Everleaf Herbal - Privacy Policy
The purpose of this notice is to explain your privacy rights and to inform you how and why we collect and look after your personal data when you visit our website and online store (regardless of where you visit it from).
Please read this notice together with any other privacy or fair-processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements those notices and is not intended to override them.
1. Important information and who we are
Controller
Everleaf Herbal Ltd is the controller responsible for your personal data (referred to as “Everleaf Herbal”, “Everleaf”, “we”, “us” or “our” in this privacy notice). We are licensed by the Information Commissioner’s Office (ICO) under the Data Protection Act (as amended), registration number ZB598889.
If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our data privacy manager using the details below.
Contact details
Name: Andrew Moorcroft
Postal address: 38 High Street, Cheshunt, Hertfordshire, EN8 0AQ
Telephone number: 01992 631 414
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection and UK GDPR compliance (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please
2. The data we collect about you
Personal data means any information about an individual from which that person can be identified.
- We may collect, use, store and transfer different kinds of personal data:
Identity Data (name, title, date of birth, gender, etc.)
Contact Data (billing address, delivery address, email, phone number)
Financial Data (payment card, bank details)
Transaction Data (payments, orders, purchase history)
Technical Data (IP address, browser type, login data, time zone, cookies, device info)
Profile Data (username/password, preferences, survey responses).
Usage Data (how you use the website, products, services)
Marketing & Communications Data (marketing preferences)
We also use Aggregated Data for reporting and analytics (this is not personal unless it can identify you).
We may also collect Special Category Data (e.g., health information) only when necessary and lawful.
3. How your personal data is collected
We collect data in the following ways:
Direct interactions
When you:
purchase a product
create an account
contact us via email, phone, post or online form
subscribe to updates
enter a competition or survey
provide feedback
automated technologies
We collect Technical Data using:
cookies
server logs
See our Cookie Policy for details.
Third-party sources
We may receive data from:
analytics providers
advertising networks
payment providers
delivery partners
public sources
4. How we use your personal data
We will only use your personal data when the law allows us to.
Most commonly we use it:
to perform a contract (e.g., fulfil an order)
where it is necessary for our legitimate interests
to comply with a legal obligation
where you have given consent
Examples of how your data is used:
registering you as a customer
processing orders, payments, refunds
sending service updates
asking for reviews
providing customer support
running promotions and competitions
improving our website
recommending products
marketing communications (only when you opt-in)
Marketing
You can opt out at any time.
Cookies
You can disable cookies in your browser, but some functionality may stop working.
Change of purpose
We will only use your data for the purposes for which it was collected unless we reasonably consider another use compatible.
5. Disclosures of your personal data
We may share your personal data with:
trusted third-party service providers
payment processors
professional advisors (lawyers, accountants)
regulators (e.g., HMRC)
referral partners where appropriate
organisations involved in a merger, sale or restructuring
All third parties are required to respect your data and process it only according to our instructions.
6. International transfers
Some providers may operate outside the UK/EEA.
Where this occurs, we ensure adequate protection under:
Adequacy decisions
Standard Contractual Clauses
Binding Corporate Rules
Other lawful safeguards
7. Data security
We have implemented appropriate security measures to prevent your data from being:
lost
used improperly
accessed without authorisation
altered
disclosed
We limit access to your data to those who need it and require confidentiality from all third parties.
We have procedures to respond to any suspected data breach and will notify you and the ICO if legally required.This is a Paragraph Font
8. Data retention
We will only retain your personal data for as long as necessary, including:
7 years for tax and accounting records
indefinitely for anonymised statistical data
You may request deletion in certain circumstances (see Section 9).
9. Your legal rights
You have rights under data protection law, including the right to:
access your data
correct your data
erase your data
object to processing
restrict processing
transfer your data
withdraw consent
We may need to verify your identity when you exercise these rights.
We aim to respond within one month, but complex requests may take longer.
10. Glossary
Legitimate Interest
Our interest in operating our business effectively and providing the best service, balanced against your rights.
Performance of Contract
Processing necessary to deliver products/services to you.
Legal Obligation
Processing required by UK law.
Third Parties include:
IT service providers
payment processors (e.g., PayPal)
professional advisers
regulators (e.g., HMRC)
cloud computing providers
CUSTOMER CARE
NEWS
LEGAL
© 2026 Everleaf Herbal Ltd. All rights reserved.
Website and CRM by
MyDigiVA from RAW Corporation Limited