Draloven Notebook
Legal — Privacy

Privacy Policy

Last updated: 12 January 2026

Draloven Notebook ("we", "us", "our") is an independent editorial publication focused on everyday nutrition practices and weight awareness. The publication is not affiliated with any commercial, governmental, or institutional body. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our registered address is: 29 Laystall Street, London EC1R 4PJ, United Kingdomngdomdomdom. Contact: [email protected]. Telephone: +44 20 7294 8153.

01

Data We Collect

We collect the following categories of personal data:

  • Contact form submissions: name, email address, and message content provided voluntarily when you use our contact form at contact.php.
  • Usage data: anonymised analytics data including pages visited, time on site, referring URL, and browser/device type, collected via cookie-based analytics tools.
  • Technical data: IP address (anonymised), browser type, operating system, and access timestamps recorded automatically in server logs.
  • Cookie data: cookie preferences and consent decisions stored locally. See our Cookie Policy for full details.

We do not collect: financial data, identity numbers, date of birth, or any data categorised as "special category" under UK GDPR (including data relating to health, ethnicity, religion, or political opinion).

02

How We Use Your Data

Personal data collected by Draloven Notebook is used only for the following purposes:

  • To respond to contact form submissions and editorial enquiries.
  • To monitor site performance and understand how readers engage with content (analytics, anonymised).
  • To maintain server security and detect abusive access patterns (server logs).
  • To comply with applicable law and respond to lawful requests from regulatory authorities.

We do not use your data for advertising profiling, automated decision-making, or sale to third parties. We do not send unsolicited email communications.

03

Legal Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Legitimate interests (Article 6(1)(f)): for server log retention and site security. Our legitimate interest is the safe and stable functioning of the publication's website.
  • Consent (Article 6(1)(a)): for analytics cookies and any non-essential data collection. Consent is gathered via our cookie banner and can be withdrawn at any time.
  • Performance of a task in the public interest (Article 6(1)(e)): for responding to editorial enquiries and correspondence relating to the publication's public record.
04

Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

  • Contact form submissions: retained for up to 24 months, then securely deleted.
  • Server logs: retained for up to 90 days, then overwritten.
  • Analytics data (anonymised): retained for up to 26 months in aggregate form.
  • Cookie consent records: retained for 12 months from the date of consent.
05

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data where there is no overriding legitimate reason for continued retention.
  • Right to restrict processing: to request that we limit how we use your data in certain circumstances.
  • Right to data portability: to receive data you have provided in a structured, machine-readable format.
  • Right to object: to object to processing carried out on the basis of legitimate interests.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, write to [email protected]. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

06

Third Parties and Transfers

We do not sell, rent, or share personal data with third parties for marketing purposes. We may share data with the following categories of service provider where necessary for site functioning:

  • Web hosting and server infrastructure providers, located in the United Kingdom or European Economic Area.
  • Analytics service providers processing anonymised data only.
  • Email delivery infrastructure for responding to contact form submissions.

All third-party processors are required to handle data in accordance with UK GDPR and maintain appropriate technical and organisational security measures.

We do not transfer personal data to countries outside the UK or EEA without appropriate safeguards in place (such as Standard Contractual Clauses approved by the ICO).

07

Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in our data handling practices or applicable law. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the website following an update constitutes acceptance of the revised policy. We recommend reviewing this page periodically.

For questions about this policy, contact [email protected].