Who we are

I am Sarah Flower and my website is https://roseandbalm.co.uk.

This privacy policy explains how I use the personal data I collect from you.

What personal data we collect and why we collect it


I collect your name, address, email address, telephone number, date of birth and medical history.  This information is not shared outside of this organisation in any way and is strictly confidential, accessible only by myself.  The information is stored on paper and not electronically.  I may share information via email between myself and you.  This information is necessary to provide safe herbal treatment and to maintain contact with you when required.  I keep medical notes for a minimum of 10 years.


If you contact me by email I do not share your details outside of our organisation.  I may keep emails for future reference.


When visitors leave comments on the site I collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

There is an online contact form on the website that you may choose to use.  I collect your name and email address so that I may respond to your query.


Facebook: I use Facebook advertising. Facebook’s own Data policy can be found here: https://www.facebook.com/policy.php. This data is used for targeted advertising to potential or existing customers based on similar demographics. We market products, services or offers based on previously viewed content. Facebook uses cookies to gather this data. Facebook has multiple opt-out options under your account settings to opt out of its advertising.

Instagram: I use Instagram to post marketing activity, and I may occasionally use the paid advertising service to target users based on demographics. I promote products, services and offers  – this is all run through the Facebook Advertising platform.

Google Ads: I occasionally used paid advertising through Google ads to promote products, services and offers to target users based on demographics.  Google Ads privacy policy can be found here: https://policies.google.com/privacy?hl=en-GB


If you sign up to my newsletter I collect your name and email address.  You can unsubscribe at any time by clicking on the unsubcribe button at the bottom of the newsletter.  I use mailchimp to create our newsletter.  Mailchimps privacy policy can be found here: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts


There are cookies in use on this website.  To view the cookie policy please visit our cookie policy page

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


This website uses Google Analytics.  Google Analytics is a web analytics service offered by Google that tracks and reports website traffic.  We use this data to help use understand how people use our site.  How Google uses data when you use our partners’ sites or apps https://www.google.com/policies/privacy/partners/

Who I share your data with

I do not share your data with anyone outside of this organisation that has not already been disclosed above.

How long I retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on this website (if any), I also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Please note that I keep medical notes for a minimum of 10 years.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to us. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

If you wish to exercise these rights please contact Sarah Flower by email: roseandbalm@gmail.com.  If you make a request, I have one month to respond to you

Where I send your data

Visitor comments may be checked through an automated spam detection service.

Additional information

How I protect your data

I am a qualified Medical Herbalist and I am fully trained in the General Data Protection Regulation (GDPR) and adhere to a strict confidentaility code of conduct.  All medical disclosure is treated with the strictest confidence.  For marketing and analytical purposes I only use companies that have full and robust data protection protocols in place.

What data breach procedures I have in place

In the event of a data breach I will notify you and the Information Commissioner’s Office (ICO).  As data processors we are registered with the ICO.  For further informaion on GDPR and the ICO please follow this link: https://ico.org.uk/your-data-matters/

What third parties I receive data from

I use anonymised analytical data from Google Analytics and Facebook

What automated decision making and/or profiling I do with user data

I use analytical data to help target our marketing and to improve website users experience