Last updated: 2 June 2026

We care deeply about the privacy of our clients, subscribers and anyone who contacts us. This policy explains what personal data we collect, how we use it, and what rights you have. If you have any questions, please contact us — details are at the end of this policy.

Who We Are

Wordscape Ltd is a limited company registered in England and Wales at Companies House (Registration No. 06798250). We are a publishing house and marketing agency based in Liverpool.

Studio A, 49 Jamaica Street, Liverpool L1 0AH

Email: hello@wordscape.org.uk

We are registered with the Information Commissioner's Office (ICO), Registration No. ZA743454.

We are committed to protecting your privacy and complying with the Data Protection Act 2018 (DPA 2018), the UK General Data Protection Regulation (UK GDPR), the Data (Use and Access) Act 2025 (DUAA), and any other applicable UK data protection legislation (together, "Data Protection Law").

The Information We Collect and How We Use It

Newsletter subscribers

If you subscribe to our newsletter (Musings and News Things), we add your name and email address to our mailing list, which is managed via Mailchimp. You will receive one newsletter per month, and occasionally an additional message at special times of year.

Mailchimp may transfer personal data outside the UK. More information on how Mailchimp manages data protection can be found at mailchimp.com/gdpr.

To unsubscribe: every newsletter contains an unsubscribe link in the footer. You can also email hello@wordscape.org.uk. Note that Mailchimp retains unsubscribed addresses on a suppression list to prevent accidental re-addition; contact us directly if you wish your details to be permanently deleted.

Website and email enquiries

If you contact us via email or our website contact form, your name, email address and message will be accessible to our small team and may be passed to the person best placed to respond. Your personal information is never shared externally or used for other purposes.

We reserve the right to retain contact messages indefinitely to maintain continuity of context, particularly where there is a history relevant to ongoing or future work. All team members adhere to strict internal privacy and security policies.

Client project data

Where we work with you on a project, we will process personal data necessary for delivery of that work — including contact names, email addresses, and any personal data contained within project materials. This data is processed on the basis of contract and legitimate interests.

Financial records

We are legally required to retain records relating to financial transactions for at least six years following the end of the relevant accounting period. We use Xero to manage our accounts; Xero may transfer personal data outside the UK. Details of how Xero manages data protection are available at xero.com/uk/data/xero-and-gdpr.

Legal Basis for Processing

We rely on the following lawful bases under UK GDPR:

• Consent (Article 6(1)(a)): for newsletter subscriptions and website contact form submissions.

• Contract (Article 6(1)(b)): for processing data necessary to deliver client projects.

• Legal obligation (Article 6(1)(c)): for financial record retention.

• Legitimate interests (Article 6(1)(f)): for internal administration, maintaining contact histories, and business continuity. Under the DUAA, certain recognised legitimate interests activities do not require a separate balancing test.

Data, Cookies and External Services

When you visit our website, analytics tools (such as Google Analytics) may collect information about your browser configuration and visit. We do not share personal information such as email or home addresses with these services.

Under the DUAA, certain low-risk cookies used for site functionality and analytics may not require explicit consent. We nonetheless provide clear information about our cookie use and offer you choices. You can opt out of Google Analytics tracking via Google's opt-out plugin at tools.google.com/dlpage/gaoptout.

Your Rights

Under UK Data Protection Law you have the following rights:

• Access: request a copy of the personal data we hold about you.

• Rectification: ask us to correct inaccurate or incomplete data.

• Erasure: request deletion of your personal data where there is no legitimate reason for us to retain it (note: financial records must be kept for six years by law).

• Restriction: ask us to limit how we use your data in certain circumstances.

• Portability: receive your data in a machine-readable format.

• Withdrawal of consent: where we rely on consent, withdraw it at any time.

• Objection: object to processing based on legitimate interests.

To exercise any of these rights, contact us at hello@wordscape.org.uk.

Data Protection Complaints

We take data protection seriously and want to resolve any concerns quickly and fairly. If you are unhappy with how we have handled your personal data, please raise your concern with us first. We have a formal process in place as required by section 103 of the Data (Use and Access) Act 2025.

You can raise a data protection complaint with us by:

• Email: hello@wordscape.org.uk

• Post: Wordscape Ltd, Studio A, 49 Jamaica Street, Liverpool L1 0AH

We will acknowledge your complaint within 30 days and aim to provide a full written response within three months. We will keep you informed of progress throughout.

If you are not satisfied with our response, you have the right to escalate to the Information Commissioner's Office:

• Website: ico.org.uk/make-a-complaint

• Phone: 0303 123 1113

• Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page with an updated date. We will make reasonable efforts to draw material changes to your attention.

This Privacy Policy was last reviewed and updated on 2 June 2026 to incorporate the complaint handling requirements introduced by section 103 of the Data (Use and Access) Act 2025.

PRIVACY POLICY