Draveno Letters
Legal — Document Ref: PP-2026-01

Privacy Policy

Last updated: 1 January 2026. This policy applies to all users of draveno.info and any associated services operated by Draveno Letters, 74 Bermondsey Street, SE1 3UB London, United Kingdom.

1. Who We Are

Draveno Letters is an independent editorial publication focused on everyday wellness practices. The publication is not affiliated with any commercial, governmental, or institutional body. For the purposes of UK data protection law, the data controller is Draveno Letters, 74 Bermondsey Street, SE1 3UB London, United Kingdom.

You can contact us regarding data matters at [email protected] or by post at the address above.

2. What Personal Data We Collect

We collect personal data only when you actively provide it or when it is gathered automatically through standard website processing. The categories of data we may collect include:

  • Contact form submissions: your name, email address, and the content of your message when you use the contact form on this website.
  • Technical data: IP address, browser type, operating system, referring URL, and pages visited, collected automatically via server logs and, where consent is given, analytics tools.
  • Cookie data: as described in our Cookie Policy. Functional cookies are set automatically; analytics and preference cookies are set only with your consent.
  • Correspondence: if you email us directly, we retain a record of that correspondence for as long as reasonably necessary to respond and for a period thereafter in case of follow-up.

We do not collect sensitive personal data, payment information, or any data relating to children under the age of 16.

3. How We Use Your Data

Personal data collected through this website is used for the following purposes:

  • To respond to enquiries submitted via the contact form.
  • To understand how the website is used and to improve its content and structure, using anonymised or aggregated analytics data.
  • To comply with legal obligations, including the retention of records required under applicable law.
  • To detect and prevent fraudulent or abusive use of the website's contact facilities.

We do not use personal data for automated decision-making or profiling. We do not sell, rent, or share personal data with third parties for their own marketing purposes.

4. Legal Basis for Processing

Our processing of personal data is based on the following legal grounds under the UK General Data Protection Regulation (UK GDPR):

  • Legitimate interests — for technical data collected automatically during normal website processing, where our interest in maintaining a functioning, secure website is not overridden by your rights.
  • Consent — for analytics cookies and any non-essential data processing. You may withdraw consent at any time via our Cookie Settings, accessible in the footer of every page.
  • Contract performance — where data processing is necessary to respond to a direct request you have made of us.
  • Legal obligation — where we are required to process or retain data by applicable law.

5. Data Retention

We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by law. In practice:

  • Contact form data: retained for up to 24 months from the date of submission, unless an ongoing correspondence makes longer retention necessary.
  • Server log data: retained for up to 12 months and then deleted or anonymised.
  • Cookie data: as specified in our Cookie Policy, varying by cookie type.

6. Third-Party Services

This website uses a limited number of third-party services that may process data on our behalf:

  • Web hosting and server infrastructure providers, who process technical data in the course of serving the website.
  • Analytics tools (where consent is given), which process anonymised or pseudonymised usage data.
  • Font delivery services (Fontshare, Google Fonts) which may receive a request from your browser when loading page assets.

We do not transfer personal data outside the United Kingdom or the European Economic Area except where standard contractual clauses or equivalent safeguards are in place.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate data.
  • Right to erasure — to request deletion of your data where there is no lawful basis for continued processing.
  • Right to restriction — to request that we limit processing of your data in certain circumstances.
  • Right to data portability — to receive your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object — to object to processing based on legitimate interests.
  • Right to withdraw consent — at any time, where processing is based on consent.

To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you consider that our processing of your data does not comply with applicable law.

8. Security

We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, or disclosure. These measures include HTTPS encryption for all data in transit, access controls on systems that handle personal data, and regular review of our security arrangements.

No system is entirely without risk. While we take reasonable steps to protect data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO and, where required, affected individuals in accordance with our obligations under UK GDPR.

9. Cookies

This website uses cookies. For full details of what cookies we set, their purpose, and how to manage or refuse them, please read our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically. Continued use of the website following a policy update constitutes acceptance of the revised policy.

11. Contact

If you have any questions about this Privacy Policy or our handling of personal data, please contact us:

Draveno Letters
74 Bermondsey Street
SE1 3UB London, United Kingdom
[email protected]
+44 20 7483 9261