Privacy Policy.

Last update August 2024

Essence + Alchemy values its customers and respects their privacy. Any information we collect about you is held with the utmost care and security. Your visit to www.essenceandalchemy.co.uk and your use of any of the services or features we provide is subject to our Terms and Conditions of which this Privacy Policy forms part. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read this Privacy Policy carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.essenceandalchemy.co.uk or using any of the services or features offered on this website you are accepting and consenting to the practices described in this Privacy Policy

Essence + Alchemy | Contact

Device Information

1. When you visit www.essenceandalchemy.co.uk if your web browser is set up to accept cookies, we automatically collect certain information about your device, including information about your web browser, IP address, time zone. Additionally, as you browse our Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to our Site, and information about how you interact with our Site. We refer to this automatically-collected information as “Device Information.” We collect Device Information using Cookies.

2. Cookies are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies also provide us with information about how our website is used so we can keep it is as up to date, relevant and error-free as possible. If you are concerned about your data and for more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

3. The types of cookies in use on the Site are: Strictly necessary cookies - these are cookies that are essential to the operation of our website Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors to our website and how visitors interact with the Site.

Order Information

1. When you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We refer to this information as “Order Information.”

2. When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.

How do we use your personal information?

1. We use the Order Information that we collect to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to, communicate with you, screen our orders for potential risk or fraud.

2. When in line with the preferences you have shared with us, if you sign up to our newsletter we may use your email address to send you information about new products or news about Essence + Alchemy. You can opt out of these at any point and you can ask for personal data to stop being recorded at any time by emailing thelab@essenceandalchemy.co.uk with the subject unsubscribe, we will then remove you from our mailing list and delete your data.

3. We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).

Sharing your personal information

1. The Site is hosted on Squarespace. They provide us with the online e-commerce platform that allows us to sell our products and services to you. We share your Personal Information with Squarespace to help us use your Personal Information, as described above. They store your data on a secure server behind a firewall and adhere to GDPR legislation.

2. We do not sell, rent, trade, license or otherwise disclose your specific personal information or financial information to anyone other than to affiliates under Essence + Alchemy's control. For example, we use Squarespace to host our online store. We also partner with third parties such as Royal Mail, DPD to ship products, to ensure delivery, and so that we can obtain feedback, improve the quality of our service, and measure and improve the quality of the service of the third party. We provide the third party personally identifiable information such as your name, shipping address, email, and phone number.

3. We also use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

4. We use the Squarespace communications service who enables Essence + Alchemy to send newsletters to you. You can opt out of these at any time by emailing thelab@essenceandalchemy.co.uk.

5. We may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

Your Rights

1. If you are a UK resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below. If you do not agree with our Privacy Policy, please do not provide us with Personal Information. Additionally, if you are a UK resident we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above.

Data Retention

1. When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.

Minors

1. This Site is not intended for children under 13 years of age and Essence + Alchemy does not knowingly collect or use information from children under 13 without verifiable parental consent. If you believe that a child has provided personal information to us, please contact us promptly as described below, and we will endeavour to investigate and delete such information from our systems.

Changes

1. We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

Payments

1. Direct Payment - If you choose a direct payment gateway to complete your purchase, then Squarespace stores your credit card data. Direct Payments on our site are processed using Stripe a secure and trusted online payment gateway. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

2. PayPal Payment - PayPal transactions are subject to the PayPal Privacy Policy. Compliance with Data Protection Laws. With regard to any personal data processed by PayPal and the merchant in connection with this Agreement, PayPal and the merchant will respectively each be a controller in respect of such processing. PayPal and the merchant agree to comply with the requirements of the Data Protection Laws applicable to controllers in respect of the provision of their respective services and otherwise in connection with this Agreement. For the avoidance of doubt, PayPal and the merchant each have their own, independently determined privacy policies, notices and procedures for the personal data they hold and are each a data controller (and not joint data controllers). In complying with the Data Protection Laws, PayPal and the merchant shall, without limitation: Implement and maintain at all times all appropriate security measures in relation to the processing of personal data; Maintain a record of all processing activities carried out under this Agreement; and not knowingly do anything or permit anything to be done which might lead to a breach by the other party of the Data Protection Laws. For detailed up to date information on how Paypal handles your information and their privacy policy this please visit the Paypal website.

Security

1. To protect your personal information, we take precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

2. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

Links

1. When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

Changes

1. We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

Contact Us

1. For more information or questions about our privacy policy and GDPR (General Data Protection Regulation) or the data we hold please contact us.