top of page

Privacy Policy

1. Introduction

Lavender Common ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website lavendercommon.com (the "Website") and use our services, including making donations.

We process personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are and Contact Details

 

Data Controller: Lavender Common

Email: director@lavendercommon.com

 

If you have any questions about this Privacy Policy or our data processing practices, please contact us at the email address above.

3. What Personal Data We Collect

 

We collect personal data in the following ways:

  • "Directly provided data": When you make a donation or sign up for our newsletter, we collect your name, email address, and location.

  • "Payment data": Payment information (such as card details) is collected through our payment portal, which is integrated into our Wix platform. We do not store payment card information; this is processed by our payment provider.

  • "Technical data": We automatically collect certain technical information when you visit our Website, including cookies and analytics data (see Section 7 below).

4. Legal Basis for Processing

We process your personal data on the following legal bases under the UK GDPR:

  • "Processing donations": Based on your explicit consent and our legitimate interest in accepting donations to support our work.

  • "Newsletter emails": Based on your consent when you donate (automatic enrolment to our newsletter). "Important note: You do not currently have the option to opt out of newsletter signup during the donation process. We are reviewing this process to ensure full GDPR compliance."

  • "Website operation": Based on our legitimate interest in maintaining and improving the Website.

5. How We Use Your Data

 

We use the personal data we collect for the following purposes:

  • Processing donations and providing receipts

  • Sending you marketing emails via EmailOctopus (following your enrolment in our newsletter)

  • Responding to your inquiries

  • Improving our Website and services

  • Complying with legal obligations

6. Third-Party Service Providers

We share your personal data with the following third parties:

Wix: Our website is hosted on the Wix platform. Wix processes personal data on our behalf as a Data Processor. Wix stores cookies on your device for website functionality and analytics. For more information about Wix's privacy practices, visit www.wix.com/en/privacy.

EmailOctopus: We use EmailOctopus to manage and send our marketing newsletter. EmailOctopus processes your name and email address as a Data Processor. For more information, visit www.emailoctopus.com/privacy.

All third-party service providers are obligated by contract to process personal data only for the purposes we specify and in accordance with our instructions and UK GDPR requirements.

7. Cookies and Tracking Technologies

 

Our Website uses cookies placed by Wix to:

  • Enable core website functionality

  • Provide analytics to understand how visitors interact with our Website

  • Remember your preferences

Most web browsers allow you to control cookies through settings. You can block cookies or delete them after they have been set. However, blocking cookies may affect the functionality of our Website.

8. How Long We Keep Your Data

We retain personal data for as long as necessary to fulfil the purposes for which it was collected:

  • "Donation records": Retained for thirteen months following your last donation

  • "Newsletter contacts": Retained for six months after you unsubscribe from our mailing list

After this retention period, your personal data will be securely deleted or anonymised unless we are required to retain it for legal or regulatory reasons.

9. Your Rights Under UK GDPR

You have the following rights under UK GDPR:

  • "Right of access": Request a copy of the personal data we hold about you

  • "Right of rectification": Request that we correct inaccurate or incomplete data

  • "Right to erasure": Request that we delete your personal data (subject to certain exceptions)

  • "Right to restrict processing": Request that we limit how we use your data

  • "Right to data portability": Request a copy of your data in a portable format

  • "Right to withdraw consent": Withdraw your consent to marketing emails at any time by clicking the unsubscribe link in any email or contacting us

To exercise any of these rights, please contact us at director@lavendercommon.com.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

  • Secure HTTPS encryption for all data transmitted via our Website

  • Secure storage provided by our hosting platform (Wix)

However, no method of transmission over the Internet or electronic storage is entirely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

11. International Data Transfers

Your personal data may be transferred to, stored in, or processed outside the UK and EU. Both Wix and EmailOctopus process data internationally. These transfers are safeguarded by:

  • Standard Contractual Clauses (SCCs) or equivalent mechanisms provided by the service providers

By using our Website and services, you consent to the transfer of your data outside the UK/EU as described in this Privacy Policy.

12. Children’s Privacy

Our Website is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will delete such data promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by updating the "Last Updated" date at the top of this policy. Your continued use of the Website after such modifications constitutes your acceptance of the updated Privacy Policy.

14. Contact Us and Data Protection Complaints

If you have any questions about this Privacy Policy, your personal data, or our privacy practices, please contact us at director@lavendercommon.com

 

If you believe your rights have been violated or have a complaint about how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). Visit www.ico.org.uk for more information.

 

---

Document Version: 1.0

This privacy policy is effective as of April 2026 and complies with UK GDPR and the Data Protection Act 2018.

bottom of page