Skip to main content

Privacy & Cookie Policy

Please read about our privacy and cookie policies below

PRIVACY POLICY

Last updated: Nov 12, 2025, 11:57AM

1. Introduction

This Privacy Policy explains how Mehndi Seasons collects, uses, and protects your personal information when you use our website www.mehndiseasons.co.uk, purchase products or services, or interact with us online or in person.
By using our website, you agree to the practices described in this policy.

2. Who We Are

Mehndi Seasons is owned and operated by Sunita Patel-Passan, trading as Mehndi Seasons, a sole trader registered in the United Kingdom.
We are the Data Controller responsible for your personal data under UK GDPR.

3. What Data We Collect

We may collect the following types of information:
  • Contact information – name, email, phone number, billing and delivery address
  • Order and payment details – processed securely through Stripe (we do not store full card details)
  • Workshop and training enrolment information
  • Marketing preferences – such as newsletter subscriptions (via Mailchimp)
  • Browsing and cookie data – collected via analytics tools (e.g. Google Analytics)
  • Communications – emails, messages, or social media interactions with us

4. How We Use Your Data

We use your data to:
  • Process and fulfil your orders and training bookings
  • Communicate with you about your purchases, enquiries, or events
  • Send marketing updates and newsletters (only if you’ve opted in)
  • Improve our products, services, and website experience
  • Comply with legal, accounting, or tax obligations

5. Direct Marketing

If you subscribe to our newsletter or request updates, we may send you information about new products, training sessions, or services that we think you’ll love.
You can withdraw consent or unsubscribe at any time by clicking the “unsubscribe” link in any marketing email or by contacting [email protected].
We will never sell, rent, or share your personal data with third parties for their own direct marketing purposes.

6. Legal Basis for Processing

We process personal data under the following lawful bases:
  • Contract: to process and deliver your orders or bookings.
  • Consent: for optional marketing communications.
  • Legitimate Interests: to manage and grow our business effectively.
  • Legal Obligation: to meet tax, accounting, and regulatory requirements.

7. Sharing Your Data

We share your personal data only when necessary for business operations, such as with:
  • Delivery couriers to send your orders
  • Payment processors (Stripe) for secure transactions
  • Email providers (Mailchimp) for newsletters
  • Analytics services (Google Analytics) to improve user experience
All third-party partners are carefully selected to comply with data protection regulations.
We will never sell or lease your data to other companies.

8. Third-Party Services We Use

We use trusted third-party tools to help us operate securely and efficiently:
Stripe: for payment processing. See Stripe’s Privacy Policy.
Mailchimp: for email newsletters and marketing communication. See Mailchimp’s Privacy Policy.
Google Analytics: for understanding visitor activity (anonymised). See Google’s Privacy Policy.
These providers may store and process data outside the UK or European Economic Area (EEA). Where this happens, they use legal safeguards such as Standard Contractual Clauses to protect your information.
9. Transferring and Storing Your Data
Your data may be transferred to and stored in secure data centres located outside the UK, depending on where our third-party providers (e.g. Mailchimp, Stripe, Google) host their servers.
We ensure that all data transfers comply with UK data protection laws and that your information remains protected to the same standards as within the UK.
10. Data Retention
We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected.
Typical retention periods include:
  • Order and payment information: up to 7 years (for tax and accounting).
  • Training enrolments: up to 3 years after completion.
  • Marketing subscriptions: until you unsubscribe or request deletion.
  • When no longer needed, personal data is securely deleted or anonymised.

11. Your Rights

Under UK GDPR, you have the right to:
  • Access – request a copy of your personal data.
  • Rectification – correct inaccurate or incomplete data.
  • Erasure – request deletion of your personal data (where legally possible).
  • Restriction – limit how we use your data in certain situations.
  • Portability – request your data in a structured, machine-readable format.
  • Objection – object to direct marketing or certain data uses.
  • Withdraw consent – if processing is based on consent, you may withdraw it anytime.
To exercise any of these rights, email i[email protected].
We will respond within one month, as required by law.

12. Cookies and “Do Not Track”

We use cookies to improve your experience and analyse website traffic. For full details, please see our Cookie Policy.
Our website currently does not respond to “Do Not Track” browser signals, but you can manage cookie preferences through your browser settings.

13. Third-Party Links

Our website may contain links to other websites (for example, social media pages, partners, or suppliers).
We are not responsible for the content, security, or privacy practices of these third-party sites.
We encourage you to review their privacy policies before providing any personal information.
14. Security
We use appropriate technical and organisational measures to safeguard your personal data.
While we take every reasonable step to protect your data, no system or internet transmission is 100% secure, and you share information at your own risk.
15. Children’s Privacy
Our website and services are not directed towards children under the age of 16, and we do not knowingly collect or store personal information from anyone under this age.
If we become aware that data has been collected from a child, we will delete it promptly.
Parents or guardians can contact [email protected] to request removal of such information.
16. Complaints
If you have any concerns about how we handle your personal data, please contact us first so we can resolve the issue quickly:
If you are not satisfied with our response, you can make a complaint to the Information Commissioner’s Office (ICO):
Telephone: 0303 123 1113

17. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in law or our business practices.
The latest version will always be available on our website, with the updated date shown above.

18. Contact

For all privacy-related enquiries, please contact: