Privacy Policy

Last updated: [22/09/2025]

1. Introduction

Burnt Orchid Organics] ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [www.burntorchidorganics.com] and make purchases from us.

Contact Information:

  • Company: [Burnt Orchid Organics]
  • Address: [11 Silveston Way, Malmesbury, Wiltshire SN16 0QS]
  • Email: [info@burntorchidorganics.com]
  • Phone: [07568481943]

2. Information We Collect

Personal Information You Provide

When you use our website, we may collect:

  • Account Information: Name, email address, password
  • Purchase Information: Billing and shipping addresses, phone number
  • Payment Information: Payment details are processed securely through PayPal
  • Communication Data: Information you provide when contacting us
  • Marketing Preferences: Email subscription choices and preferences

Information Collected Automatically

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, time spent on site, click patterns, referral sources
  • Cookies and Tracking: See our Cookie Policy section below

3. How We Use Your Information

We use your information for the following purposes:

Essential Business Operations

  • Processing and fulfilling your orders
  • Managing your account and providing customer service
  • Processing payments and preventing fraud
  • Communicating about your orders and account

Marketing and Improvements

  • Sending marketing emails (with your consent)
  • Analysing website usage to improve our services
  • Personalizing your shopping experience
  • Conducting market research and analytics

Legal Compliance

  • Complying with legal obligations
  • Protecting our rights and preventing misuse
  • Resolving disputes and enforcing our terms

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: To fulfil orders and provide services
  • Legitimate Interests: For marketing, analytics, and business improvements
  • Consent: For email marketing and non-essential cookies
  • Legal Obligation: For tax records and regulatory compliance

5. Third-Party Services

PayPal

Payment processing is handled by PayPal. When you make a purchase, PayPal collects and processes your payment information according to their privacy policy. We do not store your full payment card details.

Email Marketing Tools

We use email marketing services to send promotional emails to subscribers. These services may track email opens, clicks, and other engagement metrics. You can unsubscribe at any time.

Google Analytics

We use Google Analytics to understand how visitors use our website. Google Analytics collects information such as:

  • Pages visited and time spent on each page
  • Traffic sources and user demographics
  • Device and browser information

Google Analytics uses cookies and may combine this information with other Google services. You can opt-out using Google's opt-out tools.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies:

Essential Cookies

  • Shopping cart functionality
  • User authentication
  • Security features

Analytics Cookies

  • Google Analytics tracking
  • Website performance monitoring

Marketing Cookies

  • Email marketing tracking
  • Social media integration

You can manage cookie preferences through your browser settings or our cookie consent tool.

7. Data Sharing and Disclosure

We may share your information with:

Service Providers

  • Payment processors (PayPal)
  • Shipping and logistics companies
  • Email marketing platforms
  • Web hosting and analytics services
  • Customer service tools

Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes
  • Protect our rights and property
  • Prevent fraud or illegal activities
  • Protect user safety

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

8. Data Security

We implement appropriate security measures to protect your personal information:

  • SSL encryption for data transmission
  • Secure servers and databases
  • Regular security assessments
  • Limited access to personal data
  • Staff training on data protection

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Data Retention

We retain your personal information for as long as necessary to:

  • Fulfil the purposes outlined in this policy
  • Comply with legal obligations (typically 6-7 years for financial records)
  • Resolve disputes and enforce agreements

Account information is retained until you request deletion, subject to legal retention requirements.

10. Your Rights (UK GDPR)

Under UK data protection law, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal requirements)
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us using the details provided above. We will respond within one month.

11. Marketing Communications

Email Marketing

  • We send promotional emails only to subscribers who have consented
  • Every email includes an unsubscribe link
  • You can update preferences or unsubscribe at any time
  • We do not sell or rent email lists to third parties

Opting Out

You can opt out of marketing communications by:

  • Clicking unsubscribe links in emails
  • Contacting us directly
  • Updating your account preferences

12. International Transfers

We are based in the UK. If we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions
  • Standard contractual clauses
  • Other approved transfer mechanisms

13. Children's Privacy

Our website is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Modified" date. For significant changes, we may provide additional notice through email or website notifications.

15. Complaints

If you have concerns about how we handle your personal data, you can:

  1. Contact us using the details above
  2. File a complaint with the Information Commissioner's Office (ICO):
    • Website: ico.org.uk
    • Phone: 0303 123 1113

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

[Burnt Orchid Organics]

  • Email: [info@burntorchidorganics.com]
  • Address: [11 Silveston Way, Malmesbury, Wiltshire SN16 0QS]
  • Phone: [07568481943]

This privacy policy is effective as of [22/09/2025] and was last updated on [22/09/2025].