Privacy Policy
Last updated: 17 June 2026
This Privacy Policy explains how Antiageherb.ddd ("we", "us", "our") collects, uses, stores, shares and protects your personal data when you visit our website at https://antiageherb.shop, contact us, register for events or interact with our cookie banner. We are committed to transparency and compliance with applicable United Kingdom data protection law.
1. UK Data Protection After Brexit
Since the United Kingdom left the European Union, Great Britain applies its own version of the General Data Protection Regulation — the UK GDPR — as retained and amended in domestic law, together with the Data Protection Act 2018 (DPA 2018) and the Privacy and Electronic Communications Regulations (PECR) 2003.
The UK GDPR is not identical to the EU GDPR in every detail, but it imposes substantially the same obligations on organisations that process personal data: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality. As a UK-based website operator, we comply with the UK GDPR and PECR for all visitors, regardless of where you access our site from.
For visitors in Northern Ireland, the UK GDPR applies alongside the UK–EU data protection framework (including the EU GDPR where relevant to certain cross-border transfers). If you are outside the UK, your local data protection laws may also apply in addition to this policy.
2. ICO Registration (Information Commissioner's Office)
Under the Data Protection (Charges and Information) Regulations 2018, organisations that process personal information electronically on a regular basis must normally pay an annual data protection fee to the Information Commissioner's Office (ICO) and register as a data controller, unless a narrow exemption applies (for example, processing personal data only for staff administration in very small organisations).
Why we are registered: We process personal data on an ongoing basis, including:
- Contact form submissions (name, email address and message content)
- Server, security and error logs (IP address, browser type, pages visited)
- Cookie and consent records (your Accept, Reject or Manage Preferences choices)
- Analytics and marketing technologies — only where you have given prior consent under PECR
- Event registration details when you sign up for educational workshops
Because we handle this volume and variety of personal data, we are registered with the ICO as a data controller, have paid the applicable annual fee, and maintain our registration in good standing.
- Regulator: Information Commissioner's Office (ICO)
- ICO website: ico.org.uk
- ICO helpline: 0303 123 1113
- Our ICO registration reference: ZA892417
- Register entry: Data controller — Antiageherb.ddd
- Public register: ico.org.uk/esdwebpages/search (search for our registration reference or business name)
If you have concerns about how we handle your data, please contact us first at writetous@antiageherb.shop so we can try to resolve the matter. You also have the right to lodge a complaint with the ICO at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom, or via ico.org.uk/make-a-complaint.
3. Data Controller and Contact
The data controller responsible for your personal data is:
- Business name: Antiageherb.ddd
- Address: Holding Space, John St, Saltaire, Shipley BD18 3HU, United Kingdom
- Email: writetous@antiageherb.shop
- Phone: +44 7960 330183
We are not required to appoint a Data Protection Officer (DPO) under UK GDPR Article 37. For all data protection enquiries, please use the contact details above.
4. Personal Data We Collect
We may collect, use and store the following categories of personal data:
- Identity and contact data: your name and email address when you submit our contact form or register interest in an event.
- Communication data: the content of messages you send us, including any information you choose to include about your diet or lifestyle habits. Please avoid sharing special category data (such as detailed medical records) unless necessary.
- Technical data: IP address, browser type and version, operating system, device type, referral source, pages viewed, time and date of visits, and session duration. Some technical data is collected automatically through server logs; analytics data is collected only with your consent.
- Cookie and consent data: your cookie preferences (Accept all, Reject or Manage Preferences choices), stored locally in your browser via localStorage under the key
dietdiversity_cookie_consent.
We do not intentionally collect special category personal data (such as data concerning health, racial or ethnic origin, religious beliefs or biometric data) through our website. If you voluntarily include health-related information in a contact message, we will process it only to respond to your enquiry and will delete it when no longer needed, relying on your explicit consent where required under Article 9 UK GDPR.
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.
5. How We Collect Data
- Directly from you — when you complete our contact form, tick the GDPR consent checkbox, register for events or email us.
- Automatically — through server logs and essential website technologies when you browse our pages.
- Through cookies and similar technologies — only non-essential cookies (analytics and marketing) with your prior consent, in accordance with PECR. See our Cookie Policy.
- From third parties — we may receive limited technical data from hosting providers and (if you consent) analytics platforms such as Google Analytics.
6. Purposes and Legal Bases for Processing
Under UK GDPR Article 6, we must have a lawful basis for each processing activity. Our main purposes and legal bases are:
- Responding to enquiries (contact form) — Legal bases: your consent when you tick the GDPR checkbox (Article 6(1)(a)); our legitimate interest in responding to messages and maintaining correspondence (Article 6(1)(f)), balanced against your rights.
- Event registration and administration — Legal bases: consent (Article 6(1)(a)) and/or performance of a contract or steps at your request (Article 6(1)(b)).
- Website security, fraud prevention and server operation — Legal basis: legitimate interest (Article 6(1)(f)) in keeping our website secure and functioning.
- Strictly necessary cookies and localStorage — Legal basis: legitimate interest (Article 6(1)(f)) and compliance with PECR requirements for essential storage.
- Analytics cookies — Legal basis: your consent (Article 6(1)(a)) under PECR and UK GDPR.
- Marketing cookies and communications — Legal basis: your consent (Article 6(1)(a)). We do not send electronic marketing without consent unless permitted under PECR soft opt-in rules.
- Legal and regulatory compliance — Legal basis: compliance with a legal obligation (Article 6(1)(c)), for example responding to ICO or court requests.
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your fundamental rights and freedoms. You may object to processing based on legitimate interests — see Section 11.
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting or reporting requirements.
- Contact form submissions: up to 24 months from the date of your last message, unless a longer period is required to resolve a dispute or comply with law.
- Event registration records: up to 12 months after the event, unless you ask us to delete your data sooner.
- Server and security logs: typically up to 90 days, unless needed for incident investigation.
- Analytics data: up to 26 months from collection, only if you have consented to analytics cookies.
- Cookie consent records: stored in your browser (localStorage) until you clear site data or withdraw consent.
- Marketing consent records: for the duration of consent plus up to 6 years thereafter, to demonstrate compliance with PECR and UK GDPR.
When data is no longer needed, we securely delete or anonymise it.
8. Data Sharing and Processors
We do not sell, rent or trade your personal data. We may share data with the following categories of recipients, under written contracts where required by UK GDPR Article 28:
- Website hosting and IT providers — who store our website and process server logs on our behalf within the UK or EEA, or under UK-approved transfer mechanisms.
- Email and communication tools — used to receive and respond to contact form messages.
- Analytics providers (e.g. Google Analytics) — only if you have consented to analytics cookies.
- Embedded service providers (e.g. Google Maps on our Contact page) — may set their own cookies; see our Cookie Policy.
- Professional advisers — lawyers, accountants or insurers where reasonably necessary.
- Law enforcement, regulators and courts — when required by applicable law, court order or lawful request from the ICO or police.
All processors are required to process data only on our instructions and implement appropriate security measures. A list of key processors is available on request by emailing writetous@antiageherb.shop.
9. International Transfers
We aim to store and process personal data within the United Kingdom. Where data is transferred outside the UK — for example, to analytics or cloud providers in the United States — we ensure a level of protection equivalent to UK GDPR by using one or more of the following safeguards, as required by UK GDPR Chapter V:
- Transfers to countries covered by a UK adequacy regulation (e.g. the EEA under the UK–EU adequacy decision, or countries with UK adequacy status).
- UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU Standard Contractual Clauses.
- Binding Corporate Rules or other approved mechanisms where applicable.
You may request further information about transfer safeguards by contacting us.
10. Security Measures
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss or destruction, including:
- HTTPS/TLS encryption for data transmitted between your browser and our servers.
- Access controls limiting staff access to personal data on a need-to-know basis.
- Secure hosting environments with firewall protection and regular software updates.
- Procedures for assessing and reporting personal data breaches to the ICO within 72 hours where required, and notifying affected individuals without undue delay where there is a high risk to their rights.
No method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.
11. Your Rights Under UK GDPR
As a data subject in the United Kingdom, you have the following rights, subject to certain exemptions in the DPA 2018:
- Right of access — request a copy of the personal data we hold about you (Subject Access Request).
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure — ask us to delete your data in certain circumstances ("right to be forgotten").
- Right to restrict processing — ask us to limit how we use your data in certain situations.
- Right to data portability — receive your data in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
- Right to object — object to processing based on legitimate interests or for direct marketing purposes.
- Rights related to automated decision-making — not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (we do not carry out such processing).
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
How to exercise your rights: email writetous@antiageherb.shop with the subject line "Data Subject Request". We will respond within one month, which may be extended by a further two months for complex requests (we will inform you within the first month if an extension is needed). We may ask for proof of identity to protect your data from unauthorised disclosure. We do not charge a fee unless a request is manifestly unfounded or excessive.
Right to complain: if you are unhappy with our response, you may lodge a complaint with the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113.
12. Cookie Consent (PECR)
Non-essential cookies (analytics and marketing) are placed on your device only after you give freely given, specific, informed and unambiguous consent via our cookie banner. We do not use pre-ticked boxes for non-essential cookies. You may:
- Accept all — enable all cookie categories.
- Reject — refuse all non-essential cookies; only strictly necessary storage remains. Your access to the website is not restricted.
- Manage Preferences — choose Analytics and Marketing individually.
You can change or withdraw consent at any time via the "Manage Preferences" link in the website footer or through our Cookie Policy. Withdrawal does not affect the lawfulness of processing before withdrawal.
13. Marketing Communications
We will only send you marketing emails or newsletters if you have given explicit consent, or where the soft opt-in under PECR Regulation 22 applies (existing customer relationship, similar products/services, opportunity to opt out at collection and in each message). Every marketing email includes an unsubscribe link. You may opt out at any time by clicking unsubscribe or emailing us.
14. Children's Privacy
Our website is not directed at children under 13. Under the DPA 2018, 13 is the age at which a child may consent to information society services in the UK. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete it promptly.
15. Third-Party Websites
Our website may contain links to external sites (including Google Maps). We are not responsible for the privacy practices of third-party websites. We encourage you to read their privacy policies before providing personal data.
16. Changes to This Policy
We may update this Privacy Policy to reflect changes in law, ICO guidance, our practices or website functionality. The "Last updated" date at the top will be revised when changes are made. For material changes, we may display a notice on the website. We encourage you to review this page periodically.