Privacy Policy

Last updated: 9th April 2026

Introduction

Sunlit Plex Limited ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

We respect your privacy rights and are transparent about how we handle your personal data. This policy applies to all information collected through our website, services, and any related communications.

Information We Collect

We collect information that you provide directly to us, as well as certain information automatically when you use our services.

Information You Provide

When you engage with our services, we may collect the following:

  • Contact details including name, email address, and postal address
  • Reading preferences, favourite authors, and genres of interest
  • Books you've read and your opinions about them
  • Communication preferences and service selections
  • Payment information when you purchase our services
  • Any other information you choose to share with us

Information Collected Automatically

When you visit our website, we automatically collect certain information about your device and browsing behaviour:

  • IP address and general location information
  • Browser type and version
  • Pages visited and time spent on each page
  • Referring website addresses
  • Device type and operating system

How We Use Your Information

We use the information we collect for various purposes related to providing and improving our services:

  • To provide personalised book recommendations based on your preferences
  • To process and fulfil your service requests
  • To communicate with you about our services, including responding to enquiries
  • To send you curated book collections and reading materials
  • To improve our website functionality and user experience
  • To maintain records of our services and your reading journey with us
  • To process payments and maintain financial records
  • To comply with legal obligations

Legal Basis for Processing

Under UK data protection law, we must have a legal basis to process your personal information. We rely on the following:

  • Contract Performance: Processing necessary to provide services you've requested
  • Legitimate Interests: Processing necessary for our business operations, provided your interests don't override ours
  • Consent: Where you've given clear permission for specific processing activities
  • Legal Obligation: Where we must process data to comply with the law

How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

Service Providers

We work with trusted third parties who assist us in operating our business. These may include:

  • Payment processors for secure transaction handling
  • Delivery services for book shipments
  • Email service providers for communication
  • Web hosting and technology infrastructure providers

These parties are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements

We may disclose your information if required by law or in response to valid requests from public authorities.

Business Transfers

If we're involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Limited access to personal information on a need-to-know basis
  • Staff training on data protection responsibilities
  • Secure storage of physical records

However, no method of transmission over the internet is completely secure. Whilst we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.

  • Active client information is retained for the duration of our relationship and for up to two years following your last interaction with us
  • Financial records are retained for seven years to comply with tax regulations
  • Marketing consent records are retained until you withdraw consent
  • Website analytics data is retained for 26 months

When we no longer need your information, we securely delete or anonymise it.

Your Rights

Under UK data protection law, you have several rights regarding your personal information:

  • Right of Access: You can request copies of your personal information
  • Right to Rectification: You can ask us to correct inaccurate or incomplete information
  • Right to Erasure: You can request deletion of your personal information in certain circumstances
  • Right to Restrict Processing: You can ask us to limit how we use your information
  • Right to Data Portability: You can request your data in a structured, commonly used format
  • Right to Object: You can object to certain types of processing, including direct marketing
  • Rights Related to Automated Decision-Making: You have rights regarding decisions made solely by automated means

To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request.

Cookies and Tracking

Our website uses cookies and similar technologies. For detailed information about our cookie practices, please see our Cookies Policy.

Third-Party Links

Our website may contain links to other websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any website you visit.

Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children. If you believe we've inadvertently collected information from a child, please contact us immediately.

International Data Transfers

Your information is primarily stored and processed within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place to protect your information in accordance with UK data protection law.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice on our website or sending you an email. The "Last updated" date at the top indicates when this policy was last revised.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Sunlit Plex Limited
42 Bloomsbury Way
London WC1A 2SE
United Kingdom
Email: [email protected]

Complaints

If you're unhappy with how we've handled your personal information, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk