Privacy Policy

Cultivated Calm
Last updated: 12 February 2025

1. Who We Are

This Privacy Policy explains how Cultivated Calm, trading as Cultivated Calm (“we”, “us”, “our”), collects, uses and protects your personal data when you:

  • Visit our website: www.cultivatedcalm.co.uk

  • Purchase our products

  • Contact us: hello@cultivatedcalm.co.uk

  • Subscribe to our emails

  • Interact with us in any other way

We are a sole trader business based in the United Kingdom.

Data Controller:
Cultivated Calm trading as Cultivated Calm
Email: hello@cultivatedcalm.co.uk

For the purposes of UK data protection law, we are the data controller of your personal data.

2. The Personal Data We Collect

Personal data means any information that identifies or could identify you.

A. Information You Provide Directly

When you place an order or contact us, we may collect:

  • Full name

  • Billing address

  • Delivery address

  • Email address

  • Telephone number

  • Order details

  • Payment confirmation details

  • Account login details (if applicable)

  • Messages sent via contact forms or email

We do not store full credit or debit card details.

B. Information Collected Automatically

When you use our website, we may collect:

  • IP address

  • Device type

  • Browser type

  • Pages visited

  • Time spent on pages

  • Referral source

  • Cookies and tracking data

This is collected using cookies and similar technologies.

C. Information from Third Parties

We may receive personal data from:

  • Shopify (our e-commerce platform provider)

  • Payment processors

  • Delivery and courier services

  • Email marketing providers

  • Analytics providers (e.g. Google Analytics)

These providers process data on our behalf under data protection agreements.

3. How We Use Your Personal Data

Under UK GDPR, we must have a lawful basis to process your data.

We use your data for the following purposes:

A. To Fulfil Orders (Contractual Obligation)

  • Process payments

  • Dispatch orders

  • Arrange delivery

  • Provide order confirmations

  • Handle returns and refunds

Legal basis: Performance of a contract

B. Customer Support (Legitimate Interest)

  • Respond to enquiries

  • Manage complaints

  • Improve customer experience

Legal basis: Legitimate interests

C. Marketing (Consent or Legitimate Interest)

We may send you marketing emails about new products or offers if:

  • You have opted in, or

  • You have previously purchased from us and have not opted out

You can unsubscribe at any time by clicking the link in our emails.

Legal basis: Consent or Legitimate interests (soft opt-in under PECR)

D. Website Analytics (Consent)

We use cookies and analytics tools to:

  • Understand how visitors use our website

  • Improve website performance

  • Enhance user experience

Legal basis: Consent (via cookie banner)

E. Legal Obligations

We may process your personal data to:

  • Comply with tax laws

  • Prevent fraud

  • Meet legal or regulatory requirements

Legal basis: Legal obligation

4. Cookies

Our website uses cookies to improve functionality and analyse performance.

Cookies may include:

  • Essential cookies (necessary for website operation)

  • Analytics cookies

  • Marketing cookies

You can manage or withdraw your cookie consent at any time via our cookie banner or browser settings.

For more information, please see our Cookie Policy: [Insert Link if separate]

5. How We Share Your Personal Data

We only share personal data where necessary.

We may share your information with:

  • Shopify (website platform)

  • Payment processors

  • Courier and delivery providers

  • IT and website support providers

  • Email marketing platforms

  • Accountants or professional advisers

  • HMRC or legal authorities (where required by law)

We do not sell your personal data.

All third parties are required to respect the security of your data and process it lawfully.

6. International Transfers

Some of our service providers (e.g. Shopify or email providers) may process data outside the UK.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • UK-approved Standard Contractual Clauses

  • Transfers to countries with UK adequacy decisions

7. Data Retention

We retain personal data only as long as necessary.

Typical retention periods:

  • Order information: 6 years (for tax and accounting purposes)

  • Marketing data: Until you unsubscribe

  • Customer service communications: Up to 3 years

We securely delete or anonymise data when no longer required.

8. Your Rights Under UK GDPR

You have the following rights:

• Right of Access

Request a copy of the personal data we hold about you.

• Right to Rectification

Request correction of inaccurate or incomplete data.

• Right to Erasure

Request deletion of your personal data (where legally permitted).

• Right to Restrict Processing

Request limitation of how we use your data.

• Right to Data Portability

Request transfer of your data to another provider.

• Right to Object

Object to processing based on legitimate interests or direct marketing.

• Right to Withdraw Consent

Withdraw consent at any time (where processing is based on consent).

To exercise any of these rights, contact:
📧 hello@cultivatedcalm.co.uk

We may need to verify your identity before responding.

We will respond within one month, as required by UK GDPR.

9. Complaints

If you are unhappy with how we handle your data, please contact us first.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: https://www.ico.org.uk
Helpline: 0303 123 1113

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data.

However, no system is completely secure. We encourage you to:

  • Use strong passwords

  • Keep login details confidential

  • Avoid sending sensitive information via unsecured channels

11. Children’s Data

Our website and products are not directed at children under 16.

We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will delete it.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their policies before submitting personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

The latest version will always be available on our website with the updated revision date.