Privacy Policy

Last updated: 24th June 2025

1. Introduction

This Privacy Policy explains how Two Spoon Press ("we," "us," "our") collects, uses, discloses, and manages your personal information when you:

• Visit our website www.twospoonpress.com

• Use our products or services

• Contact us or engage with our business

• Subscribe to our newsletters or marketing communications

We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. What Personal Information We Collect

2.1 Information You might Provide us Directly

• Identity Information: Full name, date of birth, gender, title

• Contact Information: Email address, phone numbers (mobile/landline), postal address

• Account Information: Username, password, security questions and answers

• Financial Information: Credit card details, bank account information, billing address, transaction history

• Demographic Information: Age, location, occupation, interests, preferences

• Communication Records: Correspondence via email, phone, chat, or social media

• Survey/Feedback Information: Responses to surveys, reviews, testimonials, competition entries

• Written Creative Work: Manuscripts, poems, short stories, essays, novels, screenplays, and other literary works submitted through third-party platforms such as Submittable

• Publishing Information: Manuscript submission history, publication credits, writing awards and recognition

• Creative Work Metadata: Genre classifications, word counts, submission guidelines compliance, formatting preferences

• Editorial Correspondence: Communication with editors, publishers, literary agents, and writing mentors

• Rights and Licensing: Copyright information, publication rights, subsidiary rights, territorial restrictions

• Professional Writing Details: Writing credentials, education background, workshop attendance, residency participation

• Support Information: Help desk inquiries, technical support requests, complaint details

• Video Learning Data: Course enrolment, viewing progress, completion rates, quiz scores, time spent per module Streaming Information: Video quality preferences, playback speed settings, device compatibility data Learning Analytics: Course engagement metrics, most-watched content, drop-off points, user learning patterns Technical Performance: Buffering issues, connection quality, video loading times, error reports

2.2 Information We Collect Automatically

• Technical Information:

  • IP address and location data

  • Device type, operating system, browser type and version

  • Screen resolution and device settings

  • Internet service provider

• Website Usage Data:

  • Pages visited, time spent on pages, click-through rates

  • Search terms used on our website

  • Referring and exit pages

  • Download and upload activity

  • Date and time stamps of visits

• Squarespace Site Analytics: Page performance, bounce rates, time on site, mobile vs desktop usage

• Content Management: Blog post drafts, published content, media uploads, site structure changes

• E-commerce Data: Book sales, merchandise transactions, digital download purchases

• Domain and Hosting: Custom domain usage, SSL certificate status, bandwidth consumption

• Template and Design: Theme selections, customization choices, mobile responsiveness settings

• Cookies and Tracking Data: (See Section 9 for detailed information)

• Video Streaming Data:

  - Video resolution and quality settings

  - Bandwidth usage and streaming performance

  - Device capabilities and compatibility

  - Viewing session duration and timestamps

  - Pause/resume patterns and engagement metrics

2.3 Information from Third Parties

• Social Media Information: Profile information from Facebook, LinkedIn, Twitter, Instagram when you connect these accounts

• Business Information: Company details from business directories or professional networks

• Verification Services: Identity verification from credit agencies or authentication services

• Marketing Partners: Information from joint marketing campaigns or referral partners

• Public Records: Publicly available information from government databases or professional registries

• Writing Community Platforms: Author profiles, publication records, and writing credentials from platforms such as:

  • Submittable submission tracking and response data

  • Literary magazine and journal submission systems

  • Publishing industry databases and rights management platforms

• Editorial and Publishing Networks: Information from:

  • Literary agents and agency databases

  • Publisher submission portals and tracking systems

  • Editorial feedback and correspondence platforms

  • Manuscript assessment and critique services

  • Writing workshop and residency applications

We may collect sensitive information only with your explicit consent or where permitted by law, including:

• Health information

• Financial hardship information

3. How We Collect Personal Information

3.1 Direct Collection Methods

• Website Forms: Registration, contact, subscription, checkout forms

• Email Communications: Direct correspondence, newsletter sign-ups

• In-Person or Zoom Interactions: Meetings, events, workshops

3.2 Automatic Collection Methods

• Cookies and Web Beacons: Session cookies, persistent cookies, analytics cookies

• Log Files: Server logs capturing user activity

• Analytics Tools: Google Analytics, Facebook Pixel, heat mapping tools

• Social Media Plugins: Like buttons, share buttons, embedded content

3.3 Third-Party Collection

• Service Providers: Payment processors, delivery companies, marketing platforms

• Business Partners: Joint venture partners, affiliate networks

• Data Brokers: Marketing list providers, demographic data suppliers

• Professional Networks: Industry associations, business directories

4. Purposes for Collection and Use

4.1 Primary Purposes

• Publishing Services:

  • Managing manuscript submissions and tracking

  • Coordinating with publishers, agents, and editors

  • Processing book sales and royalty payments

  • Maintaining author platforms and online presence

  • Managing literary event bookings and appearances

• Service Delivery:

  • Processing orders and transactions

  • Delivering products or services

  • Managing customer accounts

  • Providing customer support and technical assistance

  • Processing refunds and returns

• Business Operations:

  • Maintaining business records

  • Financial reporting and accounting

  • Risk management and fraud prevention

  • Quality assurance and service improvement

  • Staff training and development

• Online Learning Services:

  • Delivering on-demand video courses and workshops

  • Tracking learning progress and course completion

  • Providing personalized learning recommendations

  • Managing membership-based video access

  • Processing course purchases and enrolment

  • Generating certificates of completion

4.2 Secondary Purposes

• Marketing and Communications:

  • Sending promotional materials and newsletters

  • Conducting market research and surveys

  • Personalizing website content and advertising

  • Managing loyalty programs and rewards

  • Event invitations and updates

• Legal and Compliance:

  • Meeting legal and regulatory requirements

  • Responding to legal proceedings

  • Investigating complaints and disputes

  • Protecting intellectual property rights

  • Ensuring workplace health and safety

4.3 Analytics and Improvement

• Website Optimisation: Analyzing user behaviour to improve website performance

• Product Development: Understanding customer needs for new services

• Performance Metrics: Measuring marketing campaign effectiveness

• User Experience: Enhancing navigation and functionality

5. Disclosure of Personal Information

5.1 Service Providers and Contractors

We may share your information with:

• Technology Providers: Hosting services, cloud storage, software vendors

• Payment Processors: Banks, credit card companies, PayPal, Stripe

• Marketing Services: Email marketing platforms, advertising networks, social media platforms

• Logistics Partners: Shipping companies, courier services, warehouse providers

• Professional Services: Lawyers, accountants, consultants, auditors

• Literary Services: Editors, proofreaders, cover designers, formatters

• Publishing Platforms: Amazon KDP, IngramSpark, Draft2Digital, Smashwords

• Distribution Services: Book distributors, library suppliers, bookstore networks

• Rights Management: Literary agents, foreign rights representatives, film/TV scouts

• Author Services: Publicists, marketing consultants, website designers, social media managers

• Video Hosting Platforms: Vimeo, Wistia, JW Player, or similar streaming services

  Learning Management Systems: Course delivery platforms, progress tracking tools

  Content Delivery Networks: Video streaming optimisation, global content distribution

5.2 Business Transfers

In the event of:

• Merger, acquisition, or sale of assets

• Business restructuring or reorganisation

• Bankruptcy or insolvency proceedings Your personal information may be transferred to the new entity.

5.3 Legal Requirements

We may disclose your information when required by:

• Court orders or subpoenas

• Law enforcement agencies

• Regulatory authorities (ACCC, ASIC, ATO)

• Government departments

• Legal proceedings or investigations

5.4 Consent-Based Disclosure

With your explicit consent, we may share information with:

• Marketing partners for joint campaigns

• Third-party service providers you've requested

• Social media platforms for targeted advertising

• Business partners for collaborative services

5.5 International Disclosure

We may transfer your personal information to recipients located overseas, including:

• United States: Cloud storage providers (AWS, Microsoft Azure), Amazon (KDP), Goodreads, SquareSpace, major publishing houses

• European Union: Marketing platforms, analytics services

• United Kingdom: Publisher submission systems, UK literary agencies

• Canada: Canadian publishing platforms and distribution networks

• Global: International literary magazines, translation rights, foreign publishers

When transferring information overseas, we ensure adequate protection through:

• Adequacy decisions under Australian law

• Binding corporate rules

• Standard contractual clauses

• Your explicit consent

6. Data Security and Protection

6.1 Technical Safeguards

• Encryption: SSL/TLS encryption for data transmission, AES encryption for stored data

• Access Controls: Multi-factor authentication, role-based access, regular access reviews

• Network Security: Firewalls, intrusion detection systems, secure networks

• System Monitoring: 24/7 monitoring, automated threat detection, regular security scans

6.2 Physical Safeguards

• Secure Facilities: Locked offices, restricted access areas, security cameras

• Device Security: Encrypted laptops, secure mobile devices, remote wipe capabilities

• Document Management: Secure filing systems, controlled document destruction

6.3 Administrative Safeguards

• Staff Training: Regular privacy and security training for all employees

• Policies and Procedures: Comprehensive data protection policies, incident response procedures

• Background Checks: Security clearances for staff handling sensitive information

• Regular Audits: Internal and external security assessments

6.4 Data Breach Response

In the event of a data breach, we will:

• Contain and assess the breach within 24 hours

• Notify affected individuals if there's a risk of serious harm

• Report to the Office of the Australian Information Commissioner (OAIC) within 72 hours if required

• Implement remediation measures and provide support to affected individuals

• Conduct a post-incident review to prevent future breaches

7. Data Retention and Disposal

7.1 Retention Periods

We retain personal information for different periods depending on the type of information and purpose:

• Customer Records: 7 years after last transaction (for accounting purposes)

• Marketing Data: Until you unsubscribe or withdraw consent

• Website Analytics: 26 months (Google Analytics default)

• Employee Records: 7 years after employment ends

• Financial Records: 5 years (or as required by law)

• Complaint Records: 2 years after resolution

• CCTV Footage: 30 days (unless required for investigation)

• Manuscript Submissions: 2 years after final response or publication

• Published Work Records: Indefinitely (for copyright and rights management)

• Editorial Correspondence: 5 years after publication or final rejection

• Royalty and Sales Data: 7 years (for tax and accounting purposes)

• Contest/Award Submissions: 3 years after competition completion

• Workshop/Residency Applications: 2 years after program completion

• Course Access Records: Duration of membership plus 2 years

  Video Viewing Analytics: 2 years after course completion or membership termination

  Learning Progress Data: 5 years (for certification and continuing education records)

7.2 Secure Disposal

When personal information is no longer needed, we:

• Permanently delete electronic records using secure deletion methods

• Physically destroy paper documents using cross-cut shredding

• Degauss or physically destroy storage devices

• Obtain certificates of destruction from disposal service providers

• Maintain records of disposal activities for audit purposes

8. Your Privacy Rights

8.1 Access Rights (APP 12)

You have the right to:

• Request access to your personal information we hold

• Receive a copy of your information in a commonly used format

• Understand how your information is being used

• Know who we've shared your information with

How to Request: Submit a written request via email. We may require identity verification and will respond within 30 days.

8.2 Correction Rights (APP 13)

You can request correction of your personal information if it is:

• Inaccurate, out of date, incomplete, irrelevant, or misleading

• We will investigate and make corrections within 30 days

• If we refuse a correction request, we'll provide written reasons

• You can request we attach a statement of correction to your record

8.3 Deletion Rights

You have the right to request deletion of your personal information when:

• It's no longer necessary for our stated purposes

• You withdraw consent and no other legal basis applies

• The information was unlawfully collected

• Deletion is required by law

• You object to processing and no overriding legitimate interests exist

We will respond to deletion requests within 30 days and will delete information unless:

• Required by law to retain

• Necessary for legal claims or compliance

• Part of published works where removal isn't technically feasible

8.4 Consent Withdrawal

You can withdraw consent at any time for:

• Marketing Communications: Unsubscribe links in emails, account preferences, or contact us directly

• Data Processing: Where consent was the basis for collection (note: this may affect service delivery)

• Third-Party Sharing: Opt-out of information sharing for marketing purposes

8.5 Data Portability

Upon request, we can provide your personal information in a structured, commonly used format to facilitate transfer to another service provider.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Video Platform Cookies (Can be Disabled)

• Vimeo Player: Video playback functionality, viewing preferences, and performance optimization

• Video Analytics: Course progress tracking, engagement measurement, and learning analytics

• Streaming Optimization: Bandwidth detection, quality adjustment, and buffering prevention

Essential Cookies (Always Active)

• Squarespace Platform Cookies: Session management, site functionality, and content delivery

• Authentication Cookies: Login sessions, user account management, and security verification

• Shopping Cart Cookies: E-commerce functionality, cart persistence, and checkout process

• Security Cookies: CSRF protection, fraud prevention, and secure data transmission

• Performance Cookies: Load balancing, CDN optimization, and site speed enhancement

Analytics Cookies (Can be Disabled)

• Squarespace Analytics: Built-in website traffic analysis, page views, and visitor behavior tracking

• Google Analytics: Enhanced website usage statistics, user demographics, and conversion tracking

• Google Search Console: Search performance data and website indexing information

Marketing Cookies (Can be Disabled)

• Google Ads/AdWords: Conversion tracking, remarketing campaigns, and advertising optimization

• Facebook Pixel: Social media retargeting, custom audience creation, and conversion measurement

• Google Tag Manager: Marketing tag management and campaign tracking coordination

• Squarespace Email Campaigns: Newsletter performance tracking and email marketing analytics

Preference Cookies (Can be Disabled)

• Site Customization: Theme preferences, language settings, and display options

• User Experience: Personalized content delivery, recently viewed items, and saved preferences

• Regional Settings: Location-based content, currency preferences, and timezone adjustments

Third-Party Integration Cookies

• Social Media Widgets: Facebook, Instagram, Twitter, LinkedIn embedded content and sharing buttons

• Video Content: YouTube, Vimeo embedded players and interaction tracking

• Payment Processing: Stripe, PayPal, Square checkout functionality and transaction security

• Live Chat/Support: Customer service widget functionality and conversation management

• Font Loading: Google Fonts, Adobe Fonts delivery and display optimisation

9.2 Cookie Management

Browser Settings: You can control cookies through your browser settings:

• Chrome: Settings > Privacy and Security > Cookies

• Firefox: Options > Privacy & Security > Cookies

• Safari: Preferences > Privacy > Cookies

• Edge: Settings > Cookies and Site Permissions

Third-Party Opt-Outs:

• Google Analytics: Use Google Analytics Opt-out Browser Add-on

• Facebook: Visit Facebook Ad Settings

• Industry Opt-Out: Use Network Advertising Initiative opt-out tool

9.3 Do Not Track

Our website responds to Do Not Track signals. When enabled, we will:

• Disable non-essential tracking

• Limit data collection to essential functions only

• Respect your privacy preferences

10. Third-Party Services and Links

10.1 Third-Party Websites

Our website may contain links to third-party websites including:

• Submission Platforms: Submittable, Duotrope's Digest, The Submission Grinder

• Publishing Services: Amazon Author Central, Goodreads Author Program

• Writing Communities: Absolute Write, NaNoWriMo, Scribophile, Critique Circle

• Literary Databases: Poets & Writers, AWP (Association of Writers & Writing Programs)

• Rights Management: Copyright.gov, Creative Commons licensing platforms

• Social media platforms (Facebook, LinkedIn, Twitter)

• Payment processors (PayPal, Stripe)

• Online meeting systems such as Zoom

• Business partners and affiliates

• News and information sites

Important: These websites have their own privacy policies. We are not responsible for their privacy practices or content.

10.2 Social Media Integration

We may use social media plugins and integrations:

• Facebook Like/Share Buttons: May collect your IP address and browsing data

• LinkedIn Share Function: Professional network sharing capabilities

• Twitter Embedded Tweets: Display of Twitter content on our site

• Instagram Feed: Display of our Instagram posts

Your Control: You can disable social media cookies or log out of social platforms before visiting our site.

10.3 Embedded Content

Third-party content embedded on our site may collect data:

• YouTube videos

• Google Maps

• Live chat widgets

• Customer review platforms

11. Children's Privacy

11.1 Age Restrictions

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

11.2 Parental Consent

For children aged 13-18, we may require parental consent for:

• Account creation

• Collection of personal information

• Marketing communications

• Participation in competitions or surveys

11.3 If We Discover Child Information

If we become aware that we have collected personal information from a child under 13 without parental consent, we will:

• Delete the information immediately

• Cease any further collection

• Notify parents if possible

• Review our collection practices

12. Marketing and Communications

12.1 Types of Marketing

We may send you:

• Author Platform Communications: Book launch announcements, reading events, literary award nominations

• Publishing Industry Updates: Submission opportunities, contest deadlines, workshop announcements

• Professional Development: Writing craft articles, industry news, career guidance

• Community Engagement: Writing prompts, author interviews, literary discussion groups

• Email Newsletters: Product updates, company news, industry insights

• Promotional Emails: Special offers, discounts, new product launches

• SMS Marketing: Time-sensitive offers, appointment reminders (with consent)

• Direct Mail: Catalogues, brochures, promotional materials

• Targeted Advertising: Online ads based on your interests and behaviour

12.2 Consent and Opt-In

We primarily rely on explicit consent for marketing. Implied consent is used only where clearly permitted by law and will be phased out in favor of explicit consent mechanisms.

Express Consent Required For:

• Commercial electronic messages (emails/SMS)

• Third-party marketing partnerships

• International marketing communications

Implied Consent Applies When:

• You're an existing customer and communications relate to your purchases

• You've provided your details in the context of a business relationship

• Information is publicly available and relates to your business role

12.3 Unsubscribe Options

Easy Unsubscribe: Every marketing email includes an unsubscribe link Preference Center: Manage your communication preferences online Contact Us: Email or call to update your preferences Automatic Processing: Unsubscribe requests processed within 5 business days

12.4 Suppression Lists

If you opt out, we maintain suppression lists to ensure:

• You don't receive unwanted communications

• Your preferences are respected across all our systems

• Compliance with anti-spam laws

13. Changes to This Privacy Policy

13.1 Policy Updates

We may update this Privacy Policy to reflect:

• Changes in Australian privacy laws

• New business practices or services

• Feedback from privacy authorities

• Industry best practices

13.2 Notification of Changes

Significant Changes: We will notify you by:

• Email notification to registered users

• Prominent notice on our website

• Direct mail for major policy changes

Minor Changes: We will:

• Update the "Last Modified" date

• Post the updated policy on our website

• Maintain previous versions for reference

13.3 Your Options

If you don't agree with policy changes:

• You may close your account

• Stop using our services

• Contact us to discuss concerns

• Lodge a complaint with privacy authorities

14. Automated Decision Making and Profiling

We may use automated systems to:

• Recommend courses based on your interests and viewing history

• Personalise content delivery and learning paths

• Detect fraudulent activity or account security issues

You have the right to:

• Know when automated decision making affects you

• Request human review of automated decisions

• Object to automated processing in certain circumstances

15. Complaints and Dispute Resolution

15.1 Internal Complaint Process

If you believe we have breached your privacy:

Step 1: Lodge a Complaint

• Submit a written complaint to our Privacy Officer

• Include details of the alleged breach

• Provide any supporting documentation

• Specify the remedy you're seeking

Step 2: Investigation

• We will acknowledge your complaint within 5 business days

• Investigate thoroughly and impartially

• May request additional information

• Keep you informed of progress

Step 3: Resolution

• Provide a written response within 30 days

• Explain our findings and any actions taken

• Offer appropriate remedies if breach is confirmed

• Advise of external complaint options

15.2 External Complaints

If unsatisfied with our response, you can contact:

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Post: GPO Box 5218, Sydney NSW 2001

Other Relevant Authorities:

• Australian Communications and Media Authority (ACMA) - for spam complaints

• Australian Competition and Consumer Commission (ACCC) - for consumer protection issues

• Industry ombudsman schemes (if applicable)

15.3 Legal Action

You may also have the right to seek legal remedies through:

• Federal Court of Australia

• Federal Circuit Court

• State and territory courts (for certain matters)

16. Definitions

Australian Privacy Principles (APPs): 13 principles under the Privacy Act 1988 that regulate the collection, use, disclosure, and management of personal information.

Consent: Voluntary agreement by an individual to the collection, use, or disclosure of their personal information.

De-identification: The process of removing or altering information that identifies an individual.

Disclosure: Releasing or providing access to personal information to external parties.

First Publication Rights: Exclusive right to publish a work for the first time.

Literary Agent: Professional representative who markets authors' work to publishers.

Manuscript: Any written creative work submitted for publication consideration.

Personal Information: Information about an identified individual or an individual who can be reasonably identified.

Privacy Impact Assessment (PIA): A systematic assessment of a project's implications for privacy.

Publishing Rights: Legal permissions for reproducing, distributing, and selling written works.

Sensitive Information: Includes health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal records, biometric information.

Simultaneous Submissions: Submitting the same work to multiple publications concurrently.

Subsidiary Rights: Additional rights including translation, film, audio, and digital formats.

Use: The handling, management, or application of personal information within an organization.