Privacy Policy

This Privacy Policy explains how Shiningpurificat.site (“we”, “us”, “our”) collects, uses, stores, shares, and protects personal data when you visit or interact with our website. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and the Privacy and Electronic Communications Regulations 2003 (PECR) where cookies or similar technologies are involved.

This policy applies to visitors and users in the United Kingdom. If you access the site from another country, local laws may also apply.

Last updated: 15 May 2026

1. Who is responsible for your data?

The data controller responsible for personal data processed through this website is:

Data controller: Shiningpurificat.site
Registered address: 12 Booth St, Manchester M2 4AW, United Kingdom
VAT registration number: GB161408287
Email: talk@shiningpurificat.site
Telephone: +44 161 408 2874

For any request relating to data protection, please email us using the subject line Data Protection Request. We may ask for reasonable information to confirm your identity before responding, to protect your data from unauthorised disclosure.

We have assessed that appointing a Data Protection Officer is not mandatory for our current activities under UK GDPR Article 37. Privacy enquiries should be sent to the contact details above.

2. What personal data we collect

We may collect and process the following categories of personal data:

Identity and contact data: name and email address when you submit our contact form.
Communication data: the content of your message and any information you choose to include.
Consent records: confirmation that you agreed to data processing (GDPR checkbox) and your cookie consent choices, including timestamps.
Technical data: IP address, browser type and version, device type, operating system, referral source, pages viewed, and approximate date/time of access.
Usage data: aggregated information about how the website is used, where analytics cookies are enabled with your consent.

Sources of data: directly from you (for example via forms), automatically through cookies and similar technologies, and from service providers that support hosting, security, email delivery, or analytics (acting on our instructions).

We do not intentionally collect special category data (such as health data) through standard website forms. Please do not send sensitive personal information unless it is necessary for your enquiry. If you do, you consent to our processing it solely to handle your message.

Our contact form uses POST (not GET) so your details are not placed in the page URL. This is a static site: messages are not stored in a database by the form itself — we handle replies by email. Do not submit card or payment details through the form.

Our website is intended for adults. We do not knowingly collect personal data from children under 13. If you believe a child has provided data, contact us and we will delete it promptly.

3. How we use your data and lawful bases

Under UK GDPR, we must have a lawful basis for each processing activity. The table below summarises our main purposes:

Responding to enquiries — to read, respond to, and keep a record of messages sent via the contact form.
Lawful basis: legitimate interests (Article 6(1)(f) UK GDPR) in operating our website and communicating with users; where you give explicit consent via the form checkbox, also consent (Article 6(1)(a)).
Website operation and security — to deliver pages, prevent fraud and abuse, maintain logs, and protect the site.
Lawful basis: legitimate interests (Article 6(1)(f)); where required, compliance with a legal obligation (Article 6(1)(c)).
Cookie consent management — to store and honour your cookie preferences.
Lawful basis: legitimate interests and, for non-essential cookies, your consent under PECR and UK GDPR Article 6(1)(a).
Analytics — to understand aggregated traffic and improve content, only if you opt in to analytics cookies.
Lawful basis: consent (Article 6(1)(a) UK GDPR and PECR).
Marketing measurement — only if you opt in to marketing cookies, to measure campaign effectiveness where such tools are configured.
Lawful basis: consent (Article 6(1)(a)).
Legal and regulatory compliance — to comply with applicable law, respond to lawful requests, or establish, exercise, or defend legal claims.
Lawful basis: legal obligation (Article 6(1)(c)) or legitimate interests (Article 6(1)(f)).

Where we rely on legitimate interests, we have balanced our interests against your rights and freedoms. You may object to processing based on legitimate interests as described in section 8 below.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Who we share data with

We do not sell your personal data. We may share data with the following categories of recipients where necessary and subject to appropriate safeguards:

Hosting and IT providers — to store and run the website securely.
Email and communication providers — to deliver and manage messages you send to us.
Analytics providers — only where you have consented to analytics cookies.
Professional advisers — lawyers, accountants, or insurers where reasonably required.
Regulators and authorities — where required by law or to protect rights and safety.

These parties act as processors under Article 28 UK GDPR where they process data on our behalf, under written contracts that require them to protect your data and process it only on our documented instructions.

5. International transfers

We aim to store and process personal data within the United Kingdom. If any service provider transfers data outside the UK, we ensure appropriate safeguards are in place, such as:

an adequacy regulation under UK GDPR Article 45 (countries recognised as providing adequate protection);
the UK International Data Transfer Agreement (IDTA); or
the UK Addendum to the EU Standard Contractual Clauses, where applicable.

You may request further information about safeguards for specific transfers by contacting us.

6. How long we keep your data

We retain personal data only for as long as necessary for the purposes set out in this policy, unless a longer period is required by law:

Contact form enquiries: up to 12 months after the last message in the thread, unless needed longer for legal, tax, or dispute purposes.
Cookie consent records: up to 13 months, or as needed to demonstrate valid consent.
Server and security logs: typically up to 90 days, unless extended for incident investigation.
Analytics data (with consent): according to the retention settings of the analytics provider, generally between 14 and 26 months for standard configurations.

When retention periods end, we delete or anonymise data where possible.

7. How we protect your data

We implement appropriate technical and organisational measures, including:

HTTPS encryption for data in transit;
access controls limiting who can view personal data;
secure hosting environments and regular software updates;
confidentiality obligations for anyone handling personal data on our behalf.

No online transmission or storage is completely secure. If you have reason to believe your interaction with us is no longer secure, please contact us promptly.

In the event of a personal data breach likely to affect your rights and freedoms, we will notify the ICO within 72 hours where required and inform affected individuals without undue delay when legally necessary.

8. Your rights under UK law

Subject to conditions and exemptions in UK GDPR, you may have the following rights:

Right of access — to obtain confirmation of whether we process your data and a copy of it.
Right to rectification — to correct inaccurate or incomplete data.
Right to erasure — to request deletion in certain circumstances (“right to be forgotten”).
Right to restrict processing — to limit how we use your data in certain cases.
Right to object — to object to processing based on legitimate interests, including direct marketing where applicable.
Right to data portability — to receive data you provided in a structured, commonly used format, where processing is based on consent or contract and carried out by automated means.
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting lawfulness of processing before withdrawal.

To exercise any right, email talk@shiningpurificat.site with the subject Data Protection Request. We aim to respond within one calendar month, which may be extended by up to two further months for complex requests, as permitted by UK GDPR Article 12.

We do not charge a fee unless your request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or refuse the request as allowed by law.

9. Complaints to the supervisory authority

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Website: https://ico.org.uk/
Helpline: 0303 123 1113
Make a complaint: https://ico.org.uk/make-a-complaint/

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. The “Last updated” date at the top shows when it was last revised. Material changes will be posted on this page. We encourage you to review this policy periodically.

Related documents: Cookie Policy | Terms of Use

11. Disclaimer

This website provides general lifestyle information only and does not constitute professional or medical advice.