Privacy Policy

1. Introduction and who we are

This Privacy Policy describes how LOM Publishing Ltd processes personal data in connection with our website and services available at the following paths: the homepage, and our categories for books, magazines, guides, and courses. In this policy we explain what we collect, the legal bases for processing, how long we keep information, how we share data with service providers, how you can exercise your rights, and how to contact us.

Data controller identity: LOM Publishing Ltd, 12 Baker Street, London, W1U 3BH, United Kingdom. For general enquiries contact [email protected]. For privacy enquiries contact [email protected]. Phone number: +44 20 3808 7825. If you are based in the United Kingdom your supervisory authority is the Information Commissioner’s Office. Details for complaints are provided in the Rights section below.

We serve adult learners and professionals who seek self-development resources and practical, ethical approaches to building skills. Our services are not directed at children. We maintain safeguards to protect personal information and review this policy periodically to ensure clarity and accuracy.

2. Data we collect

We collect the minimum personal data required to deliver content, respond to messages, and maintain site security and performance. Categories of data include the following. Identification data: full name if you provide it in a contact message or when signing up for optional updates. Contact data: email address and phone number if you choose to provide them. Technical data: IP address, approximate location derived from IP, browser type and version, device type, operating system, referrer URL, and time stamps. Usage data: pages visited, buttons clicked, time on page, scroll depth, and interactions with navigation components. Cookie data and similar technologies: preferences, acceptance or rejection of cookies, and unique identifiers for analytics if consented. Communications data: messages you send to us and our responses.

We do not intentionally collect sensitive personal data such as health details, political opinions, religious beliefs, or financial account numbers. Do not include such information in any message or form. If we discover we have received sensitive data inadvertently, we will delete it unless we are legally required to retain it for a specific purpose.

3. How we collect data

We collect data in several ways. Directly from you: when you email us, submit a form, or request materials such as guides or course information. Automatically through our website: using first party cookies for essential functionality and, if you consent, analytics cookies that help us understand aggregated usage patterns. Through server logs: our hosting environment records basic technical diagnostics that are necessary to operate the service and to prevent abuse. Through analytics tools: if consented, we may use Google Analytics 4 to understand which pages are most helpful and to improve navigation. Through advertising pixels: if consented, we may use the Meta Pixel to measure the effectiveness of campaigns that link to our pages. All optional tools are loaded only after you choose Accept on the cookie banner.

4. Legal bases for processing

We rely on the following legal bases under UK GDPR and, where applicable, EU GDPR. Consent under Article 6.1.a: for analytics cookies, marketing emails, and advertising pixels. You may withdraw consent at any time by contacting us or adjusting your browser settings. Contract under Article 6.1.b: to deliver materials you requested, such as sending a guide, enrolling you in a course, or responding to a support inquiry that requires your contact details. Legitimate interests under Article 6.1.f: to maintain security, prevent fraud, measure basic site performance, and communicate service related updates that do not require marketing consent. Legal obligation under Article 6.1.c: to comply with tax, accounting, or court orders where applicable.

Where we rely on legitimate interests, we balance our interests against your rights and expectations. For example, we collect minimal log data for security diagnostics and rotate or aggregate it within a reasonable timeframe to reduce impact on privacy.

5. Purposes of processing

We process data for the following specific purposes. Service delivery: to provide access to our pages, reading paths, and downloadable resources. Customer support: to respond to questions about books, magazines, guides, or courses. Improvements and quality assurance: to evaluate aggregate usage so we can simplify navigation and ensure accessibility. Marketing with consent: to send occasional updates about new resources or course dates and to measure non intrusive campaign performance. Security and abuse prevention: to protect our infrastructure, detect anomalies, and investigate incidents. Legal compliance and record keeping: to maintain appropriate records of consents and transactions if any paid products are introduced in the future.

We do not make automated decisions that produce legal or similarly significant effects on you. If that position changes in the future, we will update this policy, describe the logic involved, and provide a simple opt out mechanism.

6. Retention periods

We keep personal data only as long as necessary for the purposes described above. We use the following retention guidelines. Contact messages and support requests: retained for up to 24 months to track context and provide continuity if you reach out again. Form submissions related to resource delivery: retained for up to 24 months, unless you unsubscribe or request deletion earlier. Newsletter email list if offered: retained until you unsubscribe plus 30 days for processing across systems. Cookie consent records: retained for 12 months then renewed. Analytics data if consented: stored in Google Analytics 4 with a retention period set to 14 months. Server logs: retained for 90 days unless required for an active security investigation. If we are required by law to preserve certain records for a longer period, we will comply with that obligation.

7. Data sharing and processors

We do not sell personal data. We share data only with trusted service providers who help us run the website, and only to the extent necessary for the service each provider offers. Typical categories of processors include hosting and infrastructure providers that store our website and server logs, email service platforms that deliver transactional or consented marketing emails, analytics providers such as Google Analytics 4 if you opt in, and advertising platforms such as Meta if you consent to the pixel. Each provider is bound by contractual obligations that include confidentiality and data protection commitments. If we change or add providers, we will update this section accordingly in the next revision of this policy.

We may disclose data if required to do so by law or in response to valid legal requests from public authorities. We may also disclose data to establish, exercise, or defend legal claims, or to investigate suspected fraud or abuse. If we ever engage in a corporate transaction such as a merger or asset transfer, we will inform you before your data is transferred and becomes subject to a different privacy policy.

8. International data transfers

Our primary hosting region is within the United Kingdom or the European Economic Area when feasible. Some service providers may process data in countries outside your home jurisdiction. When we transfer personal data from the UK or EEA to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the European Commission Standard Contractual Clauses and the UK International Data Transfer Addendum. Where applicable, we supplement those safeguards with technical and organisational measures that include encryption in transit and access controls. Copies of the relevant transfer mechanisms can be requested by emailing [email protected].

9. Your rights and how to exercise them

Subject to conditions and exemptions under applicable law, you have the following rights. Right of access: obtain a copy of your personal data and information about how it is processed. Right to rectification: correct inaccurate or incomplete personal data. Right to erasure: request deletion of your personal data where processing is no longer necessary or where consent has been withdrawn and there is no other legal basis. Right to restrict processing: request limitation of processing in certain circumstances, for example while accuracy is verified. Right to data portability: receive personal data you provided to us in a structured, commonly used format and transmit it to another controller where technically feasible. Right to object: object to processing based on legitimate interests, including profiling, and object to direct marketing at any time. Right to withdraw consent: when processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

How to make a request: email [email protected] with a clear description of your request and the email address you used with us. We may ask for reasonable verification of identity to protect your account and data. We aim to respond within one month and will inform you if additional time is needed for complex requests. If you believe we have not handled your request appropriately, you have the right to lodge a complaint. United Kingdom supervisory authority: Information Commissioner’s Office, ico.org.uk, telephone 0303 123 1113. You may also seek a remedy through your local courts.

10. Cookies and similar technologies

Cookies are small text files placed on your device to help the site function and to remember your preferences. We use three categories. Strictly necessary cookies: required for essential functions such as load balancing, security, and remembering that you have dismissed the cookie banner. These cookies are always active and typically expire within 12 months or sooner. Analytics cookies: optional and used only with your consent to understand aggregated behavior. These may include Google Analytics 4 identifiers that persist for up to 14 months. Marketing cookies: optional and used only with consent to measure the effectiveness of campaign traffic using tools such as the Meta Pixel. You can accept or reject analytics and marketing cookies using the cookie banner available on our site. You can change your cookie settings anytime by clearing cookies in your browser or by visiting our site in a private browsing mode to choose again.

Managing cookies in your browser: most browsers allow you to block third party cookies, delete existing cookies, and set rules for specific sites. If you block all cookies the site should remain navigable, but certain preferences may not persist between visits. Our cookie banner stores your consent choice in local storage so that we respect your decision on subsequent page loads. If you wish to withdraw consent after accepting, you can clear cookies and site data, then revisit our pages to select Reject on the banner.

11. Children’s privacy

Our website and services are intended for individuals who are at least 16 years old. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided personal data to us, please contact [email protected] and we will take appropriate steps to remove the information promptly. If we learn that we have collected data from a child without appropriate consent, we will delete that data as soon as reasonably possible unless we are legally required to retain it for a defined purpose.

12. Security measures

We apply technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access. These measures include encryption in transit using HTTPS, access controls on administrative systems, periodic review of permissions, secure configuration of hosting environments, and staff training on data handling principles. No method of transmission or storage is perfectly secure. We monitor our systems for vulnerabilities, keep software dependencies updated where feasible, and maintain an incident response plan. If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by law.

13. Communications and marketing

You will receive marketing communications from us only if you have opted in. If you subscribe to updates and later change your mind, you can unsubscribe using a link in any email or by contacting [email protected]. We may still send you non marketing communications such as service announcements or responses to your messages. We do not buy, sell, or rent email lists. If we run an advertising campaign on platforms such as Meta or Google, we target audiences based on platform level controls rather than uploading your personal data, unless we have your explicit consent to do so and we are satisfied that the use is compliant with applicable platform policies and law.

14. Third party links

Our website may include links to third party articles or tools that we consider helpful for learning. External websites are not operated by us. If you follow a link to another site, that site’s privacy policy will apply. We encourage you to review the privacy policy and terms of any external website you visit. The presence of a third party link on our pages does not imply endorsement of that website’s data practices.

15. International users

If you access our site from outside the United Kingdom, be aware that your data may be transferred to, stored, or processed in the UK or other countries where our providers operate. We take steps to ensure an adequate level of protection in line with the standards of your jurisdiction by using recognised legal mechanisms for data transfers and by applying consistent technical and organisational safeguards. By using the site and providing information, you understand that your data may be processed in jurisdictions that may have different data protection rules than your country, while still benefiting from the safeguards described in this policy.

16. Changes to this policy

We may update this Privacy Policy to reflect changes in our services, legal requirements, or best practices. If the changes are significant we will notify you by posting a prominent notice on our site or by sending an email to subscribers if appropriate. The date at the top of this page shows when the policy was last updated. Continued use of our site after the effective date of an update indicates that you have read and understood the revised policy. Historical versions can be requested by contacting [email protected].

Last updated: January 15, 2026.

17. Contact us and data protection lead

If you have questions about this policy or wish to exercise your rights, contact our Data Protection Lead using the details below. Email for privacy requests: [email protected]. Postal address: LOM Publishing Ltd, 12 Baker Street, London, W1U 3BH, United Kingdom. General enquiries: [email protected]. Phone: +44 20 3808 7825. We aim to respond within one month and will let you know if more time is needed for complex requests.