Privacy Policy

Introduction

Effective Date: 13/08/2025

Welcome to buddsherbalmedicine.com (“we”, “us”, or “our”). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, visit our shop, or engage our services. Please read this Policy carefully so you understand your rights and our responsibilities.

Budd’s Herbal Medicine is the trading name for our online services, while Budd’s Herbal Apothecary refers to our physical retail shop. Both operate under the same legal business entity and follow the same privacy practices described in this Policy. Consultations are provided through a separate business entity, but the handling of your personal data related to consultations is also governed by this Privacy Policy. Whether you book a consultation online, make a purchase in person, or simply browse our site, your data is protected and managed consistently.

By using our site, booking a consultation, or otherwise providing us with your personal information, you agree to the terms of this Privacy Policy.

1. About Us

Budd’s Herbal Medicine is a UK-based provider of natural, plant-based wellness solutions. We specialise in offering a curated range of herbal products, traditional remedies, and educational resources designed to support holistic health and well-being.

Our mission is to promote the safe and informed use of herbs in everyday life, blending traditional herbal knowledge with modern wellness practices.

We produce some of our products in-house and also carefully source from trusted third-party suppliers, herbalists, and manufacturers who share our commitment to quality, sustainability, and ethical practices. Every product we stock is reviewed to ensure it meets our internal standards for safety, effectiveness, and integrity.

Whether you’re just beginning your herbal journey or looking to deepen it, Budd’s Herbal Medicine is here to support your path to natural well-being.

1.1 Data Controller

Budd’s Herbal Medicine is the Data Controller for your personal data. This means we determine the purposes and means of processing your personal information.

2. Information We Collect

We only collect the personal data necessary to provide our services, manage our operations, and comply with legal and professional obligations. The types of information we collect depend on how you interact with us.

2.1 When You Book a Consultation (via AmeliaWP)

When booking a consultation through our online system, we may collect:

  • Full name
  • Email address
  • Telephone number
  • Appointment details (date, time, service, location, practitioner)
  • Payment details for deposits or full payments (processed securely by Tyl by NatWest)
  • Any notes you choose to include in your booking form (optional)

Please note that health or sensitive data is not routinely entered into our online booking system.

Your booking information is handled by the medical herbalist or authorised personnel, who are responsible for managing appointments, confirming details, and providing any necessary follow-up.

2.2 When We Import Data to the Booking System

Occasionally, we may transfer information from paper-based consultation records into our secure online customer database. This may include:

  • Contact details (full name, address, phone number, email)
  • Date of birth and sex
  • Past appointment history

This process is carried out by the medical herbalist or authorised personnel to improve continuity of care, ensure accuracy of your information, identify customers, facilitate appointment bookings, and enhance customer service.

We do not upload full consultation notes, sensitive medical details, or treatment records into the online system. These remain securely stored on paper in locked cabinets and are only digitised in exceptional cases where you have provided explicit consent and additional safeguards are in place.

All data imported into our online system is protected by appropriate technical and organisational security measures, such as encryption and restricted access, to ensure your personal information remains confidential and secure.

The lawful basis for processing your data includes your consent when you book a consultation and our legitimate interests in managing and improving our services.

By booking a consultation or using our services, you consent to the transfer and processing of your personal data as described above. If you have any questions or wish to exercise your data rights, please contact us at any time.

2.3 When You Attend a Consultation (Paper Records)

As part of professional and legal responsibilities, consultations carried out by our qualified NIMH (National Institute of Medical Herbalists) medical herbalist are documented in written consultation notes. These may include:

  • Contact details (full name, address, phone number, email address)
  • Date of birth, sex, occupation
  • GP details
  • Relevant medical history, medications, supplements, allergies
  • Lifestyle and dietary information relevant to your care
  • Observations, treatment notes, and recommendations

These records are stored securely in paper format within locked cabinets at our premises. Access is restricted to the medical herbalist and authorised personnel who require it to assist in delivering our services or fulfilling administrative and legal duties. We prioritise keeping your sensitive information offline and under our direct control to minimise unnecessary sharing and reduce the risk of unauthorised access.

In some cases, limited key details such as your name, contact information, date of birth, and sex may be added to our secure online customer database to ensure accurate identification, maintain up-to-date records, and facilitate future bookings. Full consultation notes and sensitive medical information remain strictly paper-based unless you provide explicit consent for digital storage, in which case additional security measures will be applied.

2.4 When you opt-in to marketing

We collect your email address when you sign up for our newsletter or book a consultation. We may link this email to other personal data we hold about you, such as your name, date of birth, and appointment history, to tailor marketing communications and offers to your preferences.

We may share your email address and related personal information with trusted third-party service providers, such as email marketing platforms (e.g., Brevo) and customer relationship management (CRM) systems, to manage and deliver our marketing communications. These providers are contractually obligated to keep your data secure and use it only for the purposes we specify.

We also log certain technical and submission details related to your interactions with our website and marketing services, including:

  • Email address
  • Submission ID
  • Timestamp
  • Source URL
  • Post ID
  • User ID
  • User agent
  • IP address (which is anonymized during our scheduled privacy scrub process)
  • Privacy scrub date

This logging helps us monitor system performance, improve user experience, and detect any misuse while respecting your privacy. The IP address and other sensitive information are anonymized regularly (as part of our privacy scrub) to protect your identity.

You will only receive marketing communications if you have explicitly consented. You can unsubscribe at any time by following the instructions included in our emails or by contacting us directly.

All personal data used for marketing is processed securely and in compliance with applicable data protection regulations.

3. How We Use Your Information

We use your personal data to provide and improve our services, manage our operations, and comply with legal obligations. Specifically, we use your information to:

Process and manage your bookings and appointments

  • Communicate with you through various channels, including emails, SMS texts, phone calls, and postal mail, regarding your appointments, services, order confirmations, consultation reminders, newsletters, promotional offers (only if you have opted in), important account updates, and other relevant information
  • Process payments securely
  • Provide customer support and respond to your inquiries
  • Send marketing communications, including newsletters and promotional offers (only if you have opted in)
  • Link your email and other personal data to your user account to synchronise information across our systems for accuracy, identification, and personalised service
  • Maintain and improve our website, systems, and security
  • Comply with professional, legal, and regulatory requirements
  • Conduct internal analysis to improve our services and customer experience

We do not use your data for any purpose other than those outlined here without your explicit consent.

3.1 Marketing Communications & Opt-Out Rights

By providing your contact information and opting in, you consent to receive marketing and promotional communications from us via email, SMS, phone calls, and postal mail. These communications may include newsletters, special offers, event invitations, and other information related to our products and services.

You can opt out of receiving marketing communications at any time by:

  • Clicking the “unsubscribe” link included in marketing emails
  • Replying “STOP” to marketing SMS messages
  • Contacting us directly via the Contact Details section with your request to be removed from marketing lists

Please note that opting out of marketing communications will not affect our ability to send you essential service messages, such as appointment confirmations, order updates, and important account notifications.

3.2 Lawful Basis for Processing

We process your personal data only where we have a valid legal basis under UK data protection law. Depending on the context, the lawful bases we rely on include:

  • Consent – when you have given clear permission for us to process your personal data for a specific purpose, such as receiving marketing communications.
  • Contract – when processing is necessary to perform a contract with you or to take steps at your request before entering into a contract, such as managing bookings and providing consultations.
  • Legal Obligation – when processing is necessary for us to comply with the law, including tax, accounting, or professional record-keeping requirements.
  • Legitimate Interests – when processing is necessary for our legitimate business purposes (or those of a third party) and your interests and fundamental rights do not override those interests. For example, maintaining customer records for continuity of care, improving our services, or securing our systems.
  • Vital Interests – in rare cases, when processing is necessary to protect someone’s life or prevent serious harm.
  • Special Category Data – if we process health-related information about you during a consultation, this is done under Article 9(2)(h) of the UK GDPR for the provision of health care and treatment by a qualified medical herbalist and, where required, with your explicit consent.

Where we rely on your consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before withdrawal.

4. Who We Share Your Information With

We do not sell your personal data. We share it only where necessary to provide our services, comply with the law, or protect our rights.

Where possible, we store and process your data within the UK and European Economic Area (EEA). Our website and primary database are hosted on servers located in the UK. We aim to store as much personal data as possible locally, without unnecessary transfer to third parties.

We may share personal data with the following categories of recipients:

  • Website hosting and domain registration providers – to operate and maintain our website and email services.
  • Website security and performance providers – to protect our website from malicious activity and ensure it runs efficiently.
  • Online booking and scheduling systems – to manage appointments and related communications.
  • Marketing and analytics providers – where you have consented to marketing or where anonymised analytics are used to improve our services.
  • Cookie consent management services – to record and respect your privacy preferences.
  • Professional advisers and legal services – for legal, regulatory, or compliance purposes.

Some of these service providers may process data outside the UK/EEA. Where this happens, we aim to ensure that your data is protected to UK GDPR standards. This may include using recognised transfer safeguards, such as UK-approved Standard Contractual Clauses, or working only with providers in countries covered by an adequacy regulation.

4.1 International Data Transfers

While we aim to keep all personal data within the UK and European Economic Area (EEA), some of our service providers may process data in countries outside these regions. If such transfers occur, we take steps to ensure your information is protected to UK GDPR standards.

These steps may include:

  • Using providers in countries covered by a UK adequacy regulation.
  • Putting in place appropriate legal safeguards, such as UK-approved Standard Contractual Clauses.
  • Ensuring that the provider has appropriate technical and organisational measures to protect your data.

Where it is not possible to guarantee that the laws of the destination country provide the same level of protection as the UK, we will only transfer data if it is strictly necessary for the provision of our services and with additional safeguards where possible. These safeguards include UK-approved Standard Contractual Clauses or transfers to countries covered by a UK adequacy regulation.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal and professional obligations, and protect our legitimate interests.

Paper Records:
For professional and legal reasons, we keep written consultation notes, including medical and personal information, for a minimum of 7 years following your last treatment. If you were under 18 at the time of your last consultation, your records will be kept until you reach the age of 25, unless you continue to have consultations after turning 18, in which case the 7-year retention period applies from the date of your final treatment.

Online Records:
Data collected through our online booking system, store, marketing platforms, and website (such as booking details, payment information, transaction records, newsletter subscriptions, and security logs) is retained for periods appropriate to its purpose, including but not limited to:

  • Bookings and appointment data: retained for 7 years after the last appointment.
  • Online store transaction and billing data: retained for 7 years to meet financial and tax requirements.
  • Marketing data (e.g., email addresses for newsletters): retained until you unsubscribe or request deletion.
  • Website and security logs: retained for up to 12 months for security and fraud prevention purposes, after which data is anonymized or deleted.

After these retention periods, your data is securely deleted or anonymized unless retention is required by law or legitimate business purposes.

If you have any questions or would like to request the deletion of your data, please contact us at any time.

6. Your Rights

You have certain rights regarding your personal data under applicable data protection laws, including:

  • Right to Access – You can request a copy of the personal data we hold about you.
  • Right to Rectification – You can ask us to correct any inaccurate or incomplete data.
  • Right to Erasure – You may request that we delete your personal data, subject to legal or contractual obligations.
  • Right to Restrict Processing – You can ask us to limit how we use your data in certain situations.
  • Right to Data Portability – You may request to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object – You have the right to object to our processing of your personal data, including for marketing purposes.
  • Right to Withdraw Consent – Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

6.1 Special Category Data
If we process health-related information about you as part of your consultation, this is classed as special category data under the UK GDPR. We process this information under Article 9(2)(h) for the provision of health care and treatment by a qualified medical herbalist and, where required, with your explicit consent.

To exercise any of these rights, please use the contact details provided in the Contact Us section of this privacy policy. We will respond to your request as soon as possible and within the timeframes required by law.

If you have concerns about how we handle your personal data, we encourage you to contact us first so we can address your concerns promptly. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: https://www.ico.org.uk
Telephone: 0303 123 1113

Please note that some rights may be limited in certain circumstances, such as where we need to retain data for legal compliance or to protect our legitimate interests.

7. Children’s Privacy

Our services are primarily intended for individuals aged 16 and over. Clients aged 16 or 17 may book consultations but must be accompanied by a parent or legal guardian during their appointment.

We do not knowingly collect personal data from children under 16 without parental or guardian consent. If we discover that we have collected personal data from someone under 16 without appropriate consent, we will promptly delete that data.

For clients under 18 at the time of consultation, we retain records in accordance with our Data Retention Policy, considering their age and any ongoing care requirements.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and support marketing efforts.

Cookies are small data files stored on your device that help us remember your preferences and recognize repeat visitors. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted).

You can manage your cookie preferences through your browser settings, including blocking or deleting cookies. However, please note that disabling cookies may affect the functionality of our website.

For more details about the cookies we use and how we handle your information, please refer to our Cookie Policy.

8.1 Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC (“Google”), to help us understand how visitors interact with our website. Google Analytics collects information such as pages visited, time spent on the site, device type, and anonymized IP addresses. This helps us improve website performance, user experience, and content.

Google Analytics may use cookies to collect this data. These cookies do not identify you personally. You can manage or disable Google Analytics cookies through your browser settings or via our cookie consent tool. For more information, please see Google’s Privacy Policy: https://policies.google.com/privacy.

9. Data Security

We take the security of your personal data very seriously. We implement appropriate technical and organisational measures to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data both in transit and at rest where applicable
  • Secure storage systems with restricted access
  • Regular security audits and updates to our systems
  • Use of reputable third-party service providers who comply with relevant data protection standards
  • Staff training on data protection and confidentiality

Despite these measures, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

If you suspect any breach of your data security, please contact us immediately through the contact details provided in this policy.

10. User-Generated Content

Our website may allow you to submit content such as reviews, comments, testimonials, or other feedback (“User-Generated Content”).

When you submit User-Generated Content, you may provide personal data (e.g., your name or email) as part of that content. We collect and process this information solely to display your content and manage our website.

By submitting User-Generated Content, you grant Budd’s Herbal Medicine a non-exclusive, royalty-free, worldwide, perpetual license to use, reproduce, modify, adapt, publish, translate, distribute, and display such content in any media.

You are solely responsible for the content you submit and confirm that it does not violate any third-party rights, is not defamatory, offensive, or unlawful.

We reserve the right to remove or edit any User-Generated Content at our discretion and without notice, particularly if it violates our policies or applicable laws.

Please note that User-Generated Content reflects the views of the individual contributors and does not represent our opinions or policies. We do not guarantee the accuracy or reliability of such content.

By submitting User-Generated Content, you acknowledge and accept that other users may view, use, or share your submitted information. You submit such content at your own risk.

11. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or for other operational reasons.

When we make changes, we will post the updated Privacy Policy on this website with a revised “Last Updated” date at the top. It is your responsibility to review the Privacy Policy periodically to stay informed of any updates.

By continuing to use our website, services, or purchase products after such changes are posted, you consent to the updated Privacy Policy.

If you do not agree to the updated Privacy Policy, please discontinue use of our website and services immediately.

12. Contact Details

If you have any questions, concerns, or requests regarding these Terms of Service, your orders, consultations, or any other aspect of our services, please contact us through the following means:

Email (General): hello@buddsherbalmedicine.com
Email (Shop): shop@buddsherbalmedicine.com
Email (Consultations): consultations@buddsherbalmedicine.com

Phone: 023 9307 8564

Address: Budd’s Herbal Apothecary, Portsmouth, Southsea, PO5 2SN, United Kingdom