privacy — bhp

what we collect, what we don't, and what you can ask us to do about it. the short version: we collect the minimum needed to ship your order and we don't sell your data.

who we are.

this policy applies to bhpcbd (bhp), a small cbd house operating from brereton heath, cheshire, uk. for data-protection purposes we are the data controller for any personal information you share with us.

questions about your data? bhpcbd@gmail.com.

what we collect.

order details — name, delivery address, billing address, email, phone (optional), and what you bought. needed to fulfil the order.
account info (if you create one) — email and a password hash.
payment — handled by our payment processor. we never see or store full card numbers.
communication — the content of any email you send us and our reply.
site analytics — anonymised pageview and device data (browser, approximate region, referrer). we do not track you across the web.
age-verification check — your confirmation that you are 18+, timestamped. not your date of birth.

what we don't collect.

your medical history, conditions, or reasons for buying.
social-media profiles or activity.
precise location data.
card or bank numbers.

why we use it.

fulfil your orderlegal basis: contract

respond to emailslegal basis: legitimate interest

send order updateslegal basis: contract

send newsletter (opt-in only)legal basis: consent

comply with uk lawlegal basis: legal obligation (accounting, age-18+)

who we share it with.

royal mail — delivery address and name, to deliver your parcel.
our payment processor — so your payment clears.
our email provider — to send order confirmations and replies.
hmrc — if required for accounting or tax.

we do not sell, rent, or share your data with advertisers, data brokers, or marketing companies. ever.

how long we keep it.

order records — 6 years (uk accounting requirement).
account details — until you ask us to delete them.
newsletter list — until you unsubscribe.
email support threads — up to 24 months, then deleted.

cookies.

we use a small number of cookies to keep your cart working and measure anonymous site traffic. we do not use advertising cookies. you'll see a cookie banner on your first visit to set your preferences.

your rights.

under uk gdpr you can ask us to:

show you the data we hold about you (a "subject access request")
correct anything that's wrong
delete your data (with some legal exceptions, like accounting records)
send it to you in a portable format
stop processing it for marketing

email bhpcbd@gmail.com and we'll respond within 30 days. if you think we've mishandled your data you can complain to the ico: ico.org.uk.

this page was written in plain english on purpose. if anything's unclear, ask us.

privacy, plainly.