FREE Standard Shipping over £55

30-day Feel Good Guarantee

Need help? Contact us!

BUILD YOUR OWN

0Checkout

Privacy Policy

Introduction

At United Flow Limited (trading as The Goodness Project), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our website, webshop, and services.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation (EU GDPR).

Principles We Follow

We adhere to the following data protection principles:
- We process data lawfully, fairly, and transparently.
- We collect data for specified, explicit, and legitimate purposes and do not process it further in ways incompatible with those purposes.
- We only collect data that is adequate, relevant, and limited to what is necessary.
- We take reasonable steps to ensure personal data is accurate and kept up to date.
- We keep data in identifiable form only as long as necessary for the purposes collected.
- We protect personal data with appropriate technical and organisational security measures.

Company Information

United Flow Limited
Unit 4, Orbital Industrial Estate, Horton Road, London, UB7 8JL
Company number: 8408252
Website: www.thegoodnessproject.co.uk
Email: hello@thegoodnessproject.co.uk

We are not required to appoint a Data Protection Officer under Article 37 UK/EU GDPR.
As we offer goods within the EU (e.g. Ireland), we have appointed an EU GDPR Representative. Details are available upon request.

Data Processors

We use trusted third-party service providers to help deliver our services. These include:
- Accounting: Admiral Accounting Ltd
- IT & Hosting: Nimenor Consulting & Marketing Ltd
- Delivery: Royal Mail plc, DPD Group
- Email Marketing: Mailerlite
- Payments: PayPal, Stripe

We may update this list as suppliers change, but always ensure that contracts and safeguards are in place in accordance with GDPR.

International Transfers

Where we transfer personal data outside the UK or EU (e.g. to PayPal or Stripe in the US), we ensure adequate safeguards are in place such as the UK International Data Transfer Agreement (IDTA), the EU Standard Contractual Clauses (SCCs), or other legally recognised protections.

Data We Collect and Why

  • Website visit: Site security, analytics, statistics | Legal basis: Legitimate interest | Data: IP address, browser, pages visited | Retention: 1 month
    • Registration: Create account, manage preferences | Legal basis: Consent/Contract | Data: Name, email, phone, addresses | Retention: Until deletion or withdrawal
    • Online shop: Orders, invoicing, returns | Legal basis: Contract/Legal obligation | Data: Name, contact details, order info, payment data | Retention: Orders 5 years; invoices 8 years
    • E-newsletter: Send news, offers | Legal basis: Consent | Data: Name, email | Retention: Until opt-out
    • Direct marketing: Tailored offers | Legal basis: Consent/Legitimate interest | Data: Name, email, shopping history | Retention: Until opt-out
    • Complaints/admin: Respond to queries | Legal basis: Contract/Legal obligation | Data: Name, contact details, message | Retention: 5 years
    • Competitions: Run prize draws & promotions | Legal basis: Consent/Legal obligation | Data: Name, contact details | Retention: Participants until event ends; winners 8 years

Cookies

Cookies are small text files stored on your device when visiting our website.

- Essential cookies: required for website functionality (do not require consent).
- Analytics/marketing cookies: used for statistics and personalised offers (require consent).

We use a Consent Management Platform (CMP) to allow you to accept or reject non-essential cookies. More details are available in our separate Cookie Policy.

Profiling & Automated Decision-Making

We may use profiling tools (e.g. purchase history analysis, email marketing segmentation, Google Analytics) to provide a better shopping experience.

- We do not use solely automated decision-making that has legal or similarly significant effects.
- You have the right to object to profiling and request human review at any time.

Children’s Data

Our services are not directed at children under 13. We do not knowingly collect data from children. If we become aware of such data, it will be deleted.

Your Rights

You have the following rights under UK/EU GDPR:
- Access – request a copy of your personal data.
- Rectification – request correction of inaccurate or incomplete data.
- Erasure – request deletion of your personal data.
- Restriction – request limits on processing of your data.
- Portability – request your data in a structured, commonly used format.
- Objection – object to processing based on legitimate interests or direct marketing.
- Withdraw consent – withdraw consent at any time where processing is based on consent.
- Not to be subject to automated decisions – including profiling with legal effects.

You can complain to:
- UK: Information Commissioner’s Office (ico.org.uk)
- EU: The relevant EU supervisory authority (e.g. Data Protection Commission in Ireland).

Security

We implement technical and organisational measures to protect your data against unauthorised access, loss, misuse, alteration, or disclosure. Access is limited to authorised employees and contractors who are bound by confidentiality obligations.

Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be published on our website.

London, 24th of May 2018

Latest update: 15th of August 2025

Let us send you some Goodness!

Join us now and receive emails about news and offers. We promise we won't spam you!

Subscribe to newsletter
CAPTCHA