Devilish Publishing

Data Protection

This document relates to information we retrive and/or store in order for us to do business with you.
Last Updated: 28/05/18

Collection of Data

In order to do business with our customers, we collect the minimum amount of information from them at point-of-sale. This will include full name, contact number, contact email and postal address. This information is entered by the customer as the normal process of a sale. We do not collect, store or ask for IP addresses.

Security of Data

Devilish Publishing runs its own server on-site, where it runs all of its web services (except DNS - the technology that matches a domain name to the actual server address). This means that when you visit our website or send us an email, it is being directed to our server at our administration office in York, United Kingdom. We run 128-bit encryption at and data entered at point-of-sale is then entered on our enterprise-class systems on our server, and is not stored on an office computer, external storage device or otherwise removed from the server unless for temporary backup only. Backups are always performed securely and are completely destroyed within 48hrs of them being made. The database of our main system (we use a full-blown ERP solution called Adempiere) cannot be accessed outside the local network. Access within the network is highly restricted, and part of the Devilish Publishing policy is that all internal authentication (particuarly passwords) is randomly generated; there is strictly no generic passwords, and each authentication is unique.

How we Use your Data

We use your data so we can provide our service to you. We currently do not maintain or operate a mailing list. Any future mailing lists will be an opt-in; you will never be emailed to ask if you want to be opted-in; the only way to opt-in is through an online form or clearly marked at point-of-sale. We never give out, sell or otherwise make known any of your personal details unless you give us permission to do so.


We don't use cookies. The minute we do, we will ask your permission to accept.

Right to be Forgotten

Under the new GDPR legislation, people have the 'right to be forgotten'. If requested, we will replace your database records with anonymised data. This means the records still exist, but your personal details are replaced with arbitrary data which cannot be linked or referenced to you. This allows us to comply with your request inline with GDPR, whilst keeping the integrity of our data intact.

How Long do we Safely Store Your Data?

Your data will be kept no longer than is necessary. We acknowledge we have many returning customers therefore it will be necessary keep customers data safe and secure so that future purchases do not create unnecessary duplicated data.

Contacting Us

If you wish to contact us for any reason regarding your data, please do so by emailing us at No correspondence shall be entered into in the public domain with regards to data enquiries with your own personal data.