Last updated: 2026-04-06
Make It Plant Based (“Make It Plant Based“, “we”, “our”, or “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal information we collect when you use our website, why we collect it, how we use it, and your rights in relation to it.
We act as the data controller for the personal data described in this policy. If you have questions or concerns, please see the Contact Us section at the bottom of this page.
We may update this policy from time to time. The most current version is always available at this URL. Continued use of the website after a policy update constitutes acceptance of the revised terms.
1. What Information We Collect and Why
We collect personal data only where we have a lawful basis to do so. The table below summarises the data we collect directly as the operator of this website.
| Category | Data elements | Purpose | Legal basis | Retention |
|---|---|---|---|---|
| Account registration | First name, last name, email address, password (stored as a one-way hash), date of birth year (age verification only — not stored after verification) | To create and manage your account. We require a minimum age of 16. Registrations by visitors under 16 are rejected and no data is retained. | Contract / Legitimate Interest | Duration of your account plus 2 years after a deletion request |
| Contact form submissions | Name, email address, subject, message, pseudonymised IP address | To respond to your enquiry. | Legitimate Interest | 90 days from submission, then permanently deleted |
| Consent records | Pseudonymous visitor hash (SHA-256 of IP + site salt — not reversible), consent choices, timestamp, page URL, browser type | To maintain an auditable consent record as required by GDPR Article 7(1). | Legal Obligation | Retained indefinitely as a compliance record |
| Marketing consent | Email address, opt-in date, source, subscription status | To send you newsletters and updates you have subscribed to. | Consent | Until you unsubscribe or request deletion |
| Cookies and technical data | See the Cookies section below | Website functionality, security, and (with consent) analytics | Legitimate Interest / Consent | Varies by cookie — see Cookies section |
Data we do NOT collect
We do not collect or store: payment card numbers (handled directly by your payment provider), government-issued ID numbers, health or medical data, biometric data, financial account details, or any special-category data as defined under GDPR Article 9. We do not create accounts for visitors under 16 years of age.
2. Third-Party Services and Data Processors
We use the following third-party services which may process personal data on our behalf or independently. Where we share data with these parties we have ensured appropriate data processing agreements are in place.
| Service | Provider | Purpose | Data processed | Legal basis | Retention |
|---|---|---|---|---|---|
| Contact Form 7 Privacy policy |
Takayuki Miyoshi (plugin author) | Receiving and processing contact form submissions from visitors. | Name, email address, phone number (if requested), message content, IP address, submission timestamp. | Legitimate Interest (responding to enquiries you have initiated). | Submissions stored temporarily via Flamingo; cleared after 90 days unless otherwise required. |
| Akismet Anti-Spam Privacy policy |
Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA | Detecting and filtering spam in comments and contact forms. | Commenter name, email, URL, IP address, user agent, and comment content — sent to Akismet's servers for spam analysis. | Legitimate Interest (protecting website security and integrity). | Retained by Akismet for spam-detection model training. |
3. International Data Transfers
Some of the third-party services listed above are based outside the United Kingdom and the European Economic Area (EEA), meaning your data may be transferred internationally. When this occurs, we ensure appropriate safeguards are in place in accordance with UK GDPR and GDPR Article 46, including:
- Standard Contractual Clauses (SCCs) — EU/UK-approved contractual transfer mechanisms.
- EU–US Data Privacy Framework — For transfers to certified US-based processors.
- UK International Data Transfer Agreements (IDTAs) — For UK-specific transfers where applicable.
You can request details of the specific transfer mechanisms in place by contacting us using the details in the Contact Us section below.
4. Cookies
Cookies are small text files stored on your device by your browser. We use cookies for the following purposes:
| Category | Cookies | Purpose | Legal basis | Duration |
|---|---|---|---|---|
| Essential cookies | wordpress_*, wp-settings-*, cp_consent | Required for the website to function: keeping you logged in, remembering your consent preferences | Legitimate Interest / Legal Obligation | Session to 1 year |
You can manage your cookie preferences at any time using the cookie settings icon on this website, or by adjusting your browser settings. Note that disabling essential cookies may affect website functionality.
IAB Transparency & Consent Framework (TCF v2.2)
This website implements the IAB Europe Transparency & Consent Framework version 2.2 (TCF v2.2). This is an industry-standard technical protocol that communicates your consent choices to advertising and analytics platforms that support the framework. If you have accepted or rejected specific cookie categories, that preference is made available to TCF-compatible third parties via a standardised API. No additional data is collected by this mechanism itself — it simply transmits the consent choices you have already made.
5. How Long We Keep Your Data
We retain personal data only for as long as necessary for its original purpose, or as required by law:
- Contact form submissions: 90 days from receipt, then permanently deleted.
- User accounts: Retained for the lifetime of your account. After you request deletion, account data is removed within 30 days (certain audit/legal records may be retained longer as required by law).
- Consent records: Retained indefinitely. We are legally required under GDPR to demonstrate that valid consent was obtained.
- Marketing consent: Until you withdraw consent (unsubscribe) or request erasure. After unsubscribing, your email address is suppressed (not deleted) to ensure we do not inadvertently contact you again.
- Server logs: 30 days, then automatically deleted.
At the end of any retention period, data is either securely deleted or anonymised so that it can no longer be linked to you personally.
6. Your Rights
Under UK GDPR and GDPR you have the following rights regarding your personal data. To exercise any of these rights, please contact us using the details in the Contact Us section below.
- Right of access — You can request a copy of the personal data we hold about you (Subject Access Request). We will respond within 30 days.
- Right to rectification — You can ask us to correct inaccurate or incomplete data about you.
- Right to erasure — You can ask us to delete your personal data where there is no compelling reason for us to continue holding it.
- Right to restriction of processing — You can ask us to restrict how we process your data in certain circumstances.
- Right to data portability — Where processing is based on consent or a contract, you can request your data in a structured, machine-readable format.
- Right to object — You can object to processing based on Legitimate Interest. We must stop unless we can demonstrate compelling legitimate grounds.
- Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
Additional Rights for US Visitors (CCPA / CPRA)
If you are a resident of California (USA), you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know — You can request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose, and the categories of third parties with whom we share it.
- Right to Delete — You can request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Opt Out of Sale or Sharing — You can opt out of the sale or sharing of your personal information with third parties for cross-context behavioural advertising. Use the "Do Not Sell or Share My Personal Information" link in the website footer.
- Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights.
Additional Rights for Canadian Visitors (PIPEDA / Quebec Law 25)
If you are a resident of Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and, if you are in Quebec, under Law 25 (Law Modernising Privacy Protection). These include the right to access your personal information, the right to correct inaccuracies, the right to withdraw consent to the use of your data for non-essential purposes, and the right to data portability (Quebec). To exercise these rights or to opt out of data sharing, use the link provided in the website footer or contact us directly.
Complaints
If you believe we have handled your data unlawfully, you have the right to lodge a complaint with a supervisory authority:
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- EU: Your national data protection authority — find your DPA
- Canada: Office of the Privacy Commissioner of Canada — priv.gc.ca
- California (USA): California Privacy Protection Agency — cppa.ca.gov
We would always prefer to resolve your concern directly — please contact us before going to a supervisory authority if possible.
7. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will update the "Last updated" date at the top of this page. Continued use of Make It Plant Based after a policy update constitutes acceptance of the revised terms.
8. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we handle your personal data, please contact us:
- Website: https://www.makeitplantbased.com
- Contact form: https://www.makeitplantbased.com/contact/
We aim to respond to all requests within 30 days. For Subject Access Requests or erasure requests we may ask you to verify your identity before fulfilling your request.
This website is operated by Make It Plant Based.