Privacy Policy

This Privacy Policy explains how Middling Commons (“we”, “us”, or “our”) collects, uses, shares, and protects your personal information when you visit our website, interact with our content, or purchase our services or products. We are a UK-based business: 79 Reid Place East, Samanthamouth, DD1 2NF, UK (Company Reg. No.: 11642034). If you have questions, contact [email protected].

1. Data controller

Middling Commons is the controller of your personal data for the purposes described in this Policy. Our contact details are provided in Section 12.

2. What we collect

2.1 Information you provide

Contact details: name, email, phone number, and message content submitted via our contact form or email.
Order and billing details: delivery name, address, email, phone, payment confirmation IDs (processed by our payment partners; we do not store full card numbers).
Account or booking details: preferences or notes you share for consultations or services.

2.2 Information collected automatically

Usage and device data: IP address, device type, browser, pages visited, referring URLs, and timestamps.
Cookies and similar technologies: analytics and experience cookies to understand usage and improve the site. See Section 6 (Cookies).

2.3 Information from third parties

Analytics and advertising partners: aggregated insights and event data (e.g., Google Analytics, Meta Pixel).
Payment and fulfilment providers: transaction confirmation and fraud-prevention signals.

3. How we use your data and legal bases

Provide and improve our site and services, respond to enquiries, process orders and bookings (Contract, Legitimate Interests).
Customize content and measure performance (Legitimate Interests, Consent where required).
Send service communications and, with consent, marketing updates (Contract/Legitimate Interests; Consent for marketing).
Prevent fraud, secure our systems, and comply with legal obligations (Legitimate Interests, Legal Obligation).

Where we rely on consent, you can withdraw it at any time (see Section 7). Where we rely on legitimate interests, we balance our interests against your rights and expectations.

4. Sharing your information

Service providers (processors): hosting, analytics, email, payment processing, and customer support tools under appropriate contracts.
Legal and compliance: when required by law, regulation, or to protect rights, safety, and security.
Business transfers: in the case of a merger, acquisition, or sale of assets, your data may be transferred under appropriate safeguards.

We do not sell your personal data.

5. International transfers

Your information may be processed outside the UK/EEA (e.g., by global providers such as Google or Meta). Where this occurs, we rely on adequacy decisions or Standard Contractual Clauses and implement additional safeguards as needed.

6. Cookies and similar technologies

We use cookies to run our site, measure performance, and improve your experience.

Strictly necessary: required for core site functionality.
Analytics: help us understand traffic and usage (e.g., Google Analytics).
Experience: remember preferences and enhance features.

You can control cookies using the banner on our site. Click “Customize” to adjust analytics and experience cookies. You can also manage cookies in your browser settings or use tools such as the Google Analytics Opt-out Add-on.

7. Your rights (UK GDPR)

Access your personal data and request a copy.
Rectify inaccurate or incomplete data.
Erase data in certain circumstances.
Restrict or object to processing, including direct marketing.
Data portability where applicable.
Withdraw consent where processing is based on consent.
Lodge a complaint with the UK ICO: ico.org.uk.

8. Data retention

Contact enquiries: up to 24 months after last interaction.
Order and invoicing records: up to 6 years to meet tax and accounting obligations.
Analytics data: typically 14–26 months (as configured with the provider).

We keep data only as long as necessary for the purposes described or as required by law.

9. Security

We implement administrative, technical, and organizational safeguards to protect your data. However, no internet transmission is 100% secure. Please take care with the information you submit.

10. Children’s privacy

Our site and services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us personal data, contact us so we can delete it.

11. Third-party services

We may link to third-party sites (e.g., social networks). Their privacy practices are governed by their policies. Notably, we use Google Analytics and Meta (Facebook) Pixel to understand site usage and improve content.

12. Contact us

Email: [email protected]
Phone: +44 0944 843450
Address: 79 Reid Place East, Samanthamouth, DD1 2NF, UK

13. Changes to this Policy

We may update this Policy from time to time. We will post the new version on this page and update the “Last updated” date below.

Last updated: