Privacy Policy

Abbey Botanicals understands that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits Our Site and will only collect and use information in ways that are useful to you and in a manner consistent with your rights and Our obligations under the law.

This Policy applies to Our use of any and all data collected by us in relation to your use of Our Site. Please read this Privacy Policy carefully and ensure that you understand it, and use the Glossary to understand the meaning of some of the terms used in this Privacy Policy.

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices, and is not intended to override them.

Our Site is not intended for children and we do not knowingly collect data relating to children.

Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Site. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.

INFORMATION ABOUT US and (collectively referred to as “Our Site” in this Privacy Policy), are owned and operated by David Clarke t/a Abbey Botanicals, 3 The Wylde, Leinthall Earls, Leominster, Herefordshire, HR6 9TU, United Kingdom

Abbey Botanicals (referred to as “we”, “us” or “our” in this Privacy Policy) is the controller and is responsible for your personal data. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us using the details set out in section 11 below.


This Privacy Policy applies only to your use of Our Site. It does not extend to any websites that are linked to from Our Site (whether We provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.


Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, please note that in these circumstances we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods). In this case, we may have to cancel an order you have with us, but we will notify you if this is the case at the time.

Data you provide to us

There are many different ways in which you provide information to us. These include:

  1. Registering for an Account
    To create an Account you need to provide data including your name, email address and a password.
  2. Signing up to our newsletter
    You can register for our newsletter without creating an Account. You can do this via a pop-up on our homepage, through the newsletter sign up box found in the footer of our website or alternatively via a tick box in the checkout. To subscribe to our newsletter, you need to provide your email address.
  3. Submitting a contact form
    When you submit a contact form you will provide your name and email address as well as any other details you include in the ‘comment’ box.
  4. Placing an order
    When placing an order, you need to provide data including your name, email address, delivery address, a phone number and payment (e.g. credit card) and billing information. (We do not store credit/debit card details these are taken by our payment processor PayPal).
  5. Within your Account dashboard
    You are able to decide whether you would like to provide additional information in your Account, such as:
    Your company name and number;
    Your job title and industry;
  6. As well as additional contact information such as:
    Email addresses;
    Telephone numbers;
    Delivery addresses;
    Billing addresses;

You do not have to provide this additional information however; this information will enable you to get more from our services. For example, providing additional delivery and billing addresses in your account will allow for a faster checkout process.

Data we collect automatically

Some data will be collected automatically by Our Site as We use cookies to recognize you and/or your device(s) as well as to understand your preferences and interests when purchasing products.

You can control cookies through your browser settings and other tools. You can also opt-out from Our use of some cookies and similar technologies that track your behavior.

For further details on information collected automatically by our Cookies, please see our Cookie Policy below.


We will only use your personal data when the law allows us to. Please refer to the Glossary for details about the “lawful basis for processing” principles, which set out what is allowed under the GDPR.

Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

We have set out below a description of all the ways we plan to use your personal data. We have also identified what our legitimate interests are where appropriate.


We use the data that we have about you to provide and personalise, our Services, so that they can be more relevant and useful to you. This includes:

  1. Processing transactions.
    Data provided to us during the order process is used to fulfil your order. Contact information, and in particular your email address, is used throughout the order process to send information regarding your transaction. Data for all orders is retained for customer service, analytics, marketing, and accounting purposes.
  2. Personalising the user experience.
    Information provided when registering for an Account or from our Cookies may be used to customise portions of the website.
  3. Improving our services.
    We use analytics data as well as customer feedback to plan improvements to the website. Anonymous device information is also used to help investigate technical issues.
  4. Customer service.
    Data collected when you register for an Account and during the order process is used by our personnel to investigate and provide fast and effective resolutions to queries, service issues and complaints. Anonymous device information may also be used to investigate technical issues related to the query.
  5. Marketing & advertising
    With your permission and where permitted by law, We may also use your data for marketing purposes which includes contacting you by email and/or telephone and/or post, with information, news and offers on Our products and services, depending on what you have agreed to.

Anonymous data is also used to create and target advertising campaigns.

We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and all other applicable laws.

You may change your communication preferences at any time from within your Account dashboard or by unsubscribing within any of our marketing emails. Please be aware that you cannot opt-out of receiving service messages from us, including transactional communications as well as security and legal notices, although you can in some circumstances ask for your personal data to be deleted. Please refer to section 9.3 below for details about your right of erasure.


From time to time we may need to send you important updates or notices such as communications about changes to this Privacy Policy or our Terms and Conditions.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. See section 5 below for more details.


  1. We use third parties to help us provide our services to you and in some cases, these third parties may require access to some or all of your data, as reasonably necessary to perform these tasks on our behalf. We share relevant data with:Our suppliers, fulfilment centre and couriers, for the processing of orders and delivery of goods;Our third party search engine facilities and website analysis programmes to support us with improvement and maintenance of our website;Our third party marketing platform so that we can analyse your preferences and send you marketing and important update emails;Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law
  2. We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.
  3. We may share your personal data with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
  4. In certain circumstances We may be legally required to share data held by Us, which may include your personal information, for example, where We are involved in legal proceedings, where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of Us.
  5. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes, and only permit them to process your personal data for specified purposes and in accordance with our instructions.


Some of our external third parties are based outside the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we make sure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, please see
  2. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see
  3. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details,


Data security is of great importance to Us, and We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Steps We take to secure and protect your data include:

  1. Data collected during the order and registration processes, including “guest” orders, is stored in a database on our server. Periodically, this database is copied to a separate backup server. Both servers are hosted securely, and we take every reasonable precaution to ensure the safety and protection of all customer data. Our server is regularly scanned for vulnerabilities and is configured in accordance with PCI regulations. HTTPS encryption is used throughout the website to help prevent the interception of your data.
  2. Payment data and credit card information is processed and stored securely with our payment service providers (PayPal). ‘Saved Payment Information’ shown within your Account dashboard is an encrypted ‘token’ and your actual bank and/or card details are never stored on our own servers.
  3. In addition, data may be stored with our third party CRM, marketing, and advertising providers. While we do not control how these third parties protect your data, we take precautions to ensure that all data is stored and used in accordance with applicable regulations and that only trusted services are used.

Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting data to Us via the internet.


We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including contact details, financial and transactional data) for six years after they cease being customers for tax and accounting purposes.

In some circumstances you can ask us to delete your data: see section 9 below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.


Under certain circumstances, you have rights under data protection laws in relation to your personal data.

You have the right to:

  1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. You can update some of your personal information yourself through your Account dashboard.
  3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. If you request erasure of all information we hold about you, we will have to close your Account (see section 10 below).
  4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  7. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.


Should you choose to close your account, we will delete your account and any information associated with your account within 30 days of your request, except that we will retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes or to maintain security. We will retain depersonalised information after your account has been closed.


If you have any questions or complaints about Our Site or this Privacy Policy, please contact Us by email at, by telephone on 01568 770832, or by post at: Abbey Botanicals, 3 The Wylde, Leinthall Earls, Leominster, HR6 9TU United Kingdom.

Please note that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the contact details set out above.


We may change this Privacy Policy as we may deem necessary from time to time, or as may be required by law. Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date. This version was last updated on 24th May 2018 and historic versions can be obtained by contacting us.


“Account”Means an account required to access and/or use certain areas and features of Our Site;
“Cookie”Means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in our Cookie Policy below;
“GDPR”The General Data Protection Regulation (EU) 2016/679;
“Lawful Basis for Processing”We will only collect and process personal data about you where we have a lawful basis. Our lawful bases include:

Where you have given us consent to process your personal data for a specific process. For example, if you have opted in to our marketing emails. Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time.

Where processing is necessary for the performance of a contract with you. For example, to enable us to process your orders.

Legitimate Interests 
Where processing is necessary for the purpose of our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests. Where we rely on legitimate interests to process your personal data, you have the right to object.