Privacy Policy

This Privacy Policy describes how Andrei Bushuev, trading as The Natural Healing Pantry ('we', 'us', 'our'), collects, uses, and protects the personal information of visitors and customers ('you') of this website.

We are committed to protecting your privacy and handling your personal data in accordance with applicable law, including the EU General Data Protection Regulation (GDPR) and the Spanish Organic Law on Data Protection (LOPDGDD).

1. Who We Are (Data Controller)

The data controller responsible for your personal information is:

Andrei Bushuev — The Natural Healing Pantry

Mallorca 236, Barcelona, Spain

Email: andrew@andrewbush.org

2. What Personal Data We Collect

We collect the following types of personal data:

— Contact information: your name and email address, provided at checkout.

— Payment information: billing details processed by Stripe (our payment processor). We do not receive or store your full card number, CVV, or bank account details — these are handled entirely by Stripe.

— Technical data: IP address, browser type, device type, and pages visited, collected automatically through Google Analytics and standard web server logs.

— Usage data: how you interact with this website, such as pages viewed and time spent on site, collected via Google Analytics.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

— To process and fulfill your order, including delivering the PDF product to your email address.

— To send you your purchase receipt and any transactional communications related to your order.

— To contact you in the future regarding relevant updates, new products, or offers from The Natural Healing Pantry. You may opt out of these communications at any time by replying to any email with 'unsubscribe' or by contacting us at andrew@andrewbush.org.

— To analyse website traffic and understand how visitors use our site, so we can improve the user experience (via Google Analytics).

— To comply with legal obligations and protect against fraudulent transactions.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, our legal basis for collecting and using personal information is as follows:

— Contract performance: processing your name and email is necessary to deliver the product you purchased.

— Legitimate interests: using anonymised analytics data to improve our website, and contacting you about related products and updates.

— Consent: where we send you marketing communications beyond transactional messages, we rely on your consent. You may withdraw consent at any time.

5. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to understand how visitors use our website. Google Analytics collects information such as your IP address (anonymised), browser type, pages visited, and time on site via cookies and similar tracking technologies.

The data collected by Google Analytics is sent to and stored on Google servers, which may be located in the United States or other countries. Google processes this data in accordance with its own Privacy Policy and the EU-US Data Privacy Framework.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout) or by adjusting your browser's cookie settings.

6. Cookies

This website uses cookies and similar tracking technologies to operate and improve the site. Cookies are small text files stored on your device.

We use: (a) strictly necessary cookies required for the site to function; and (b) analytics cookies placed by Google Analytics to measure site performance.

You can control and manage cookies through your browser settings. Please note that disabling cookies may affect site functionality.

7. Sharing of Personal Data

We do not sell, rent, or transfer your personal data or any identifying information to any third parties, except as described below:

— Stripe: we share your payment and contact information with Stripe, Inc. solely for the purpose of processing your payment. Stripe acts as an independent data controller for this data. You can review Stripe's privacy policy at https://stripe.com/privacy.

— Google: anonymised usage data is shared with Google LLC through Google Analytics as described in Section 5.

— Legal compliance: we may disclose your data if required by law, court order, or governmental authority.

We do not share, sell, or transfer your personal data to any other third parties for marketing, advertising, data brokering, or any other purpose.

8. Data Retention

We retain your email address and purchase records for as long as necessary to fulfil the purposes described in this policy, including for legal, accounting, or dispute-resolution obligations. Typically, purchase records are retained for up to 5 years in accordance with Spanish commercial law.

If you request deletion of your data (see Section 9), we will erase your personal data unless we are legally required to retain it.

9. Your Rights

If you are located in the European Union or Spain, you have the following rights regarding your personal data:

— Right of access: request a copy of the personal data we hold about you.

— Right to rectification: request correction of inaccurate data.

— Right to erasure ('right to be forgotten'): request deletion of your data, subject to legal obligations.

— Right to restriction: request that we limit how we process your data in certain circumstances.

— Right to object: object to processing based on legitimate interests.

— Right to data portability: request a machine-readable copy of your data.

— Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at andrew@andrewbush.org. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos — www.aepd.es).

10. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Payment processing is handled entirely by Stripe, which is PCI-DSS compliant.

While we strive to protect your data, no internet transmission is 100% secure. Please contact us immediately at andrew@andrewbush.org if you believe your data has been compromised.

11. International Data Transfers

Some of our service providers (including Google and Stripe) may process your data outside the European Economic Area (EEA), including in the United States. Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with GDPR requirements, such as Standard Contractual Clauses or participation in the EU-US Data Privacy Framework.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

13. Contact

For any privacy-related questions, requests, or complaints, please contact:

Andrei Bushuev — The Natural Healing Pantry

Mallorca 236, Barcelona, Spain

Email: andrew@andrewbush.org