Join Us




Sangha Privacy Policy


Data protection is a matter of trust and we would like to give you the assurance that your data is in good hands with us. The protection and legally compliant collection, processing and use of your data is an important concern for us. This policy explains how your personal information is collected, used and disclosed by Seasonal Sangha Limited. It also tells you how you can access and update your personal information, which in turn allows you to make certain choices about the use of your personal information.


Who is responsible for

The company responsible within the meaning of the European General Data Protection Regulation (GDPR) and the UK’s Data Protection Act (DPA) for data processing is:


Seasonal Sangha Limited 

Bishops Cottage, The Batch, 

Priddy, Wells, BA5 3BD, 

United Kingdom 

Company Number 13510463


In the following, “we”, “us” or “Seasonal Sangha”. 


You can reach us at or at our above-mentioned postal address  or by using our Contact Form.

When you use our website

Each time you visit, we collect the technical access data that your browser automatically transmits to our server in the course of page requests. The access data includes the following information in particular:


  • Date and time of access;
  • Address of the pages called up and the requesting pages;
  • Content of the request (addresses and names of the requested files);
  • Information on the browser or app used and the operating system (versions, language settings);
  • Online identifiers (e.g. IP address, device identifiers, session IDs);
  • Error messages, if applicable (if the requested content cannot be displayed); and
  • the page you previously visited from which you accessed a page of via a link.


During your visit, your access data is automatically stored in the server log files of our server and then anonymised by shortening or deleting your IP address. It is then no longer possible to draw any direct conclusions about you on the basis of the server log files.


In addition, during your visit to, we record information that you actively provide to us by using the functions provided. For example, we find out which products you are interested in when you save an item to your wish list or use the search function.



We use a variety of cookies. These can be cookies set by us (“Seasonal Sangha cookies”) and cookies from third-party providers. A cookie is a standardised text file that is stored by your browser for a period of validity determined in advance by the respective provider. Cookies enable the local storage of information such as language settings, shopping basket contents and temporary identification features, which can be retrieved on subsequent web site visits in order to reload the corresponding settings. You can view and delete the cookies used in the security settings of your browser. You can configure your browser settings according to your wishes and thus, for example, reject the acceptance of cookies from third-party providers or reject all cookies. Please note that in this case you may not be able to use all the functions of our website. For further information on the Cookies we use, please refer to our Cookie Policy. For more general information on cookies, please visit All About Cookies.


When you register for a Seasonal Sangha customer account

In order to shop in our Seasonal Sangha Online Shop or sign up for a Sangha Membership, you need a personal Seasonal Sangha customer account.


If you register for a Seasonal Sangha customer account, we will set up password-protected direct access to your master data stored with us (e.g. name, address, phone number, e-mail address, payment data, order data ordered products, and other details (e.g. which type of membership you have purchased whether The Seed, The Bloom, or Life Time). The mandatory details required for registration are usually marked separately, e.g. with an asterisk (“*”). In the case of voluntary information, we indicate why we are requesting this information. In addition, for security reasons, we temporarily store the IP address used by you during registration.


Registering in our Seasonal Sangha Online Shop makes it easier for you to shop with us in the future and provides you with a personalised and simple shopping experience. For example, your address and payment methods will be preselected for your next order. The customer account also allows us to store your data (e.g. order data and  lists the products you have previously purchased).


You can delete your Seasonal Sangha customer account and the data stored in it at any time. To do so, simply send us an informal message, e.g. by e-mail to or use our contact form. Please note: The deletion of your customer account does not automatically extend to the order transactions and the personal data stored for them.


When you order something 

We record which products you order. We also store data that is directly related to the processing of your orders. Order data includes in particular:


  • Details of the products ordered, such as item numbers and size.
  • E-mail address
  • Invoice and delivery address
  • Payment data
  • Order numbers


If you have made a purchase of goods and services from us, we are entitled to send you information about our own similar goods and services via the e-mail address sent when you made the purchase. You can object to this use of your e-mail address at any time.


When you contact us

If you contact us via the contact form on our web site, by e-mail, by phone or by any other means, we will collect the communication data that arises in the process. Depending on which channel you use to contact us, this may include, for example, your contact details (such as your email address or phone number) and the content of your message to us. We only record phone conversations with Seasonal Sangha Customer Service if you have expressly consented to this (e.g. for training or quality purposes).


We also use social networks such as Facebook, YouTube and Instagram to communicate with our customers. Please note that Seasonal Sangha has no influence on the terms of use of the social networks and their data processing practices. Please therefore check carefully what personal data you share with us via the social networks.


If you subscribe to the Seasonal Sangha newsletter

Insofar as you have registered for the Seasonal Sangha newsletter, we store the data you have provided for this purpose for the purpose of compiling and sending the newsletter.


The newsletter is sent by e-mail. You will only receive the newsletter after registering for the newsletter. In order to meet the requirements of the GDPR and the DPA, we use the so-called DOI procedure (“double opt-in”). If you register for our newsletter, you will receive a confirmation e-mail to the electronic mailbox named by you in the input field. This e-mail contains a confirmation link which you must click on.  Only after completing this step, you have successfully registered for the newsletter. To carry out the procedure, the IP address, date and time of registration are stored. This is to prevent misuse. The data is passed on to our dispatch service provider in order to deliver the newsletter to you.


The legal basis for data processing is your consent. Existing customers may receive newsletters from us who have not given explicit consent. Our legitimate interest is to inform our existing customers about our products through promotional e-mails and thus to maintain contact with these customers. We will only process your data for as long as is necessary to fulfil the purpose for which it was collected and for as long as there are no legal or official retention obligations that prevent us from deleting it.


Our newsletters are sent via the dispatch service provider MailChimp. The data processing is carried out by The Rocket Science Group LLC. The e-mail addresses of our newsletter recipients, as well as their other data described in these notes, are stored on MailChimp’s servers. MailChimp uses this information to send and evaluate the newsletter on our behalf. MailChimp does not use the data of our newsletter recipients and does not pass them on to third parties. The newsletters contain a so-called “tracking pixel”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. In the course of this retrieval, information such as information about your system, your IP address and the time of the retrieval are collected. The statistical surveys also include the determination of whether the newsletters are opened, how often they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients, but it is neither our nor MailChimp’s intention to observe individual users. 


Your personal data will be stored until you unsubscribe from the newsletter and, after unsubscribing from the newsletter distribution list, may be stored in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. The data will be permanently deleted if you submit a deletion request to us. For this purpose, please contact our data protection officer.


You have the possibility to revoke your consent at any time. To do so, please contact us. If you have any questions regarding data security at MailChimp, you must contact MailChimp.


Blog and Profile Data

Within the Blog you may be able to display certain personal information, share certain details, engage with others, exchange knowledge and insights, post and view relevant comment. Comment and data is publicly viewable. You have choices about the information on your comment. You don’t have to provide additional information on your comment; however, profile information helps you to get more from our Services. It’s your choice whether to include sensitive information in your comment and to make that sensitive information public. Please do not post or add personal data in your comment that you would not want to be available.


For what purposes does Seasonal Sangha use my data?

When you visit, we process the access data, server log files and cookies that arise in the process in order to provide you with the content and functions you have called up and to ensure the stability and security of our IT systems and databases.


If you use with your Seasonal Sangha customer account, the legal basis is the performance of contract  and/ or pre-contractual measures.


If you use without logging in, the legal basis is our legitimate interest.


Contract fulfilment

We process your data for the performance of contracts concluded with you and for the provision of services at your request. The purposes are primarily based on the specific content of the contract or the purpose of the services you have requested. The legal basis for this data processing is the performance of contract  and/ or pre-contractual measures.


Customer service and communication in the context of existing customer relationships

We process your data to carry out our customer service. This includes, for example:


  • Processing of your concerns and enquiries
  • Non-commercial communication with you 


The legal basis for this data processing is the performance of contract  and/ or pre-contractual measures.


Payment processing

Depending on which payment method has been agreed, we pass on the data required for payment processing (e.g. direct debit or credit card data) to the payment service provider commissioned with the payment. In some cases, the payment service providers also collect this data themselves on their own responsibility. In this respect, the privacy policy of the respective payment service provider applies.The transfer of your data to the external payment service providers is based on the performance of contract.


Our payment service provider for payments by credit card is Stripe, 510 Townsend Street San Francisco, CA 94103 United States. So that you do not have to re-enter your card details each time you make a purchase by credit card, your cards are stored in encrypted form for 36 months on our behalf by Stripe. The legal basis for this is our legitimate interest in making future purchases easier for you. For this purpose, Stripe provides us with an individual pseudo card number for your deposited credit card for each credit card you use, which only takes the last 3 digits of your real credit card number. This enables us to offer you payment with your last credit card used during the next payment process by entering the last 3 digits of your real card number without saving your real credit card data or having to transfer them to us again from Stripe during the payment process. You then only have to enter the check digit which is transmitted to Stripe. This procedure increases the protection of your credit card data, which can remain under lock and key at Stripe during the entire process. This fulfils the requirements of the cross-industry regulatory standards in payment transactions (PCI-DSS regulations). If you then select the credit card for payment, we only transmit the pseudo card number and the check digit in encrypted form to Stripe and Stripe then recognises which credit card number stored in the system is to be charged on the basis of the pseudo card number.


If you decide to pay by credit card in the check-out process, a two-stage risk or authentication check is carried out by your credit card company. For this purpose, the following data will be transmitted to the credit card company in a first step:


  • Your name (title, first name, surname)
  • your address
  • If you have a different delivery address, 
  • Your e-mail address.


If the transmitted data show deviations that could indicate an increased risk, a second level of verification is carried out, in which an additional interaction of the cardholder is required (request for a second factor).


Stripe is commissioned as our processor for the technical control of payment transactions including the implementation of customer authentication. Further recipients are the banks involved -the card-issuing bank – the issuer – and our bank as the credit card-accepting bank – the acquirer.


The data is transferred for the following purposes and is based on the following legal grounds:


a) Execution of the contract

b) Obligation for customer authentication 

c) Prevention of card misuse


Internal market research, optimisation and further development of our offer and service

We use your access data and the data you provide (e.g. master data, order data, returns data) for internal statistical and market research purposes. Before doing so, we pseudonymise or anonymise your data, e.g. by replacing your name and other data suitable for identification by random data.


This allows us to determine, for example, which pages and products of our shop are particularly popular, which devices our customers generally use or from which regions our website is accessed. This information helps us to continuously optimise our existing offer and to develop new functions and services.


The legal basis for this data processing is our legitimate interest. Insofar as you have consented to us processing your data for certain purposes, the legal basis is  your consent.


Google Analytics

Our website uses the web analysis service Google Analytics, which is offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies valid for 14 months to collect your access data when you visit our website. The access data is compiled by Google on our behalf into pseudonymous usage profiles and transferred to a Google server in the USA. Before this, your IP address is anonymised. We are therefore unable to determine which usage profiles belong to a particular user. On the basis of the data collected by Google, we can therefore neither identify you nor determine how you use our website. In the exceptional event that personal data is transferred to the USA, we have agreed standard contractual clauses with Google.


Google will use the information obtained through the cookies on our behalf to evaluate the use of our website, to compile reports on website activities and to provide us with further services related to website and internet use. You can also find more information on this in the Google Analytics privacy policy.



For marketing purposes, our websites use so-called conversion and retargeting tags (also “Facebook pixel”) of the social network Facebook, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”). We use Facebook Pixel to analyse the general use of our websites and to track the effectiveness of Facebook advertising (“conversion”). In addition, we use the Facebook pixel to play you individualised advertising messages based on your interest in our products (“retargeting”). For this purpose, Facebook processes data that the service collects via cookies and similar technologies on our websites.


The data collected in this context may be transferred by Facebook to a server in the USA for analysis and stored there. In the event that personal data is transferred to the USA, Facebook has submitted to the controller-to-controller standard contractual clauses.


If you are a Facebook member and have allowed Facebook to do so via your account privacy settings, Facebook may also link the information collected about your visit to us to your member account and use it to target Facebook ads. You can view and change the privacy settings of your Facebook profile at any time.




Sharing your Data

In principle, we only pass on your data if:


  • you have given your express consent;
  • the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed;
  • we are legally obliged to disclose your data;
  • the disclosure is legally permissible and necessary for the performance of contractual relationships with you; or for the performance of pre-contractual measures taken at your request.


Some of the data processing described in this privacy policy may be carried out on our behalf by external service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centres that store and maintain our website and databases, IT service providers that maintain our systems, and consulting companies.


If we pass on data to our service providers, they may only use the data to fulfil their tasks. Processing of your data by the commissioned service providers takes place within the framework of commissioned processing in accordance with the GDPR and the DPA. These service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects.


If we transfer your data beyond the scope of this privacy policy to a service provider based in a country outside the United Kingdom or the European Economic Area, we will inform you separately about this circumstance, if applicable, and on which specific guarantees the data transfer is based. 


How long will my data be stored?

Unless otherwise stated in this privacy policy, we will only store your data for as long as is necessary to fulfil our contractual or legal obligations or the purposes for which the data was originally collected or we have a legitimate interest in continuing to store it.


In all other cases, we delete your personal data with the exception of such data that we must continue to hold in order to comply with statutory retention periods. However, in these cases we will restrict processing, i.e. your data will only be used to comply with legal obligations.


If you cancel or delete your Seasonal Sangha customer account, we will delete all data stored about you there. If complete deletion of your data is not possible or not necessary for legal reasons, the data in question will be restricted for further processing. As a rule, your order and payment data and, if applicable, further data are subject to statutory retention obligations. We are therefore obliged to retain this data for up to six years.


Even if your data is not subject to a statutory retention obligation, we may refrain from deleting it in cases permitted by law and instead block it. This applies in particular in cases where we may still need the data in question for the further processing of the contract or for legal prosecution or legal defence. In this respect, the statutory limitation periods are decisive for the duration of the blocking.


Your Rights

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on each right on the Information Commissioners (ICO) website and you can simply follow the links provided to learn more. 


Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.


The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website.

Please direct all requests for information, requests for information or objections to data processing to us.


Data security

We maintain appropriate technical measures to ensure data security, in particular to protect your data from risks during data transmissions and from unauthorised access by third parties. These measures are adapted to the current state of the art. To secure the personal data you enter on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.


No automated decision-making

We do not use automated decision-making including profiling.


Scope of this privacy policy

This privacy policy only applies to the content on our website and the data processing on the servers we use. It does not cover such content and websites of third parties to which our offer merely links. This applies, for example, to social networks such as Facebook, YouTube and Instagram. The processing of your personal data via these social networks is carried out by the respective operator of the network without us having any influence on this processing. 


This also applies to your personal data that you provide to us via such a platform, for example by writing to our profile on the respective social network. Information on how we handle your personal data and protect it on these platforms can be found in the privacy policy of the respective platform. However, if we store your personal data that you have communicated to us via a social network or that we receive from a social network on our own servers and use it for the purpose of processing your enquiry or request or for other purposes, our explanations above in this privacy policy will of course apply in this respect.


Social Media Sharing

Our website contains links to social networks such as Facebook, Instagram and YouTube you access the parts of our website that contain such links, no personal data is transmitted to the operators of these social networks. Only when you click on the link and thereby visit the social network in question does the operator of the visited network receive personal data relating to you. For more information about the data processing that takes place when you visit a social network and the person responsible for this , please refer to the web site of the respective social network and the above linked Privacy Policies.


Data processing via our online presence in social networks

We maintain online presences in various social networks, currently Facebook, Instagram and YouTube. With regard to the data processing that takes place on the occasion of visiting these online presences, the respective operator of the social network and we may be joint controllers..


Our website contains links to these social networks, which are clearly marked by the respective logo. When you call up the parts of our website that contain such links, no personal data is transmitted to the operators of these social networks. Only when you click on the link and thereby visit the social network in question does the operator of the visited network receive personal data relating to you. For more information about the data processing that takes place when you visit a social network and the person responsible for this, please refer to the web site of the respective social network and the above linked Privacy Policies.


The processing of your personal data on the occasion of your visit to our online presences is based on our legitimate interests in effective user information and communication with users. We would like to point out that data processing will take place outside the UK or the EEA, namely in particular on servers located in the USA. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights.


With regard to requests for information and the assertion of other data subject rights, we point out that these should be asserted directly with the operators if possible. Only the operators have access to their users’ data and can provide information directly and take appropriate measures.


Do Not Track

Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.


Do Not Sell My Personal Information 

We do not sell information that directly identifies you, like your name, address or phone records. 


Direct marketing

From time to time we may use the personal information we collect from you to identify particular products offers which we believe may be of interest to you. We may contact you to let you know about these products and services and how they may benefit you.


You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or relationship with us.


Direct Marketing from generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by Seasonal Sangha, or by our contracted service providers. Every directly addressed marketing form sent or made by us or on our behalf should include a means by which customers may unsubscribe (or opt out) of receiving similar marketing in the future. You can ask us to remove or amend any previous consent you provided by contacting us.



The services for hosting and displaying the website are partly provided by our service provider Google as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our relationship with them, please contact them as described in this privacy policy.


Content Delivery Network

For the purpose of a shorter loading time, we use a so-called Content Delivery Network (“CDN”) for some offers. With this service, content, e.g. large media files, are delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. Our service provider WordPress works for us within the framework of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.


Data Breaches/Notification

Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, Seasonal Sangha will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.


Confirmation of Confidentiality

All company employees must maintain the confidentiality of Personal Data as well as company proprietary data to which they may have access and understand that that such Personal Data is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgement reminders annually attesting to their understanding of this company requirement.


Changes to this privacy policy

We occasionally update this privacy policy, for example when we adapt our website or when legal or regulatory requirements change. We will document material changes in this privacy policy and, where necessary, obtain our customers’ consent.