Privacy Notice

Personal Data provided to us:

You may provide personal data to us when you:

• visit our website
• join our waitlist or early access programme
• place a deposit or purchase a product
• subscribe to updates or newsletters
• contact us through email, website forms or social media
• communicate with our customer support

The personal data you may provide includes:

• name
• email address
• delivery address
• payment details (processed securely via payment providers)
• communication preferences
• any information you voluntarily provide in messages or enquiries.

It is important that the personal data we hold about you is accurate and kept up to date. Please inform us if your personal information changes.

Personal Data collected by us:

When you visit our website, we may automatically collect certain technical information including:

• IP address
• browser type and version
• device type
• operating system
• pages visited and browsing behaviour
• referring website

This information helps us understand how visitors use our website and allows us to improve the functionality and performance of our services.

Personal Data from other sources:

We may receive limited information from third-party service providers such as:

• payment providers
• website hosting providers
• analytics services (such as Google Analytics)
• email communication platforms

These providers may process personal data on our behalf in order to operate our website, process transactions or deliver communications.

Special Categories of Data:

We do not intentionally collect special category data, such as information relating to:

• health
• political opinions
• religious beliefs
• racial or ethnic origin
• sexual orientation

Our products are designed to support reflection and wellbeing, but we do not request or require users to submit sensitive personal data.

If you choose to voluntarily share such information with us in communications, it will only be used to respond to your enquiry and handled with appropriate confidentiality.

Online Identifiers:

When you visit our website, we may collect certain online identifiers such as your IP address and browsing information through cookies or analytics tools.

These identifiers help us:

• analyse website traffic
• improve website performance
• understand how users interact with our content

For more information, please refer to our Cookie Policy.

To Perform Our Services Under a Contract

We process personal data when it is necessary to perform a contract with you or to take steps prior to entering into a contract.

This may include processing personal data in order to:

• manage early access reservations or deposits
• process payments and purchases
• deliver products to customers
• provide customer support
• communicate with you about your order or reservation
• manage your account or subscription (where applicable)

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided that these interests are not overridden by your rights and freedoms.

Our legitimate interests may include:

• improving and developing our products and services
• analysing how visitors use our website
• maintaining and improving website functionality
• responding to enquiries and feedback
• maintaining the security of our systems
• preventing misuse of our website or services

Fraud Prevention and Security

We may process personal data where necessary to:

• prevent fraud
• protect our systems and website
• ensure the integrity and security of transactions

This processing is carried out under our legitimate interests and, where applicable, our legal obligations.

Legal Obligations

We may process personal data where necessary to comply with legal or regulatory obligations.

This may include obligations relating to:

• financial and accounting records
• taxation requirements
• fraud prevention
• responding to lawful requests from authorities

Marketing Communications

Where you subscribe to updates, join a waitlist or interact with our services, we may send you communications about:

• product updates
• early access opportunities
• launches and announcements
• related news about Between Rituals

Where required by law, we will rely on your consent before sending marketing communications.

You can withdraw your consent at any time by:

• clicking the unsubscribe link in our emails, or
• contacting us directly.

Sensitive Data

Our products are designed to support reflection and wellbeing, but we do not intentionally collect or process special category personal data, such as:

• health information
• political beliefs
• religious beliefs
• sexual orientation

If you voluntarily share such information with us in communications, we will only use it to respond to your enquiry and handle it with appropriate confidentiality.

4.1.

We may share personal data with trusted third-party service providers who support the operation of our website, products and services.

These providers may assist us with services such as:

• payment processing
• website hosting and technical infrastructure
• analytics and website performance monitoring
• email communications and marketing platforms
• order fulfilment and shipping
• customer support tools

Where personal data is shared with third-party providers acting on our behalf, they process the data only in accordance with our instructions and under appropriate contractual safeguards, including Data Processing Agreements (DPAs) where required.

We carry out appropriate due diligence on our service providers to ensure that they maintain appropriate security and confidentiality standards.

4.2. International Transfers

Some of our service providers may process personal data outside the United Kingdom or the European Economic Area (EEA).

Where such transfers occur, we ensure that appropriate safeguards are in place to protect your personal data. These may include:

• an adequacy decision issued by the UK Government;
• Standard Contractual Clauses (SCCs) approved under UK GDPR; or
• other lawful transfer mechanisms permitted under applicable data protection law.

4.3. Legal and Regulatory Disclosure

In certain circumstances we may also share personal data where required to do so by law or where necessary to protect our legal rights.

This may include sharing data with:

• law enforcement authorities
• regulatory bodies
• legal advisers
• fraud prevention agencies

Such disclosures will only take place where we are legally required to do so or where it is necessary to protect our legitimate interests.

4.4. No Sale of Personal Data

We do not sell or trade personal data to third parties.

Customer Orders and Transactions

Personal data relating to purchases, deposits and transactions may be retained for up to 7 years in order to comply with UK financial and tax record-keeping obligations.

Early Access and Waitlist Information

Personal data provided when joining a waitlist or early access programme may be retained for as long as necessary to:

• manage product launches
• communicate updates
• process reservations or deposits

If a user requests deletion or unsubscribes from communications, their data will be removed unless retention is required for legal obligations.

Marketing Communications

Where you have subscribed to receive updates or newsletters, your personal data will be retained until you withdraw your consent or unsubscribe from marketing communications.

Website Analytics

Technical data collected through cookies or analytics tools is retained for a limited period as required for website performance analysis.

When personal data is no longer necessary for the purposes for which it was collected, it will be securely deleted or anonymised.

The Right to Be Informed

You have the right to be informed about how your personal data is collected and used. This Privacy Policy explains how we handle your personal data.

The Right of Access

You have the right to request access to the personal data we hold about you and to obtain a copy of that information.

The Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

The Right to Erasure

You have the right to request the deletion of your personal data in certain circumstances. This is sometimes referred to as the “right to be forgotten.”

The Right to Restrict Processing

You have the right to request that we limit the way we process your personal data in certain situations.

The Right to Data Portability

Where technically feasible, you may request that your personal data be transferred to another organisation or provided to you in a structured, commonly used format.

The Right to Object

You have the right to object to certain types of processing, including processing based on legitimate interests or direct marketing.

Rights Related to Automated Decision-Making

You have rights in relation to automated decision-making and profiling.

BETWEEN RITUALS LTD does not currently use automated decision-making or profiling systems that produce legal or similarly significant effects.

These rights apply to individuals and their personal data. If you would like to exercise any of these rights, please contact us using the details provided in this Privacy Policy. We will respond to requests in accordance with applicable data protection laws.