Privacy Policy

Last updated: [4 April 2026]

At MINDCELIUM (“we”, “us”, “our”), we respect your privacy and are committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, and share your personal data when you:

  • visit our website;

  • place an order;

  • contact us;

  • subscribe to our emails;

  • engage with our content, advertising, or social media; or

  • otherwise interact with us.

This policy is intended to help you understand what information we collect, why we collect it, and the choices available to you.

1. Who we are

Data controller: MINDCELIUM HOLDINGS LTD trading as MINDCELIUM
Email:hello@mindcelium.com
Business address: 71-75, Shelton Street, Covent Garden, London, WC2H 9JQ.
Website: www.mindcelium.com

For the purposes of UK data protection law, we are the data controller of the personal data described in this Privacy Policy.

2. The personal data we collect

Depending on how you use our website, we may collect and process the following categories of personal data:

a) Identity and contact data

  • Name

  • Billing address

  • Shipping address

  • Email address

  • Telephone number

b) Order and transaction data

  • Details of products ordered

  • Payment status

  • Order history

  • Delivery information

  • Refund or return information

c) Account and communications data

  • Messages you send to us

  • Customer support enquiries

  • Reviews, feedback, or survey responses

  • Email marketing preferences

d) Technical and usage data

  • IP address

  • Browser type and version

  • Device information

  • Time zone and location data derived from your IP address

  • Pages viewed

  • Site navigation behaviour

  • Referral source

  • Cookie and tracking data

e) Marketing data

  • Whether you open or click our emails

  • Your preferences in receiving marketing from us

  • Information about your interaction with our adverts or campaigns

We do not intentionally collect special category personal data through our website unless you choose to provide it to us directly. Under UK GDPR, special category data needs extra protection and generally requires both a lawful basis and an additional condition for processing. (ICO)

3. How we collect your personal data

We collect personal data:

  • directly from you, when you place an order, complete a form, subscribe to emails, or contact us;

  • automatically, through cookies and similar technologies when you use our website; and

  • from service providers and platforms, such as payment processors, website hosts, analytics providers, email marketing platforms, and delivery partners.

The ICO says individuals must be told what data is collected, the purposes, retention, and who it is shared with, and that this information should be easy to access. (ICO)

4. How we use your personal data

We may use your personal data for the following purposes:

a) To process and fulfil orders

Including payment processing, fraud checks, dispatch, delivery, returns, refunds, and customer service.

b) To manage our relationship with you

Including responding to enquiries, sending service updates, and handling complaints.

c) To send marketing communications

Including email updates, launch announcements, product updates, and promotional messages where permitted by law.

d) To improve our website and customer experience

Including analytics, troubleshooting, testing, and understanding how visitors use our site.

e) To protect our business

Including fraud prevention, platform security, chargeback management, and enforcing our terms.

f) To comply with legal and regulatory obligations

Including accounting, tax, consumer law, and law enforcement requests where applicable.

5. Our lawful bases for processing

Under UK GDPR, we must identify a lawful basis before processing personal data. The ICO also says this should be explained in the privacy notice. (ICO)

We rely on one or more of the following lawful bases:

a) Contract

Where processing is necessary to fulfil your order or take steps at your request before entering into a contract.

b) Legal obligation

Where we need to process data to comply with legal obligations, for example tax, accounting, consumer, or fraud-related requirements.

c) Legitimate interests

Where it is reasonably necessary for our legitimate business interests, such as operating our website, improving services, handling customer support, preventing fraud, and maintaining records, provided those interests are not overridden by your rights.

d) Consent

Where you have given clear consent, such as for certain email marketing or non-essential cookies.

You can withdraw consent at any time, although this will not affect the lawfulness of processing carried out before withdrawal. The ICO specifically states that privacy notices should tell people about the right to withdraw consent where consent is the lawful basis. (ICO)

6. Marketing communications

If you subscribe to our mailing list or otherwise opt in, we may send you marketing emails about products, launches, updates, and promotions.

You can unsubscribe at any time by:

Electronic marketing and cookies are regulated by PECR as well as UK GDPR, and the ICO states that PECR covers unsolicited marketing by email, text, phone, and similar electronic methods. (ICO)

7. Cookies and similar technologies

We may use cookies, pixels, tags, and similar technologies to:

  • keep the website functioning properly;

  • remember your preferences;

  • analyse traffic and performance;

  • understand how visitors use the site; and

  • support advertising and remarketing, where permitted.

Some cookies are strictly necessary for the website to work. Others, such as analytics or advertising cookies, may require your consent.

The ICO states that PECR applies to cookies and similar technologies, including where they are used for online advertising, and that these rules apply even beyond purely personal-data questions. (ICO)

You should also publish a separate Cookie Policy or cookie banner configuration that explains:

  • what cookies you use;

  • whether they are necessary, analytics, functional, or advertising cookies;

  • who sets them; and

  • how users can accept, reject, or manage them.

8. Sharing your personal data

We may share your personal data with trusted third parties where necessary for the purposes set out above, including:

  • website hosting and ecommerce platform providers;

  • payment processors;

  • email and SMS marketing providers;

  • analytics and advertising providers;

  • customer support software providers;

  • delivery and fulfilment partners; and

  • professional advisers, insurers, accountants, legal advisers, and regulators where necessary.

Examples may include providers such as Squarespace, Stripe, Royal Mail, Google, Meta, or your email platform, but this section should be updated to reflect the services you actually use.

We require third parties acting on our behalf to process personal data only as permitted and to apply appropriate security measures.

9. International transfers

Some of our third-party providers may store or process personal data outside the UK.

Where personal data is transferred internationally, we will take steps to ensure appropriate safeguards are in place, such as adequacy regulations or approved contractual protections, where required.

10. How long we keep your personal data

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including to satisfy legal, tax, accounting, reporting, and dispute-resolution requirements.

The ICO says your privacy notice must explain retention periods or, if you do not have exact periods, the criteria you use to decide them. (ICO)

Typical retention periods may include:

  • Order and transaction records: up to 6 years after the end of the relevant financial year, or longer where legally required;

  • Customer service enquiries: up to 24 months after the matter closes;

  • Marketing subscriber data: until you unsubscribe or ask us to delete it, unless we need to retain a suppression record to make sure we do not contact you again;

  • Analytics and cookie data: according to the settings of the relevant platform or cookie tool.

You should adjust these periods to reflect your actual systems and legal advice.

11. Your data protection rights

Under UK GDPR, individuals have rights in relation to their personal data. The ICO says privacy notices should tell people which rights they have and how they can complain. (ICO)

Subject to legal limits, you may have the right to:

  • request access to your personal data;

  • request correction of inaccurate or incomplete data;

  • request erasure of your personal data;

  • request restriction of processing;

  • object to processing based on legitimate interests;

  • request transfer of certain personal data to you or another provider; and

  • withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us at hello@mindcelium.com.

We may need to verify your identity before responding to your request.

12. Complaints

If you have concerns about how we handle your personal data, please contact us first and we will try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection matters. The ICO says privacy notices should explain how people can complain if they are concerned about the way their information is used. (ICO)

13. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration, or disclosure.

However, no system or transmission over the internet can be guaranteed to be completely secure.

14. Third-party links

Our website may include links to third-party websites, plugins, or social media platforms. Clicking those links or enabling those connections may allow third parties to collect or share data about you.

We are not responsible for the privacy practices of third-party websites and encourage you to read their privacy notices.

15. Children

Our website is not intended for children, and we do not knowingly collect personal data from children through the website.

If you believe a child has provided personal data to us, please contact us so we can investigate and, where appropriate, delete it.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our business, website functionality, legal requirements, or the services we use.

The latest version will always be posted on this page with the revised “Last updated” date.

17. Contact us

If you have any questions about this Privacy Policy or about how we handle your personal data, please contact:

MINDCELIUM HOLDINGS LTD trading as MINDCELIUM
Email:hello@mindcelium.com
Address: 71-75, Shelton Street, Covent Garden, London, WC2H 9JQ.