Privacy Policy

Last updated: 24th April 2026

1. About Us

This website is operated by Explore Breathe Repeat (“we”, “our”, “us”). For the purposes of UK data protection law, we are the data controller of your personal information.

We are based in the United Kingdom and our website may be accessed worldwide.

If you have any questions about this Privacy Policy, you can contact us at:
Email: explorebreatherepeat@outlook.com

We are committed to protecting your privacy and handling your personal data in a transparent and secure manner.

By using this website, you agree to the terms of this Privacy Policy.

2. Information We Collect

We may collect and process the following types of personal data:

Information you provide directly:

Name
Email address
Billing and shipping address
Payment and order details
Messages, enquiries, or correspondence
Newsletter sign-ups or blog comments

Information collected automatically:

IP address
Device type, browser, and operating system
Pages visited and time spent on the site
Referral sources
Cookies and usage data

3. How We Collect Information

We collect personal data when you:

Make a purchase
Sign up for our newsletter
Contact us or complete a form
Comment on blog posts
Browse the website (via cookies and analytics tools)

Our website is hosted on Wix, which stores data securely on our behalf.

4. How We Use Your Information

We use your personal data to:

Process and fulfil orders
Deliver products or services
Provide customer support
Send transactional communications (e.g. order confirmations)
Send marketing communications (only where you have opted in)
Improve our website and content
Analyse website performance and usage
Comply with legal obligations

You may unsubscribe from marketing communications at any time.

We do not sell your personal data.

5. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

Contractual necessity (to process orders and provide services)
Legitimate interests (to improve our website and services)
Consent (for marketing communications and certain cookies)
Legal obligation (where required by law)

6. Payments

Payments are processed via secure third-party payment providers. We do not store full payment card details on our servers.

7. Cookies and Tracking

We use cookies and similar technologies to:

Ensure the website functions properly
Remember your preferences
Analyse visitor behaviour
Support marketing and advertising

We use a cookie consent banner to obtain your permission before non-essential cookies are set. You can accept, reject, or customise your cookie preferences at any time.

You can also manage or disable cookies through your browser settings.

8. Third-Party Services

We use trusted third-party providers to operate our website and services, including:

Wix (hosting, website infrastructure, forms, and email systems)
Google Analytics (website analytics, via Wix)

These providers may process your data on our behalf in accordance with their own privacy policies.

We are not responsible for the privacy practices of third-party services.

9. International Data Transfers

We use providers (such as Wix and Google Analytics) that may process personal data outside the United Kingdom.

Where this occurs, appropriate safeguards are in place in line with UK data protection law, such as UK-approved contractual protections or adequacy regulations.

10. Data Security

We take appropriate technical and organisational measures to protect your data, including:

Secure hosting infrastructure (Wix)
SSL encryption
Restricted access to personal data
Use of trusted service providers

However, no system can guarantee complete security.

11. Data Retention

We retain personal data only for as long as necessary for the purposes it was collected, including:

Order and transaction data: up to 6 years (for legal and accounting requirements)
Marketing data: until you unsubscribe or withdraw consent
Contact form and enquiry data: up to 3 years

Data is then securely deleted or anonymised.

12. Your Rights

Under UK GDPR, you have the right to:

Access your personal data
Correct inaccurate data
Request deletion of your data
Withdraw consent at any time
Object to or restrict processing
Request data portability

To exercise these rights, please contact us via email.

We aim to respond within 30 days in line with UK GDPR requirements.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled improperly:
https://www.ico.org.uk

13. Children’s Privacy

This website is not intended for children under 13, and we do not knowingly collect personal data from children.

If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete it.

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

15. External Links

This website may contain links to external websites, including social media platforms. We are not responsible for their content or privacy practices. Please review their policies separately.