Privacy and Security at Oshadhi

We have the utmost respect for your privacy. This policy explains what data we collect from you, why we collect it and what we do with it. This policy also lets you know how you can exercise your rights and ask us questions .

Who we are

We are Oshadhi Ltd, a limited company registered in England and Wales under the company number 4962926, based at:

Unit 6, Sycamore Close
Cambridge
CB1 8PG
United Kingdom

Our registered office is at 55 Loudoun Road, London, NW8 0DL. For details of how to contact us please visit our contact us page.

We are a data controller for customer, employee, or contractor data collected from you when you visit our website, call us on the telephone, contact us by email or visit our office.

How we collect your personal information

Most of the information we collect is provided to us directly by you, for example if you:

  • set up an account using the form on our website;
  • start or complete an order on our website;
  • contact us by using the contact form on our website or offline (for example by telephone, email or post) to request product samples or information, or to register for a practitioner account;
  • ask that we send you our newsletter or request information on essential oils from us;
  • place an order with us by telephone, by email, or in person.

The types of information that we collect

We may collect some or all of the following information, for example your:

  • name;
  • postal and billing addresses;
  • telephone number;
  • email address;
  • company name;
  • payment information;
  • and any other information you provide to us.

We don’t store your payment information as we use a third party to process this data.

We also receive personal information indirectly, for example if you visit or browse our website we will use cookies or similar technologies to collect information about your website visit (see the Cookies section below for what information we collect your personal information indirectly, and how we use it).

How we use your personal information

We will use your information to:

  • set up your web account;
  • process and fulfil your order;
  • contact you about your order, for example if there is a delay or a product is out of stock;
  • determine your geographic location to provide you with relevant information.

The use of your personal information in these ways is necessary for us to fulfil our contract with you.

If you have contacted us via our contact form or offline (e.g. by telephone, letter, or in person) we will use your personal information to

  • answer your query or send any information or samples that you have asked for;
  • contact you by email with information and updates via a third-party mailing system (currently MailChimp, Sendgrid or Zapier).

You can choose to stop receiving emails from us at any time by clicking the unsubscribe link which is clearly marked on the bottom of every non-transactional email. We will never pass your personal information to other organisations for their marketing purposes. The use of your data in this way is necessary for both parties’ legitimate interests. We will never pass your personal information to other organisations for their marketing purposes.

We use personal information collected indirectly from you (via cookies) to:

  • show you personalised and non-personalised ads.

The use of your personal information in this way is with your consent (see the Cookies section below for more information).

How we store your personal information

We are committed to keeping your details secure by taking appropriate technical and training measures to ensure that your data is processed lawfully and protected against accidental loss.

How long we keep your data for

We keep your personal information as long as you remain a customer with us and for at least seven years after that, in order to comply with our legal obligations.

If you have asked us not to use your data in a particular way (such as unsubscribing from our mailing list) we will keep a record of your request to ensure that we fully comply with it.

Health information

It is our policy never to offer any medical advice, however from time to time people contact us with details of their health or the health of a family member or friend to ask for our advice. In order to protect ourselves from any charge of having erroneously offered medical advice we do not delete this information from our records.

Payment security

When you make a payment on our website you can do this in two ways (credit card and Paypal). All data is protected using the most advanced methods available.

We do not store your payment information on this website. When you order from us online we do not have access to, and therefore do not store, your card details. However, our payment provider Opayo does allow us to take repeat payments (we may use this feature, for example, if you want to add something to your order). We will always check with you before using this feature.

Enhancing our data

We may analyse customer data. Where we can we anonymise the data to carry out the analysis or research. Sometimes we combine this data with data from third party companies. This is a necessary legitimate business interest used to:

  • learn more about our customer preferences;
  • identify patterns and trends;
  • provide information and content tailored to our customers’ needs;
  • send you personalised marketing messages;
  • enhance your experience on our websites;
  • display online ads to you.

Cookies

When you visit or browse our website we collect information using cookies.

Essential information we collect (first-party cookies)

In operating our store, it is essential for us to capture some information about your device, such as your IP address and information related to your visit when you browse our store. For example, this might include a time-stamp, the last page or product you visited, the indication that you logged in. We do that in order to:

  • remember who you are after you log in so that you do not need to authenticate at each click;
  • monitor if our website is running with the high performance we are dedicated to providing;
  • let you browse between products without having to start back from the home page at each click;
  • remember if you put something in your shopping cart before you decide to checkout; and
  • control that your data is processed securely.

We call the information mentioned above “essential information” and we collect it through the use of cookies. Cookies are small text files that most websites uses. A website places cookies in the web browser and then reads the information collected through the cookies every time the user performs an action. We use cookies. Without enabling this mechanism and this kind of cookies (first-party cookies), we could not provide you with the smooth experience that you expect while you are using our website.

Analytics & advertising (third-party cookies)

Our site uses Google Analytics to recognise and count the number of visitors to our site and to see how they are using it. This helps us to improve our website.

Our site uses the Google Ads “Adwords” advertising service and remarketing services to advertise on third party websites (including Google) to previous visitors to our site. It could mean that we advertise to previous visitors who haven’t completed a task on our site, for example using the contact form to make an enquiry. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to the Oshadhi website. Any data collected will be used in accordance with our own privacy policy and Google’s privacy policy.

You can set preferences for how Google advertises to you using Google’s Ads Personalisation page.

Our website uses the Facebook pixel. Facebook may use the Facebook pixel to collect or receive information from our website and use that information to provide measurement services, targeted ads, and as described in the Facebook Data Policy.

If you have a Facebook account you can control your preferences by visiting:
https://www.facebook.com/ads/preferences/edit/

If you do not have a Facebook account you can opt out of seeing online interest-based ads using the Your Online Choices website:
https://www.youronlinechoices.com/uk/your-ad-choices

How to disable cookies

Most web browsers allow some control to restrict or block cookies, however if you disable cookies you may find this affects your ability to use certain parts of our website. For more information about cookies and instructions on how to adjust your browser settings, see the ICO website.

Other choices

You can control your online behavioural advertising preferences using the Your Online Choices website:
https://www.youronlinechoices.com/uk/your-ad-choices

Sharing your personal information

We may need to share or transmit your personal information with third party organisations that supply services to us for purposes that are described in this Privacy Policy or notified to you when we collect your personal information, such as:

  • web service providers: WordPress, WooCommerce, Siteground;
  • telephone and mobile service providers: BT Business, Giffgaff;
  • payment providers: Opayo and Paypal;
  • shipping providers: Royal Mail, InXpress;
  • analytics providers: Google Ads, Google Analytics, Facebook;
  • email providers: MailChimp, Sendgrid, Zapier;
  • to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights or apply our terms and conditions, or (iii) to protect your vital interests or those of any other person;
  • to any other person with your consent.

When we share your personal information with third party service providers we ensure there is a contract in place that ensures your personal information is safe and your privacy protected. The contract is a legally binding document that ensures:

  • we provide only the information they need to perform their specific services;
  • they may only use your data for the purposes they specify in our contract with them;
  • we work with them to ensure that your privacy is respected and protected at all times;
  • if we stop using their services, any of your personal information held by them should either be deleted or rendered anonymous (subject to applicable law).

If you have any questions about the third parties, we share your personal information with, please contact us using the contact details provided below.

We do not pass your personal information to other organisations for their marketing purposes.

The lawful basis for using your personal information

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • where we need the personal information to perform a contract with you (for example when you buy something from us),
  • where the processing is in our legitimate interests (for example when we share your information with one of our suppliers or software providers or we answer your question or send you information or receive your order)
  • or where we have your consent.

Transfers of personal information outside Europe

Personal data in the UK and European Union is protected by data protection laws but countries outside of the UK and EU do not necessarily protect your personal data in the same way.

Our website provider and other third-party service providers (such as our website provider, email provider, email marketing provider and analytics companies) may not be hosted in the United Kingdom and this means that we may transfer any information which is submitted by you through the website outside of the UK and European Economic Area (which means all the EU countries plus Norway, Iceland and Liechtenstein) (“EEA”) to these other countries.

When you send an email to us, this may be stored on email servers which are hosted in or located on networks that may pass through these other countries. We will take steps to ensure that our third-party companies use the necessary level of protection for your information (including checking Standard Contractual Clauses) but if you do not want your information to be transferred outside the UK or EEA you should not use our website or contact us via email.

Your data protection rights

Under data protection law, you have rights including:

Your right to be informed

You have the right to be informed about how we collect and use your personal information. This privacy policy provides that information. If we update our Privacy Policy to reflect a change or improvement of our services or a new legal obligation, we will publish the new version on our website.

Your right of access

You have the right to access and receive a copy of your personal data, and other supplementary information. This is commonly referred to as a subject access request or ‘SAR’. You can make a SAR verbally or in writing, including via social media. A third party can also make a SAR on your behalf (we will need your written consent).

We will respond without delay and within one month of receipt of the request. We may extend the time limit by a further two months if the request is complex or if you receive a number of requests from you. We may only refuse to provide the information if an exemption or restriction applies, or if the request is manifestly unfounded or excessive.

Your right to rectification

You have the right to have inaccurate personal data rectified or completed if it is incomplete. You can make a request for rectification verbally or in writing. We will respond to your request within one month. In certain circumstances we may refuse a request for rectification.

Your right to erasure

You have the right to have your personal data erased. The right to erasure is also known as ‘the right to be forgotten’. The right is not absolute and only applies in certain circumstances. You can make a request for erasure verbally or in writing. We will respond to your request within one month.

Your right to restriction of processing

You have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store your personal data, but not use it. You can make a request for restriction verbally or in writing. We will respond to your request within one month.

Your right to object to processing

You have the right to object to the processing of your personal data in certain circumstances. You have an absolute right to stop your data being used for direct marketing. In other cases where the right to object applies we may be able to continue processing your personal data if you can show that you have a compelling reason for doing so. You can make a request for restriction verbally or in writing. We will respond to your request within one month.

Your right to data portability

You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Exercising your rights

You are not required to pay any charge for exercising your rights.

The best way to contact us regarding your rights is to use the contact form on our website or call us on 01223 242242.

You can change your personal information by logging on to your web account. If you wish to opt-out of receiving marketing emails you can unsubscribe using the link on each email.

Other sites

This site may contain links to other sites. We are not responsible for the privacy practices or the content of such web sites.

Privacy complaints

If you have any concerns about our use of your personal information, you can make a complaint to us using our contact form.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

(Privacy & Security v. 2022-10-03)