Brooled WELEDA Shop

cropped-BROOLED-LTD-Logo-Facebook-Cover.png
Facebook Instagram Youtube Icon-tiktok-square
cropped-BROOLED-LTD-Logo-Facebook-Cover.png
  • 009-215-5596

Privacy & Cookie Policy (Brooled’s Weleda Store)

Last updated: 19 February 2026

This Privacy & Cookie Policy explains how BROOLED Ltd (“we”, “us”, “our”) collects, uses, stores and shares your personal data when you visit or shop from weleda.brooled.co.uk (the “Website”), contact us, interact with our services, or purchase from us via connected sales channels. It also explains how we use cookies and similar technologies, including advertising and remarketing tags, and how you can control them.

1. Scope of this policy

This policy applies to visitors, customers, and prospective customers (“you”) who:

  • browse the Website
  • place orders (on our Website or via sales channels such as eBay/Shopify, where applicable)
  • contact us (email, forms, chat)
  • leave reviews or respond to review requests
  • interact with our ads on Google or Meta platforms (Facebook/Instagram)

This policy does not apply to third-party websites or services we link to (for example, payment provider pages or courier tracking pages). Those third parties operate under their own privacy policies.

2. Who we are (Data Controller)

BROOLED Ltd is the data controller responsible for your personal data.

BROOLED Ltd
32 Albany Gardens
Whitley Bay
NE26 2DY
United Kingdom
Company number: 14442396
Email: store@brooled.co.uk

For privacy-related enquiries or to exercise your data protection rights, email store@brooled.co.uk with the subject line “Privacy Request”.

3. Personal data we collect

3.1 Information you provide

We may collect:

  • name
  • email address
  • telephone number
  • billing and delivery address
  • order and purchase details
  • account details (if you create an account)
  • communications with us (emails, contact forms, chat messages)
  • review content you submit (e.g., Trustpilot reviews), where applicable
  • information you choose to submit via forms

Please do not submit special category personal data (e.g., health details) unless it is strictly necessary and you choose to do so.

3.2 Information collected automatically

When you use the Website, we and our service providers may collect:

  • IP address
  • device and browser information
  • pages viewed, clicks, scrolls, navigation paths, time spent
  • approximate location inferred from IP address
  • cookie and similar technology data (IDs, tags, consent signals)

4. How we use your personal data

We use personal data to:

  • process and fulfil orders, including confirmations, dispatch, returns
  • arrange delivery and provide tracking updates
  • take payment and manage refunds, disputes, and chargebacks
  • provide customer support (including live chat)
  • operate, maintain, secure, and improve the Website and store
  • run forms, enquiries, and customer service workflows
  • request, receive, and display reviews (where applicable)
  • send service emails (e.g., order confirmations and delivery updates)
  • send marketing communications/newsletters where permitted
  • measure site performance, conversions, and ad effectiveness
  • run advertising and remarketing (showing ads again to people who previously visited our Website), where permitted
  • prevent fraud and protect our systems
  • comply with legal, tax, and regulatory obligations (including accounting)

5. Legal bases for processing (UK GDPR)

We process personal data under UK GDPR based on:

  • Contract: to process and deliver orders; manage customer service and refunds
  • Legal obligation: tax/accounting, consumer law, and regulatory compliance
  • Legitimate interests: operating and improving services, maintaining security, preventing fraud, understanding performance (where consent is not required)
  • Consent: marketing emails where required and non-essential cookies/tags (analytics/marketing/remarketing) where required

You can withdraw consent at any time (see Sections 12–13).

6. Forms, chat, and communications

6.1 Forms (Forminator, MetForm)

If you contact us using Website forms, we may use tools such as Forminator and/or MetForm to collect the information you submit (for example, name, email, order query, message content). We use this data to respond to enquiries and provide support.

6.2 Live chat (MX-Chat)

If you use our chat feature (MX-Chat), we process the information you submit (such as your name, email, and message content) to respond. Chat services may also process technical data (IP address, device/browser details, timestamps) to operate reliably and prevent misuse.

6.3 Email marketing and newsletters (MailPoet; may also use Mailchimp)

We use MailPoet to manage emails and newsletters. We may also use Mailchimp for newsletters from time to time.

  • You will only receive marketing emails where permitted by law (typically where you have consented, or where a “soft opt-in” applies for existing customers, if applicable).
  • You can unsubscribe at any time using the link in every marketing email.

Service emails (such as order confirmations) are not marketing and may be sent regardless of marketing preferences.

7. Reviews and business listings (Trustpilot, Google Business Profile, Google Reviews)

We may use Trustpilot to request and manage customer reviews. If you leave a review, Trustpilot processes the information you provide under its own privacy terms. We may display or reference reviews on our Website or marketing materials.

We also maintain a Google Business Profile. If you leave a Google Review, Google processes that information under Google’s privacy policies, and the review may be publicly visible depending on your Google account settings.

8. Sales channels and ecommerce platforms (WooCommerce, Shopify, eBay)

8.1 Website store (WooCommerce + related plugins)

We operate the Website using WordPress/WooCommerce and may use supporting plugins such as:

  • ShopLentor (WooCommerce design/features)
  • RankMath SEO (SEO tools and metadata management)
  • GetGenie (content/optimisation assistance)

These tools support store operation and website management. Where any plugin processes personal data (for example, logs, form submissions, or admin activity), access is restricted to authorised users.

8.2 Shopify (where applicable)

If we also sell via Shopify or use Shopify services, Shopify may process order/customer data for those transactions under its own privacy terms and/or as our processor depending on configuration.

8.3 eBay (where applicable)

If you purchase from us via eBay, eBay processes your information for the transaction under its privacy terms. We receive the order details necessary to fulfil your purchase and provide customer service.

9. Payments (Stripe and PayPal)

We use third-party payment providers such as:

  • Stripe (credit/debit cards, subscriptions, Stripe Payment Links)
  • PayPal (single and subscription payments)

We do not store full payment card details.

These providers may process certain data as independent controllers for fraud prevention, compliance, and transaction security under their own privacy notices.

10. Analytics, advertising, SEO and site tools

10.1 Cookie management and consent (CookieYes)

We use CookieYes to display our cookie banner and manage cookie choices. CookieYes helps us store consent preferences and, where applicable, consent logs.

10.2 Security and performance (Cloudflare)

We use Cloudflare to protect the Website and improve performance (including protection against malicious traffic). Cloudflare may process IP addresses, request logs, device data, and security signals. Some Cloudflare cookies/identifiers may be strictly necessary for security.

10.3 Analytics (WP-Statistics, Google Analytics, Google Site Kit)

We use:

  • WP-Statistics
  • Google Analytics
  • Google Site Kit (a WordPress plugin used to connect Google services such as Analytics and Search Console, depending on configuration)

These tools help us understand traffic and website performance. Depending on configuration, they may process usage data, device/browser information, approximate location from IP, and cookie identifiers.

10.4 Advertising and remarketing (Google Ads, Meta Pixel)

We use:

  • Google Ads (including conversion tracking and remarketing)
  • Meta Pixel (Facebook & Instagram) (including conversion tracking and audience building)

These tools help us measure ad performance and, where enabled, show ads to people who previously visited our Website. They may process interaction events (e.g., page views, product views, purchases), device/browser identifiers, and cookie IDs.

10.5 Google services generally

Some of the tools above are provided by Google (for example, Google Analytics, Google Ads, Google Site Kit and Google Business Profile). Google may process personal data in accordance with its own privacy documentation and may process data outside the UK.

11. Sharing your personal data

We share personal data only where necessary and proportionate for the purposes in this policy, including with:

  • Fulfilment partners (e.g., Weleda, where applicable) for order processing and delivery
  • Courier/delivery partners (e.g., Evri, Parcelforce, Royal Mail) to deliver orders and provide tracking
  • Payment processors (Stripe, PayPal) to take payment and prevent fraud
  • Email and newsletter providers (MailPoet; and may use Mailchimp)
  • Review platforms (Trustpilot) for review requests and review management
  • Security/performance providers (Cloudflare)
  • Analytics/advertising providers (Google Analytics, Google Ads, Meta Pixel, WPStatistics, Google Site Kit)
  • Sales channels (eBay/Shopify, where applicable) for orders made through those platforms
  • Accounting providers (Xero) for bookkeeping, reconciliation, and compliance

We may also share data with professional advisers (accountants, legal advisers) where necessary, and disclose data if required by law or in connection with a business sale or restructure.

12. Cookies and similar technologies

12.1 What cookies are used for

We use cookies and similar technologies for:

  • Essential purposes (security, load balancing, checkout, account functions)
  • Analytics (understanding usage and improving performance)
  • Marketing/advertising (measuring ads, conversion tracking, remarketing)
  • Functionality (features such as chat sessions and form handling)

12.2 Consent

Where required by law, non-essential cookies and tags (analytics, marketing/remarketing, and certain functionality cookies) are enabled only after you give consent via our cookie banner (managed by CookieYes).

Essential cookies are used because the Website cannot function properly without them.

13. Managing cookies

You can manage cookies through:

  • our cookie banner / cookie settings (CookieYes), where available
  • your browser settings (block/delete cookies)

Disabling essential cookies may affect core Website functionality (especially checkout and security features).

14. Accounting and records (Xero)

We use Xero for accounting and bookkeeping. This may involve processing transaction records and customer/order information necessary for financial record keeping, reconciliation, tax, and compliance.

15. Hosting and domain infrastructure (Spaceship hosting; Namecheap domains)

We host the Website with Spaceship. Hosting providers may process technical data such as server logs, IP addresses, and security events to provide hosting and security services.

We use Namecheap for domain registration and DNS/domain management. Domain providers may process account and technical configuration details and may maintain records related to domain services.

16. International data transfers

Some providers listed in this policy (including Google, Meta, Mailchimp and others) may process personal data outside the UK. Where this involves a restricted transfer, we use appropriate safeguards such as adequacy regulations and/or approved contractual protections (for example, standard contractual clauses and UK addendum/IDTA where applicable).

17. Data retention and security

17.1 Retention

We keep personal data only as long as necessary for the purposes in this policy, including:

  • fulfilling orders and providing support
  • maintaining business records
  • meeting legal, tax, accounting, and regulatory obligations
  • resolving disputes and enforcing agreements

17.2 Security

We use appropriate technical and organisational measures designed to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure.

18. Your data protection rights

You have the right to:

  • access your personal data
  • request correction of inaccurate data
  • request deletion (in certain circumstances)
  • restrict processing (in certain circumstances)
  • object to processing (including to direct marketing)
  • request data portability (in certain circumstances)
  • withdraw consent at any time (where we rely on consent)
  • lodge a complaint with the UK Information Commissioner’s Office (ICO)

19. How to exercise your rights

Email store@brooled.co.uk with the subject line “Privacy Request” and include enough information for us to verify your identity and locate the relevant data.

20. Contact us

Email: store@brooled.co.uk

Post:
BROOLED Ltd
32 Albany Gardens
Whitley Bay
NE26 2DY
United Kingdom

21. Changes to this policy

We may update this policy from time to time. The most recent version will always be available on the Website, and we will update the “Last updated” date above.