Privacy Policy for Sunny Auras
Last updated: 2 March 2026
Sunny Auras is committed to protecting the privacy of everyone who visits https://www.sunnyauras.co.uk or purchases products and services. This policy explains what personal information is collected, how it is used, and the rights individuals have under UK GDPR and the Data Protection Act 2018.
What Information Is Collected
Sunny Auras collects only the information needed to provide products and services safely and effectively.
When browsing the website
- Basic technical data such as IP address, browser type, device information, and pages visited.
- Cookies that help the site function and improve the browsing experience. Cookie settings can be adjusted through your browser.
When making a purchase
- Name
- Email address
- Postal address (for physical items)
- Payment information (processed securely by third‑party payment providers; Sunny Auras does not store card details)
When booking a rune reading or other service
- Contact details needed to confirm the appointment
- Any information voluntarily shared during the booking process
If account creation becomes available in the future
Any account information would be processed in line with UK GDPR and this policy.
Sunny Auras does not collect special category data unless you choose to share it voluntarily (for example, personal reflections during a reading). This information is treated with extra care and is never used for marketing.
How Your Information Is Used
Personal data is used only for purposes that are lawful and necessary, including:
- Processing and delivering orders
- Managing bookings and providing services
- Responding to enquiries
- Maintaining website security and performance
- Keeping financial records as required by law
- Sending service‑related messages (e.g., order confirmations)
Marketing emails are sent only with clear consent, and you can opt out at any time.
Sunny Auras does not sell personal data or share it with third parties for their own marketing.
Legal Basis for Processing
Sunny Auras processes personal data under the following lawful bases:
- Contract – to fulfil orders and provide services
- Legal obligation – for tax and accounting requirements
- Legitimate interests – to maintain website security and improve services
- Consent – for marketing communications or optional information you choose to share
How Long Information Is Kept
Personal data is kept only for as long as necessary:
- Order records: up to 7 years (legal requirement)
- Booking information: up to 2 years
- Email enquiries: up to 12 months
- Marketing consent: until you withdraw it
Data is securely deleted or anonymised when no longer needed.
Sharing Your Information
Your information may be shared with trusted service providers who help run the business, such as:
- Payment processors
- Website hosting and analytics providers
- Delivery companies
These providers only receive the information needed to perform their services and must keep it secure.
Data is not transferred outside the UK unless appropriate safeguards are in place.
Your Rights Under UK GDPR
You have the right to:
- Access your personal data
- Correct inaccurate information
- Request deletion of your data
- Restrict or object to certain types of processing
- Withdraw consent at any time
- Request a copy of your data in a portable format
To exercise any of these rights, contact Sunny Auras using the details below.
If you believe your data has been handled incorrectly, you can also complain to the Information Commissioner’s Office (ICO).
Keeping Your Data Secure
Sunny Auras uses technical and organisational measures to protect personal information, including:
- Secure website hosting
- Encrypted payment processing
- Access controls
- Regular security monitoring
No method of transmission is completely risk‑free, but every reasonable step is taken to keep your data safe.
Contact Details
For questions about this policy or to make a data request:
Sunny Auras
Website: https://www.sunnyauras.co.uk
Email: hello@sunnyauras.co.uk
Postal address:
