Skip to content
ESco

Our privacy policy

Last Update: March 2nd 2026

Jump to section:
1. Privacy Summary
2. Information We Collect
3. How We Use The Information We Collect
4. How We Use The Information For Marketing
5. How We Share Information With Third Parties
6. Information Security
7. Accessing, Deleting Or Updating Your Information
8. Information Regarding Children
9. Accountability

Please read and save this Privacy Policy.

1. Privacy Summary

The Data Controller, ESco Business Services Ltd, a company registered in the United Kingdom (Registered No. 3108910) at Trinity House, Sculpins Lane, Wethersfield, Braintree, CM7 4AY is committed to protecting your privacy in accordance with the Data Protection Act 2018 (the ‘Act’) and the UK General Data Protection Regulation (the ‘GDPR’). If you have any questions about this policy, the representative responsible for Data Protection, the Data Protection Officer, can be contacted by writing to the above address or alternatively by sending an email to [email protected].

ESco Business Services Ltd is a dynamic publishing services bureau providing a range of professional services to the publishing industry. In order to operate the services we offer, ESco Business Services Ltd (‘ESco’, ‘The ESco Group’, ‘Daughters of Disco’, ‘our’, ‘us’ or ‘we’), must ask you to provide us with information about yourself. This Privacy Policy describes the information we collect and how we use that information. We take the processing of your information very seriously and will use your information only in accordance with the terms of this Privacy Policy. For the purposes of this Privacy Policy, personal data is referred to as ‘information’ which means any information relating to an identified or identifiable natural person.

Please note that we are not responsible for the privacy practices of other web sites and we recommend that you check the privacy policy of any other web sites you may visit. The inclusion of links to such web sites does not imply any endorsement of the material on such sites nor any association with their owners or operators. If you have any complaints relating to such sites, please contact them directly.

This Privacy Policy will be updated from time to time and all future changes will take effect as specified at the time of the update by posting a revised version of it on our website. Please check back regularly for the most current version of our Privacy Policy.

Back to top

2. Information We Collect

To use any of our services, you must provide your name, address, email address and in some instances your company name, job title and telephone number. In order to make payments, you must provide credit card, debit card or bank account information. We do not collect any sensitive personal information such as information on your racial or ethnic origins, political opinions, trade union affiliations, sexual life, health or criminal history.

When you access our services online using any device, we collect and store device data including but not limited to geolocation data to provide offers relevant to your region. We also collect information such as which pages of our website you visit, IP addresses, the type of browser you use and the times you access our website.

We will only keep your information for as long as is necessary for the purpose of providing you with the service you have requested from us or to meet specific anti-fraud and legal requirements. If you would like more information, please contact the Data Protection Officer.

The provision of the information detailed above is a requirement necessary to provide the service. By providing your information and signing up to our service you are entering a contract for the term of the service. If you object or are not willing to provide this information, please do not register or use any of our services.

When you access our website, or use any of our services, we (including companies we work with) may place small data files on your computer or other device known as cookies. For more information, please see our Cookies Policy.

Back to top

3. How We Use The Information We Collect

Our primary purpose in collecting your information is to provide you with a service. You agree that we may use your personal information to achieve this.  We are required to identify a specific “Lawful Basis” for every way we use your information. The table below outlines our primary processing activities and the legal grounds we rely on:

Activity / Purpose Type of Information Lawful Basis (UK GDPR)
Providing our services
(e.g., account setup, fulfilling orders).		 Name, Address, Email, Payment details Performance of a Contract
Service notifications
(e.g., lapse reminders, security alerts)		 Email, Phone number Performance of a Contract
Preventing fraud & crime
(e.g., identity checks, system security)		 Device data, IP address, Name Recognised Legitimate Interests
Website Analytics
(to improve our content and performance)		 Cookies, Browser type, Page visits Legitimate Interests
Direct Marketing
(to new prospects or via third-parties)		 Email, Phone number Consent
Direct Marketing
(to existing customers for similar services)		 Email Legitimate Interests (Soft Opt-in)

Back to top

4. How We Use The Information For Marketing

We will only send you direct marketing communications in circumstances where we have your specific consent or where we believe we can demonstrate a legitimate interest.

When you sign up to any of our services, we ask for your consent to send you direct marketing communication over a variety of channels. We will honour your right to withdraw your consent at any time.

When you enquire about or request a service from us, we may rely on our legitimate business interests to send you marketing communications (via post, email or telephone). These communications will always be related to our services and we believe will be of interest to you. We will always provide you with the opportunity to opt-out of this when you provide your information to us.

If you want to stop receiving direct marketing from us, you can use the unsubscribe mechanism on any email you receive, tell us when we call you or alternatively you can contact the Data Protection Officer using the details available in the Privacy Summary.

Periodically we conduct data profiling on the information we collect to better understand our customers in order to provide targeted communications which suit your needs. If you wish to stop your information being used for data profiling, please contact the Data Protection Officer. Please note that a request to opt out of data profiling will automatically stop direct marketing from us and vice versa.

Back to top

5. How We Share Information With Third Parties

We will not sell or rent your information to third parties for their marketing purposes without your consent.

However, just like most service providers, ESco Business Services Ltd works with third parties who administer important functions for us that allow us to offer and enhance the services we provide. These providers are covered by an appropriate agreement and are located within the European Economic Area. Sometimes it will be necessary for us to disclose information required for the specific purpose to them so that the services can be performed and by requesting us to provide you with the services you consent to this disclosure.

We reserve the right to disclose to third parties your information to comply with applicable laws including but not limited to disclosure in accordance with the Act, the Regulation of Investigatory Powers Act 2000 and lawful authority requests, to safeguard the proper operation of our systems and to protect ourselves and the companies we work with.

Back to top

6. Information Security

ESco Business Services Ltd is committed to handling your information with high standards of information security. We collect, store and process your information on servers primarily located in the United Kingdom but also elsewhere in the European Economic Area. We use safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files and we authorise access to personal information only for those employees who require it to fulfil their job responsibilities. Our site uses industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of information during transmissions to our servers. These security measures mean that we may occasionally have to ask you for proof of identity before we are able to disclose personal information to you.

International Data Transfers

While we primarily store and process your information within the United Kingdom and the European Economic Area (EEA), the nature of modern digital services means we may occasionally work with third-party providers located outside these regions.

In such cases, we ensure your data receives a level of protection essentially equivalent to that guaranteed within the UK. We achieve this by ensuring at least one of the following safeguards is implemented:

  • Adequacy Decisions: We transfer data to countries that the UK Government has deemed to provide an adequate level of protection for personal data.
  • Standard Contractual Clauses (SCCs): We use specific contracts approved for use in the UK (such as the International Data Transfer Addendum) which give personal data the same protection it has in the UK.
  • UK Extension to the EU-US Data Privacy Framework: For transfers to the United States, we verify that the recipient is certified under the Data Privacy Framework to ensure secure data handling.

Back to top

7. Accessing, Deleting Or Updating Your Information

Under the UK GDPR, you have several rights regarding the processing of your information. To exercise any of the rights listed below, please submit a request to the Data Protection Officer using the details provided in the Privacy Summary. We will respond to all valid requests within one calendar month.

Accessing Your Information

You have the right to obtain confirmation that your data is being processed and to receive a copy of the personal information we hold about you (a “Subject Access Request”).

Updating and Rectifying Your Information

You can review the personal information you have provided and request that we correct any inaccuracies or complete any incomplete data at any time, either through your online account or by contacting us directly.

Deleting Your Information (The ‘Right to be Forgotten’)

You may request that we remove your personal information from our systems. Your information will be deleted unless we are legally required to retain it (for example, for tax compliance or to maintain a ‘suppression list’ to ensure we do not contact you again)

Restricting the Processing of Your Information

You have the right to request that we ‘block’ or suppress the processing of your personal data in certain circumstances—such as if you contest the accuracy of the data or object to our legitimate interests. While processing is restricted, we are permitted to store the data but not further use it.

Data Portability

You have the right to obtain and reuse your personal information for your own purposes across different services. We will provide your data in a structured, commonly used, and machine-readable format (such as a CSV or JSON file) so that you can easily transfer it to another IT environment.

Right to Object

You have the right to object to the processing of your information for direct marketing or where we are relying on legitimate interests as our lawful basis.

Back to top

8. Information Regarding Children

Children are not eligible to use any service we offer and we ask that minors (persons under the age of 18) do not submit any personal information to us.

Back to top

9. Accountability

We take your privacy seriously and aim to resolve any concerns directly and efficiently. If you have a query or wish to lodge a complaint regarding our data practices, please follow our internal resolution process:

  • Step 1: Internal Review. Please notify our Data Protection Officer (DPO) using the details available in the Privacy Summary. We will acknowledge your complaint within 30 days and provide a substantive response or an update on our investigation.
  • Step 2: Escalation. If you are unsatisfied with our initial response, you may request a senior management review of your case.
  • Step 3: Statutory Authority. If we are unable to resolve your complaint to your satisfaction, you have the right to report your concerns to the UK statutory authority, the Information Commissioner’s Office (ICO). You can contact them via their website at ico.org.uk or by calling their helpline.

We will process your personal data for the purposes set out in this policy and maintain a record of any complaints to ensure we are meeting our accountability obligations under the UK GDPR.

Back to top