Privacy Policy

This Privacy Policy explains how TMC Publishing Limited (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website, create an account, purchase a product, or contact us. We are the data controller under UK GDPR and the Data Protection Act 2018.

1. Contact & Controller

Controller: TMC Publishing Limited
Email: contact@harmoniabundle.com

2. Data We Collect

  • Account data: name, email, password (hashed), plan, and subscription status.
  • Billing & transactions: payment status, refunds/chargebacks. Card details are processed by Stripe; we do not store full card numbers.
  • Communications: emails and messages you send us (licensing, custom requests, claim removals).
  • Usage & device data: IP address, browser/OS, pages viewed, actions (e.g., downloads).
  • Cookies: essential cookies for login and security; non-essential analytics cookies if you consent.

3. How We Use Personal Data

  • Provide, operate, and secure accounts and purchases.
  • Process payments, prevent fraud, and manage entitlements.
  • Support enquiries and licensing confirmations.
  • Improve the site and catalogue (analytics and performance).
  • Send essential service messages (receipts, account notices). Marketing only with consent where required.

4. Legal Bases (UK GDPR)

  • Contract — to provide your account and licensed services.
  • Legitimate interests — site security, fraud prevention, service improvement.
  • Consent — non-essential cookies/analytics and optional communications.
  • Legal obligation — tax, accounting, and compliance requirements.

5. Sharing & Processors

We share personal data with trusted service providers strictly for the purposes above, including: payments (Stripe), hosting/infrastructure, analytics, and customer support. Providers are bound by contracts to protect data and act only on our instructions. We do not sell personal data.

6. International Transfers

Where data is transferred outside the UK/EEA, we use appropriate safeguards such as the UK Addendum to the EU Standard Contractual Clauses or adequacy decisions, as applicable.

7. Retention

  • Account data: kept for the life of the account and up to 24 months after closure.
  • Transaction records: kept for at least 6 years for tax/accounting.
  • Support emails: typically up to 36 months for reference and compliance.
  • Analytics data: kept in aggregate or anonymised form.

8. Your Rights

You have the right to access, rectification, erasure, restriction, objection, and data portability, and to withdraw consent where processing relies on consent. To exercise rights, email contact@harmoniabundle.com. You can also lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.

9. Cookies & Analytics

We use essential cookies for authentication, security, and core functionality. With your consent, we use analytics cookies to understand usage and improve performance. You can manage non-essential cookies via your browser settings; disabling essential cookies may affect site functionality.

10. Payments

Payments are processed by Stripe. Stripe handles card data in accordance with PCI-DSS. We receive transaction metadata (e.g., last 4 digits, card type, expiry, status) to manage your order.

11. Security

We implement technical and organisational measures appropriate to risk, including access controls, encryption in transit, and monitoring. No method is 100% secure; we continuously improve safeguards.

12. Children

Our services are not directed to children under 16. If you believe a child has provided personal data, contact us and we will delete it.

13. Changes

We may update this policy. The “Last updated” date reflects the current version. Material changes will be highlighted on the site or via email where appropriate.

14. Contact

Privacy enquiries and rights requests: contact@harmoniabundle.com

Last updated: May 2026

Preview
0:00 / 0:00