Privacy Policy

Last Updated: 02/06/2026

  1. Introduction

Mystic Wellness Distributions Ltd (“we”, “us”, “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website, create an account, place an order, contact us, subscribe to marketing communications, or otherwise interact with us.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and other applicable data protection laws.

This Privacy Policy should be read together with our Cookie Policy and any additional privacy notices that we may provide from time to time.

  1. Who We Are

Mystic Wellness Distributions Ltd is the Data Controller responsible for your personal data.

Company Number: 16501712

Registered Address: 98 Semley Road, Norbury London SW16 4PJ

Email: info@mysticwellnessdistributions.co.uk

Telephone: 07871 176758

As the Data Controller, we are responsible for deciding how your personal data is collected, used, stored, and protected. We determine the purposes and means of processing your personal data.

  1. Interpretation

References in this Privacy Policy to applicable laws, regulations, legislation, or statutory provisions include any amendments, extensions, consolidations, replacements, re-enactments, or subordinate legislation made under them from time to time.

Headings are provided for convenience only and do not affect the interpretation or construction of this Privacy Policy.

  1. Contacting Us About Privacy

We have not appointed a formal Data Protection Officer because we are not legally required to do so.

If you have any questions about this Privacy Policy, your personal data, or your privacy rights, please contact us using the details above.

We will endeavour to respond to all privacy-related enquiries promptly and in accordance with applicable legal requirements.

  1. The Personal Data We Collect

The personal data we collect depends on how you interact with us.

When you place an order, create an account, subscribe to updates, contact us, or browse our website, we may collect information that helps us provide our products and services effectively.

This may include your name, billing and delivery addresses, email address, telephone number, account login information, purchase history, order details, customer service communications, reviews, testimonials, and marketing preferences.

When you visit our website, we may automatically collect certain technical information such as your IP address, browser type, device information, operating system, pages viewed, referring websites, and information obtained through cookies and similar technologies.

We collect only the information that is reasonably necessary for the purposes described in this Privacy Policy.

  1. Special Category Data

We do not intentionally collect special category personal data.

Special category data includes information relating to health, racial or ethnic origin, religious beliefs, political opinions, trade union membership, genetic data, biometric data, sexual orientation, or sex life.

We ask that customers do not submit such information unless specifically requested by us and where there is a lawful basis for processing it.

  1. How We Collect Personal Data

Most personal data is collected directly from you when you:

  • Place an order
    • Create an account
    • Contact us
    • Subscribe to marketing communications
    • Submit reviews or feedback
    • Browse our website

We may receive information from trusted third parties, including payment providers, delivery companies, fraud prevention services, analytics providers, and social media platforms where you interact with our business through those services.

In some circumstances, we may obtain information from publicly available sources where this is lawful and relevant to our business activities.

  1. If You Do Not Provide Personal Data

Certain information is necessary for us to process and fulfil orders.

If you choose not to provide information that is required for contractual or legal purposes, we may be unable to provide products, services, customer support, or other requested services.

  1. How We Use Personal Data

We use personal data to operate our business efficiently, provide products and services, communicate with customers, and comply with our legal obligations.

In particular, we may use personal data to:

  • Process and fulfil orders
    • Manage customer accounts
    • Process payments and refunds
    • Deliver products
    • Respond to enquiries and provide customer support
    • Verify transactions and prevent fraud
    • Improve website functionality and performance
    • Send marketing communications where permitted
    • Manage reviews, feedback, and testimonials
    • Comply with legal and regulatory obligations
    • Maintain business records
    • Establish, exercise, or defend legal claims

Where customers create an account on our website, we use account information to facilitate future purchases, maintain account security, provide order tracking, and improve the overall customer experience.

We may also process personal data in connection with returns, refunds, exchanges, warranty enquiries, complaints, and customer service matters relating to products purchased from us.

Where necessary, we may use customer contact information where necessary to comply with legal obligations or protect vital interests, including product safety communications, regulatory notices, or information relating to the safe use of products purchased from us.

Such communications may be sent irrespective of marketing preferences where necessary to protect customers or comply with legal obligations.

  1. Lawful Bases for Processing

Data protection law requires us to have a valid legal basis before processing personal data.

Depending on the circumstances, we may rely upon:

  • Performance of a Contract
  • Where processing is necessary to fulfil an order, deliver products, provide customer support, process payments, or otherwise meet our contractual obligations.
  1. Legal Obligation

Where processing is necessary to comply with laws and regulations, including tax, accounting, consumer protection, and regulatory requirements.

We will always identify and document the lawful basis for processing personal data prior to collection or use.

  1. Legitimate Interests

Where processing is necessary for legitimate business purposes, provided those interests do not override your rights and freedoms.

Our legitimate interests include fraud prevention, website security, business administration, customer support, service improvement, debt recovery, obtaining legal advice, exercising legal rights, defending legal claims, and maintaining the security and integrity of our business operations.

  1. Consent

Where required by law, we rely on consent. This includes certain marketing activities and the use of non-essential cookies.

You may withdraw consent at any time.

  1. Payment Processing

All payments are processed securely through third-party payment providers such as Stripe or PayPal.

We do not store full payment card details on our systems.

Payment providers process payment information in accordance with their own privacy policies and industry security standards, including PCI-DSS requirements.

  1. Sharing Personal Data

We may share personal data with trusted third parties where necessary to operate our business and fulfil our obligations.

This may include payment processors, delivery and courier companies, website hosting providers, IT service providers, security providers, marketing platforms, professional advisers, insurers, auditors, and regulatory authorities.

We may also disclose information where required by law, court order, or regulatory request.

We do not sell, rent, or trade personal data to third parties.

Where third-party service providers process personal data on our behalf, they are required to process personal data only in accordance with our instructions and applicable data protection laws.

  1. Business Transfers

If our business is sold, merged, restructured, refinanced, or transferred, personal data may form part of the transferred assets.

Any such transfer will be conducted in accordance with applicable data protection laws.

  1. International Transfers

Some of our service providers may be located outside the United Kingdom.

We carefully select third-party service providers that assist us in operating our business. These providers may include payment processors, delivery companies, website hosting providers, analytics providers, marketing platforms, customer support providers, fraud prevention services, and IT support providers.

Where third parties process personal data on our behalf, we take reasonable steps to ensure they process personal data securely, lawfully, and only for authorised purposes.

Where personal data is transferred internationally, we take appropriate steps to ensure that adequate safeguards are in place to protect personal data.

These safeguards may include the UK International Data Transfer Agreement (IDTA), the UK Addendum to Standard Contractual Clauses, or transfers to countries recognised by the UK Government as providing an adequate level of protection.

  1. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.

Order and transaction records are generally retained for six years to comply with tax, accounting, and legal obligations.

Customer account information is retained while an account remains active and for a reasonable period afterwards.

Marketing information is retained until consent is withdrawn or the individual opts out of marketing communications.

Retention periods may be extended where necessary to comply with legal obligations or to establish, exercise, or defend legal claims.

  1. Account Closure

Where customers close their accounts, certain information may continue to be retained where necessary to comply with legal obligations, resolve disputes, prevent fraud, maintain business records, or enforce contractual rights.

  1. Deletion of Personal Data

Individuals may request deletion of their personal data in accordance with applicable data protection laws.

We will consider all requests and delete personal data where required by law. However, we may retain information where necessary to comply with legal obligations, resolve disputes, prevent fraud, enforce agreements, maintain business records, or establish, exercise, or defend legal claims.

  1. Data Security

Protecting personal data is important to us.

We implement appropriate technical and organisational measures designed to protect information against unauthorised access, loss, misuse, disclosure, alteration, or destruction.

These measures may include encryption, secure servers, access controls, authentication procedures, malware protection, security monitoring, and confidentiality requirements.

We regularly review and update our security measures to reflect technological developments and emerging risks.

While we take reasonable precautions, no method of internet transmission or electronic storage can be guaranteed to be completely secure.

  1. Fraud Prevention and Security

We take fraud prevention seriously. To protect our customers and business, we may process transaction information, device information, behavioural data, and verification information to identify suspicious activity, prevent fraud, investigate misuse, and maintain website security.

This processing is carried out on the basis of our legitimate interests in maintaining a secure environment for customers and business operations.

  1. Personal Data Breaches

In the event of a personal data breach, we will follow our legal obligations under UK data protection law.

Where required, we will notify the Information Commissioner’s Office (ICO) and affected individuals within the timescales required by law.

24.  Soft Opt-In Marketing

Where permitted by law, we may send marketing communications relating to similar products or services to existing customers. Customers will always be given the opportunity to opt out of such communications.

  1. Marketing Communications

Where permitted by law, we may send information about products, services, promotions, offers, and updates that we believe may be of interest.

Marketing communications may be sent by email, SMS, WhatsApp, or similar channels.

Where consent is required, marketing communications will only be sent after valid consent has been obtained.

You may opt out of marketing communications at any time by using the unsubscribe link, replying STOP where available, adjusting your preferences, or contacting us directly.

  1. Service and Administrative Communications

We may send non-marketing communications where necessary to administer customer accounts, process orders, provide customer support, notify customers of changes to products or services, provide security notifications, issue product safety notices, or comply with legal obligations.

Such communications may be sent regardless of marketing preferences where necessary for contractual, legal, or legitimate business purposes.

  1. Reviews and Testimonials

If you voluntarily submit reviews, testimonials, ratings, or feedback, we may publish or use that content for customer information, promotional, or marketing purposes.

We reserve the right to moderate, edit, remove, or anonymise content where appropriate or where required by law.

28.  Product Review Platforms

We may share limited information with independent review platforms to facilitate the collection and publication of customer reviews.

  1. Cookies and Tracking Technologies

Our website uses cookies and similar technologies including pixels, tags, web beacons, scripts, and local storage technologies. Full details are available in our Cookie Policy.

These technologies help us operate our website, improve performance, analyse visitor behaviour, enhance security, and provide certain marketing functions where consent has been provided.

Further information is available in our Cookie Policy.

  1. Data Analytics and Website Improvement

We may use aggregated, statistical, and anonymised information derived from website usage data to analyse trends, improve website performance, enhance customer experience, develop products and services, and support business decision-making.

Information used for these purposes does not identify individual users.

  1. Children’s Privacy

Our products and services are not directed towards individuals under the age of 18.

We do not knowingly collect personal data from children.

If we become aware that personal data has been collected from a child without appropriate authorisation, we will take reasonable steps to delete that information.

  1. Automated Decision-Making

We do not currently carry out automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

If automated decision-making is introduced in the future, we will ensure appropriate safeguards are implemented, including the right to obtain human intervention.

We will update this Privacy Policy and provide any information required by law.

  1. Your Rights

Under UK data protection law, you have a number of important rights regarding your personal data.

These rights include the right to request access to your personal data, request correction of inaccurate information, request deletion of information in certain circumstances, restrict processing, object to processing, request data portability, withdraw consent where consent is relied upon, and lodge a complaint with the Information Commissioner’s Office.

You also have the right to restrict processing of your personal data in certain circumstances, including where accuracy is contested or processing is unlawful.

These rights may vary depending on the legal basis and circumstances of processing.

Before responding to certain requests, we may request additional information to verify the identity of the individual making the request and to protect personal data from unauthorised disclosure.

We will consider and respond to all requests in accordance with applicable legal requirements.

These rights are not absolute and may be subject to limitations, exemptions, or conditions under applicable law. We will explain any applicable restrictions when responding to a request.

  1. Response Times

Before fulfilling certain requests, we may ask for reasonable evidence of identity to ensure personal data is not disclosed to unauthorised individuals.

We normally respond to valid requests within one month.

Where requests are particularly complex or numerous, we may extend this period by up to two additional months as permitted by law.

  1. Third-Party Websites

Our website may contain links to third-party websites and services.

We are not responsible for the privacy practices, security measures, content, or policies of external websites.

Users should review the privacy policies of third-party websites before providing personal information.

  1. Data Accuracy and Minimisation

We take reasonable steps to ensure that personal data is accurate, relevant, and limited to what is necessary for the purposes described in this Privacy Policy.

We regularly review the personal data we hold and take reasonable steps to ensure that information that is no longer required is securely deleted or anonymised where appropriate.

We encourage customers to notify us promptly if their information changes.

  1. Complaints

If you have concerns about how we handle personal data, we encourage you to contact us first so that we can attempt to resolve the issue.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time.

Further information is available at: https://ico.org.uk

You also have the right to seek a judicial remedy if you believe your data protection rights have been infringed.

  1. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect legal, regulatory, operational, or technological developments. Any changes will be published on this page together with an updated “Last Updated” date.

  1. Contact Us

Mystic Wellness Distributions Ltd

98 Semley Road, Norbury, London SW16 4PJ

Email: info@mysticwellnessdistributions.co.uk

Telephone: 07871 176758

If you have any questions regarding this Privacy Policy or our privacy practices, please contact us.

  1. Acknowledgement

By accessing our website, creating an account, placing an order, contacting us, or otherwise interacting with us, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy explains how we collect, use, store, share, and protect personal data and does not limit or exclude any rights available to individuals under applicable data protection laws.

Where consent is required for specific processing activities, such consent will be obtained separately in accordance with applicable legal requirements.

Search