revoke these by using clicking on the Cookie Cog on the bottom-right corner of your browser window.

Your contact information

We ask for contact information, including your name, e-mail address, telephone number and company name (if appropriate) so that we can fulfil any service with you. We may obtain this implicitly if you send it to us without us first requesting it, e.g. as a e-mail signature.

We require your postal address and/or e-mail address in order to provide you with an invoice for our service. This information is collected as a legal obligation and will be stored on our systems along with invoices for a minimum period of 7 years.

Your contact information may be stored in various systems that we use (for example: our accounting system). This is necessary to provide our service to you.

Your contact information will be retained until we are no longer under any legal obligation to store this information, or we have deemed all services with you to have been fulfilled, whichever is the later.

If you choose to provide us with contact information during checkout on our website this information will be passed onto and stored by a third party provider, Snipcart, which provides our shopping cart system. Snipcart is PCI-compliant.

E-mail addresses

We store your e-mail address for the purposes of managing your account with us. This will be used for transactional e-mails that relate directly to your account or services. This information is required in order to ensure you are informed about your account and can take appropriate actions in various situations.

We will not send you any marketing messages unless you give us explicit permission for us to do so.

Your e-mail address will be kept until such time as all information associated with it are deleted from our systems.

Incoming e-mails

If you send us e-mails, these will be passed through our mail server. This is necessary to provide our service to you.

Outgoing e-mails

If we send you transactional e-mails, such as order confirmations, these will be passed through our internal mail server and stored for a period of time to assist with debugging delivery problems and ensuring messages are appropriately delivered to their destinations. This is necessary to provide our service to you.

The information stored includes the contents of the message sent, the e-mail addresses of the recipients and any other headers.

E-mails directly to us

Ness Publishing is a Partnership (The Ness Publishing Partnership) and the partners are Colin and Eithne Nutt. We do not have any employees, so if you communicate with Ness Publishing directly by e-mail, we may retain your name and e-mail address in the mailboxes of either of us, together with its contents and metadata. This is necessary to provide our service to you.

Telephone call logging and recording

We log telephone calls only to fulfil orders that are not made via our website.

We do not record telephone calls.


If you choose to register with us during checkout, you will be asked for a password. Such registration details are stored by a third party provider, Snipcart. We use Snipcart to provide our shopping cart system.

As a good security practice, we recommend the following with regards to choosing your password:

  • Use a unique password with our website that is not shared with any others.
  • Choose a long secure password containing either multiple random words, or a good combination of letters, numbers & symbols.
  • Exercise good password hygiene and change your password on a regular basis.

Payment cards

We use Snipcart to provide our shopping cart system. Your contact information is sent to and stored within Snipcart so we can process your orders.

Your payment card details (i.e. card number, expiry date and CVV) are sent directly to our payment processor, Stripe, without passing through our server or Snipcart's servers.

Both Snipcart and Stripe are PCI-compliant (Payment Card Industry Data Security Standard) and GDPR-compliant.

For more see:

Support by e-mail

If you contact us by e-mail or through our website, you will be sharing your contact details (e-mail address and/or phone number) with us for the purposes of responding to your query. This is necessary to provide our service to you.

We retain all support requests (including name & contact details) that we receive for the purposes of auditing.

Our servers

We operate servers which are managed by companies compliant with GDPR regulations or are covered by the EU-US Privacy Shield.

Transfer of data on product or service acquisition

If we are acquired by another company or entity, we may share your information with the acquiring company so that they may continue to provide you with the services that you have elected to receive. You will be notified by e-mail in the event that such an acquisition occurs.

Correcting your personal data

It is important to us that the information we store is up to date and accurate. You may update your details at any time by contacting us.

Removal of your personal data

In some cases, you may be able to request that we remove your personal data from our systems. Please feel free to contact us using the information below.

Your rights

You have a lot of rights, including right to request access to and rectification or erasure of your personal data or restriction of processing of it. You also have the right to object to our processing of your data in some situations, as well as the right to data portability.

Notification of data breaches

Upon discovering any data breaches, we will notify any affected individuals as soon as its practical. In the event of a data breach concerning personal data, the affected parties will be notified by e-mail to the main e-mail address we store with your account.

Use of our services by persons under the age of 16

We do not allow anyone under the age of 16 to signup, use or store any personal data with us on any of our services. If we discover or are notified about the presence of a user under this age, we will remove their data from our systems without notice.

Changes to our privacy policy

We may need to make changes to this privacy policy from time to time. All changes will be published to our websites and we recommend reviewing it to stay up to date. If we make any changes that we feel may affect your privacy rights, we will notify you by e-mail or by displaying the information within our website.

Our lawful basis for data processing

Under the General Data Protection Regulation, unless we have otherwise specified above, we will be processing your data as a legitimate interest. These interests include ensuring the security of our systems and allowing us to operate our business in an efficient manner.

Where our processing is based on consent, you may withdraw consent at any time.

Where our processing is necessary for us to perform our contract with you, or to take steps to enter into a contract with you, we will not be able to enter into a contract with you or deliver our service to you if you do not give us the data in question.

Disclosure of information to law enforcement agencies

We may disclose your information if we are requested to by any law enforcement agency where we believe we are required to comply with the request under any applicable laws.

Data protection authority

You may have the right to lodge a complaint with your local data protection authority or the Information Commissioner's Office (ICO) in the United Kingdom (our authority).

The ICO can be contacted at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Other information can be found on their website at

Contacting us

If you have any questions about our privacy policy or any other aspects of our service, you may contact us by e-mail on

Colin Nutt, Ness Publishing, 47 Academy Street, Elgin, Moray, IV30 1LR
Tel: 01343 549663, Mob: 07962 014871, Email:

© Copyright 2009-2024 Ness Publishing. All Rights Reserved.