1. Who we are
Australian Blue Publishing is a small independent book publisher based in Sydney, Australia. We are the data controller for the personal data we collect through this website.
Australian Blue Publishing
Sydney, NSW 2000, Australia
ABN: 00 000 000 000
Data Protection contact: privacy@australianblue.com
2. Data we collect
We collect the minimum necessary to deliver your book and maintain a lawful business. Specifically:
| Data | When | Purpose |
|---|---|---|
| Email address | At checkout | Deliver the book, send order confirmation, respond to support requests |
| First & last name | At checkout | Issue invoice, personalise delivery |
| Shipping address | At checkout (paperback) | Ship the printed book |
| Payment details (card) | At checkout | Processed directly by Stripe. We never see or store your full card number. |
| Order history | After purchase | Legal accounting, refund handling, customer support |
| Anonymous analytics (page views, traffic sources) | While browsing | Understand which pages are used, improve the site |
We do not collect: passport numbers, date of birth, identity documents, travel dates, government-issued IDs, or any other data unrelated to selling a book.
3. Why we collect it
- Deliver your book we need your email to send a digital receipt and, for paperbacks, your address to post the physical book.
- Customer support if you contact us, we use your email to reply.
- Accounting compliance Australian tax law requires us to retain sales records for 5 years.
- Site improvement anonymous analytics tell us which chapters of the landing page are read, not who reads them.
4. Legal basis (GDPR / APP)
- Contract performance processing your order is necessary to fulfill the contract you entered when you clicked "Pay".
- Legal obligation retaining sales records for tax compliance.
- Legitimate interest operating a small business, improving our website with anonymous analytics.
- Consent newsletters (opt-in only, if you subscribe voluntarily).
5. Who we share data with
We share personal data only with providers strictly necessary to fulfil your order:
- Stripe Payments (Dublin, Ireland / San Francisco, USA) payment processing. See Stripe's privacy policy.
- Lulu Direct / Gelato print-on-demand partners who print and ship the paperback.
- Australia Post / Royal Mail / DHL shipping carriers.
- Our email provider for delivering order confirmations and the digital PDF.
- Plausible / self-hosted analytics anonymous, cookieless site analytics.
We do not sell or rent your personal data to any third party, ever.
6. Data retention
- Order records: 5 years (Australian tax law).
- Support emails: 2 years.
- Newsletter subscribers: until you unsubscribe.
- Anonymous analytics: 24 months, then aggregated.
7. Your rights
Under the GDPR (EU/UK customers), the California Consumer Privacy Act (CCPA USA), and the Australian Privacy Principles, you have the right to:
- Access request a copy of the personal data we hold about you.
- Rectification ask us to correct inaccurate data.
- Erasure ("right to be forgotten") ask us to delete your data, subject to legal retention obligations.
- Restriction ask us to pause processing while you dispute data accuracy.
- Portability receive your data in a machine-readable format.
- Objection object to processing based on legitimate interest.
- Withdraw consent for anything we process based on your consent.
- Complain to your national data protection authority (e.g. CNIL in France, ICO in the UK, OAIC in Australia).
To exercise any right, email privacy@australianblue.com. We reply within 30 days (usually within 48 hours).
8. Cookies
We use a minimal set of cookies, all classified as strictly necessary:
| Cookie | Purpose | Duration |
|---|---|---|
| stripe_* | Stripe fraud prevention during checkout | Session |
| ab_order | Remember your order selection if you reload the page | 1 hour |
We do not use advertising cookies, social media pixels, or tracking across other websites. We use Plausible Analytics, a privacy-friendly analytics tool that does not set cookies and does not track individual users.
Because we only use strictly necessary cookies, no cookie banner is legally required under GDPR or ePrivacy Directive.
9. Security
All data in transit is encrypted with TLS 1.3. Payment data is processed directly by Stripe (PCI-DSS Level 1 certified) we never see or store your card number. Our servers are hosted in Europe (OVH / Hetzner), accessed only by authorised staff, and backed up encrypted.
If we ever become aware of a data breach affecting your personal data, we will notify you and the relevant authority within 72 hours as required by the GDPR.
10. Contact our Data Protection officer
Email: privacy@australianblue.com
Post: Australian Blue Publishing, Sydney NSW 2000, Australia