This is a solid foundation—it covers the mandatory bases for UK GDPR and is written in plain English, which regulators love. However, to make it truly "professional grade" and user-friendly, we can sharpen the legal language, improve the layout, and add a few missing pieces (like specific "Legitimate Interests" details).

Here is how you can improve the policy:

1. Structure and Readability

Instead of a long list, use a Layered Approach. This involves a summary table at the top for quick reading, followed by the full details. This is considered "best practice" by the ICO.

2. Specificity on "Legitimate Interests"

The ICO requires you to be specific. Instead of saying "to improve our business," specify that it’s for "marketing, network security, and service optimization."

3. Data Retention Clarity

You mentioned 24 months for enquiries, which is good. You should also add that financial/transactional data is typically kept for 6 years to comply with UK tax laws (HMRC).

Suggested Revised Privacy Policy

Privacy Policy

Last updated: 05.02.2026

At SoilandLeaf Ltd, we value your privacy as much as we value our plants. This policy outlines how we handle your personal data in compliance with the UK GDPR and the Data Protection Act 2018.

1. At a Glance: Key Information

Controller SoilandLeaf Ltd (Company No: 16995724)

Main Usage: Responding to enquiries, analytics, and service delivery.

Data Sharing: We never sell data. We share only with essential service providers (e.g., web hosting).

Your Rights: Access, correct, delete, or object to processing at any time.

2. The Data We Collect

We collect information that helps us provide a better experience for you:

  • Identity Data: Name and title.

  • Contact Data: Email address and telephone number.

  • Technical Data: IP address, browser type, and location (via cookies).

  • Usage Data: Information about how you use our website.

3. Legal Basis for Processing

We only process your data when the law allows us to. Most commonly:

  • Consent: You’ve filled out a form and asked us to contact you.

  • Contractual Necessity: We need your details to fulfill an order or service.

  • Legitimate Interests: To improve our website, prevent fraud, and maintain a secure network.

  • Legal Obligation: Where we must keep records for tax or legal reasons.

4. Third-Party Sharing & International Transfers

We use a few trusted partners to keep the lights on:

  • Google Analytics (for website performance).

  • Hosting Providers (to store website data).

  • Email Marketing Platforms (if you opt-in to news).

Note on Transfers: If data is transferred outside the UK (e.g., to servers in the US), we ensure "Standard Contractual Clauses" or equivalent safeguards are in place to keep your data just as safe as it is at home.

5. Data Retention: How long do we keep it?

  • General Enquiries: 24 months from the last contact.

  • Contractual/Financial Records: 6 years following the end of the tax year (HMRC requirement).

  • Analytics Data: Anonymized or deleted after 14–26 months.

6. Your Rights

Under the UK GDPR, you are the boss of your data. You have the right to:

  1. Request a copy of the data we hold.

  2. Rectify any incorrect info.

  3. Erasure (The "Right to be Forgotten").

  4. Withdraw Consent at any time.

To exercise these rights, email us at info@soilandleaf.co.uk. If you aren't happy with our response, you can contact the Information Commissioner’s Office (ICO).

7. Security & Cookies

We use SSL encryption (look for the padlock in your browser) to protect data in transit. For details on the specific cookies we use, please email info@soilandleaf.co.uk .

8. Contact Details

SoilandLeaf Ltd

63 Loscoe Road, Carrington, Nottingham, NG5 2AP

Email: info@soilandleaf.co.uk

Contact

Helping farms thrive biologically every day

Email

Phone

hello@soilandleaf.co.uk

+44 7594533648

© 2026. All rights reserved.

Soil and Leaf ltd, Nottingham, NG5 2AP

Let me call you back!