top of page
Search

Privacy Policy

  • Apr 29
  • 4 min read

Updated: May 5

Last updated: 29 April 2026

The Wellness Method® ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal data when you visit wellnessmethod.co.uk (the "Site"), purchase our products, subscribe to our communications, or otherwise interact with us.

This Policy is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

If you have any questions about this Policy or how we handle your data, please contact us at hello@wellnessmethod.co.uk.

1. Who we are (the "Data Controller")

The data controller responsible for your personal data is:

Gaia & Bloom Ltd · Company Number: 16297174 · Registered Office: 149 Tottenham Court Road, London W1T 7NF · Email: hello@wellnessmethod.co.uk · ICO Registration: ZC135783

Trading as "The Wellness Method".

2. What personal data we collect

We collect the following categories of personal data:

You provide directly to us:

  • Identity data: first name, last name

  • Contact data: email address, billing address, delivery address, phone number (if provided)

  • Transaction data: products purchased, order value, payment confirmation (we do not store your full card details — see Section 4)

  • Marketing & communications data: your preferences in receiving marketing from us, your responses to surveys or feedback requests

  • Account data: any account credentials you create (if applicable)

  • Correspondence data: messages and content of emails you send us

We collect automatically when you use the Site:

  • Technical data: IP address, browser type and version, time-zone setting, operating system, device identifiers

  • Usage data: pages visited, time on page, referring URL, navigation patterns, search terms

  • Cookie data: as set out in our Cookie Policy

We do not knowingly collect special category data (such as health data) and do not require it for any purchase. Please do not send us such data unprompted.

3. How we use your data and our lawful bases

Under UK GDPR Article 6, we process your data on the following lawful bases:

  • Processing and fulfilling your order — Identity, contact, transaction — Contract (Article 6(1)(b))

  • Sending order updates and delivery notifications — Identity, contact, transaction — Contract

  • Customer service and responding to your queries — Identity, contact, correspondence — Contract / Legitimate interests

  • Sending marketing emails about products and offers — Identity, contact, marketing preferences — Consent (Article 6(1)(a)) — opt-in only; you can withdraw at any time

  • Improving our products, website and customer experience — Usage, technical — Legitimate interests

  • Fraud prevention and security — Identity, transaction, technical — Legitimate interests / Legal obligation

  • Complying with legal and regulatory obligations (tax, accounting, FSA, ASA) — Transaction, identity — Legal obligation (Article 6(1)(c))

  • Defending or bringing legal claims — All categories as relevant — Legitimate interests

We do not engage in automated decision-making or profiling that produces legal effects on you.

4. Who we share your data with

We never sell your personal data. We share it only with the following categories of third parties, all of whom act as data processors on our written instructions: Wix.com Ltd (hosting + e-commerce), Shopify Inc. (checkout), Shopify Payments and PayPal (payments), Klaviyo (email marketing — only if you opt in), Royal Mail and other delivery couriers, Google Analytics (with consent), Meta/Facebook/Instagram (with consent), our accountants and legal advisers, and HMRC and other regulators where legally required.

Some of these processors are based outside the UK (for example, in the EEA or USA). Where this is the case, transfers are protected by appropriate safeguards: UK Adequacy Regulations, the UK International Data Transfer Agreement, or Standard Contractual Clauses with additional safeguards.

A full list of our processors and their locations is available on request.

5. How long we keep your data

  • Order and transaction records: 7 years (HMRC requirement)

  • Customer service correspondence: 3 years from last contact

  • Marketing email subscribers: until you unsubscribe, plus 6 months for unsubscribe-list maintenance

  • Website analytics (where consented): 14 months (Google Analytics default)

After these periods, your data is securely deleted or anonymised.

6. Your rights under UK GDPR

You have the following rights, free of charge, in respect of your personal data: access, rectification, erasure ("right to be forgotten"), restriction, data portability, objection, withdrawing consent at any time, and not being subject to solely automated decision-making.

To exercise any of these rights, email hello@wellnessmethod.co.uk. We will respond within one calendar month. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113. We would appreciate the opportunity to address your concerns directly first.

7. How we keep your data secure

We use industry-standard technical and organisational measures, including TLS encryption in transit, encrypted storage at rest with our processors, access controls, and regular review of our security practices. Payment data is handled under PCI DSS by our payment processors and never stored on our servers. In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and notify affected individuals where required.

8. Children

Our products are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you are under 18, please do not provide us with personal data.

9. Marketing communications

We will only send you marketing emails if you have opted in. Every marketing email contains a one-click unsubscribe link. You can also email hello@wellnessmethod.co.uk to opt out at any time. Unsubscribing from marketing does not affect transactional emails such as order confirmations and delivery updates, which we are obliged to send.

10. Cookies

This Site uses cookies and similar tracking technologies. Please see our Cookie Policy at /post/cookie-policy for full details.

11. Links to other websites

Our Site may contain links to third-party websites. We are not responsible for the privacy practices of those sites. Please review their privacy policies before submitting any personal data.

12. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be notified to subscribed customers by email. Your continued use of the Site after changes constitutes acceptance of the revised Policy.

13. Contact

Email: hello@wellnessmethod.co.uk · Post: Gaia & Bloom Ltd, 149 Tottenham Court Road, London W1T 7NF

 
 

Recent Posts

See All
Cookie Policy

What cookies we set, why, and how to manage your consent.

 
 
CBD Legal & Compliance Notice

Why our cold-pressed hemp is treated as non-novel, who shouldn't use our products, and our compliance commitments.

 
 
bottom of page