In Short: This Policy explains how we handle your Personal data. It helps you understand what we do with your information and your privacy rights.
Welcome! This Privacy Policy (“Policy”) explains how Herbal Solutions ("Company", "we", "us", or "our") handles your Personal data (“Data”) when you:
This Policy outlines what Data we collect, its purposes, how we use and share it, how long we retain it, your rights, and how we protect your Data. We are committed to process your Data lawfully, fairly, and transparently in accordance with:
Unless stated otherwise, this Policy applies globally, except in the United States and Canada. Specific privacy rights and regional supplements (e.g. for United Kingdom, Australia, etc.) are provided in Regional Addenda at the end of this Policy.
If you do not agree with our practices, please refrain from using the Website, purchasing our Goods or Service or submitting your Data in any other way. This Policy is effective as of 5th of September 2025. We may update this Policy occasionally all updates take effect upon publication, so we encourage you to review it regularly to stay informed.
We are: Herbal Solutions, your Personal data Controller
Our company number is: 306729964
Our registered address: Ukmerges st. 126, LT-08100 Vilnius, Lithuania
Our support e-mail address: support@oldwaysremedies.com
We have appointed a Data Protection Officer (DPO) to oversee our data protection obligations. You can contact the DPO directly at: disputes@oldwaysremedies.com.
In Short: We mainly collect only the Data needed to provide our Goods or Services and operate our Website. This section explains why we collect it and how we use it.
We only collect the Data we truly need – and only use it for clear, lawful reasons e.g. to proceed your purchase, provide service, respond to your enquiries, ensure Website functionality, etc. You can find a full list of purposes, what Data we collect, how we use it and much more detailed information in subsections bellow.
Here are also few important things for you to know:
We process your Personal Data when you purchase physical products or digital publications (“Goods”) through our Website. These may include:
Data is processed to manage personalized content, your order, arrange delivery, and handle payment and provide related service (e.g., order confirmation, updates, returns, or refunds).
Identification and contact details: full name, delivery address, email, address, phone number.
Payment details: price, currency, credit card brand, type, BIN number, and issuing country.
Technical information: IP address, language, device type.
Quiz responses: used exclusively to generate your personalized Book or E-book, and not stored afterwards.
GDPR Art. 6(1)(b) – Contract:
Order and payment records are retained for 10 years in line with legal, tax and accounting obligations.
Quiz answers are only used until Book or E-book is created.
Identification and contact details: full name, email address, billing address, phone number
Payment information: payment amount, currency, card brand/type, BIN number, issuing country
Subscription management: start/end dates, renewal status, cancellation date, transaction confirmations
Technical metadata (if applicable): IP address, device/browser type, access logs
GDPR Art. 6(1)(b) – Contract:
We process your Personal data when handling payments related to your orders, subscriptions, discounts, returns, or refunds.
We also use this Data to comply with legal, financial, and tax obligations, including invoicing and bookkeeping.
Payment Information: payment method (card type, few last card numbers), payment token, transaction amount, transaction date and time, refund reasons.
Billing & Legal Data: name, email, phone, billing address, IBAN/account number, payment records, invoices, and other required accounting documentation.
GDPR Art. 6(1)(b) – Contract:
GDPR Art. 6(1)(c) – Legal obligation:
If you contact us by phone and/or in writing (via LiveChat, customer support, email, social media or otherwise), we will keep a record of the fact of your contact and the information you have provided to us, including your Personal data, to properly process your request and respond to your question, request or complaint.
We use artificial intelligent (AI) based tools (fully or semi-automated) to assist our customer support team. These tools are used to: suggesting draft responses, guiding or answering calls before transfer to a human agent, transcribing and summarizing conversations, and providing automated replies to frequently asked and trained questions.
Note! All AI-generated outputs are reviewed and validated by human staff where decisions could affect your rights. We do not rely solely on automated decision-making that produces legal or similarly significant effects. We do not use your data for training AI models unless fully anonymized.
When contacted by call: name, surname, mobile phone number, email address, residential address, purchase details and other information required to verify your identity (if needed). Date and time of the call, duration of the call and a recording of the call.
Contact by email / or via Livechat, Customer Support: name, surname, mobile phone number, email address, residential address. Purchase details and other
information required to verify your identity (if needed). Other information related to the written request, attached documents or other visual content, all correspondence history.
GDPR Art. 6(1)(b) – Contract:
GDPR Art. 6(1)(f) Legitimate interest:
Recordings of conversations - 6 months from the moment of creation.
Written communication - 3 years after your inquiry was closed.
We may retain some information longer if we are required to do so to comply with applicable laws or based on justified interests.
We have the right, in performing our rights and obligations under the Terms (“ToS”), to contact you at any time (e.g., provide transactional communication). We may send you important notifications and information by e-mail, SMS or via phone call.
Note! This important communication is not considered marketing, and you cannot opt out of it.
Identification and contact details: name, surname, mobile phone number, e-mail address, residential address.
Call details: date and time, duration, the call recording.
Technical data: copies of electronic messages/SMS, delivery status and date, message opening (reading) status and date, links opened from the message content.
GDPR Art. 6(1)(b) – Contract:
Recordings of conversations are kept for 6 months from the moment of creation.
Electronic communications history logs kept for 1 month, unless longer retention is required for legal purposes.
We process your Personal Data to inform you about our Goods, Services, promotions, new features, or to request your feedback. This includes sending general or personalized marketing content (e.g., newsletters, promotional messages, surveys) via email, SMS, or phone calls.
Marketing content may be customized based on the Data we already hold about you (e.g., previous purchases, browsing history, selected preferences), in order to provide you with relevant offers or content.
If you are an existing customer, we may contact you with marketing messages about the same or similar products or services, even if you haven’t given explicit consent — unless you opted out during your order (e.g., via “Thank You page”), it’s not allowed by law or you objected later.
Remember! you have the right to object to the use of your Personal data for direct marketing at any time. You may simply withdraw your consent or opt-out at any time by using the unsubscribe link provided in our newsletters, replying to SMS required word or by contacting us via email.
Contact details: full name, e-mail, telephone number, country;
Logs: consent collection logs (date, method, preferences).
GDPR Art. 6(1)(a) – Consent:
GDPR Art. 6(1)(f) Legal interest:
We manage our business profiles and accounts on various social networks. If you are interested in our Services and follow our profiles on social networks, participate in our games, promotions, share your photo with us or tag us in your photo, public post, etc., we collect and use your Data, which we receive directly from you, when you are active in our accounts.
Please note that our accounts are integrated into social networking platforms (e.g. Facebook, Instagram, Linkedin, etc.) and therefore all social platform providers as independent data controllers have full access to collect your Personal data. You can find detailed information on the data processing, purposes and scope of data use by each social networking platform in the privacy policy of the respective social network. Also if you want to exercise your rights in relation to data processed by social networks, it is more efficient to contact the controller of the social network directly.
Your name, surname, and profile photo;
Public interactions (likes, follows, comments, shares);
Messages you send (content, time, attachments, history);
Your participation in games/events;
Any photos you send us or tag us in.
GDPR Art. 6(1)(a) – Consent:
The provider of the social network concerned shall set the time limits for the retention of data. We recommend that you check the privacy policy of the respective social network.
We normally retain and don’t delete them unless you withdraw consent, request deletion, or the platform enforces earlier deletion.
We may process your Personal data in case we become a party or concerned party in legal process which you are subject to, or we are statutorily required to collect and/or provide information about you in order to comply with the applicable law.
Also, in all cases where we suspect fraud, theft, account misuse, or other unlawful activities involving our Website, Company, brands and or services, we report such cases to the appropriate pre-trial investigation authorities (such as the police or prosecutor’s office).
All information that we uphold about you and that is a part of legal process e.g. accounting and legal case files, legal documents, other information you provide us with, other information that we are statutorily required to collect and/or provide. Also, pleadings, claims, court decisions.
If the case arises - information about criminal offenses and convictions.
GDPR Art. 6(1)(f) – Legitimate interest:
GDPR Art. 6(1)(a) – Consent:
GDPR Art. 6(1)(a) – Consent:
We process your Personal Data when you submit, create, or allow us to use content that features you for promotional purposes. This includes:
Where applicable, a separate image-use or content-use agreement will be signed before publication or distribution, or consent will be collected via a dedicated form.
GDPR Art. 6(1)(a) – Consent:
GDPR Art. 6(1)(b) – Contract:
UGC and campaign content: retained for up to 2 years from the date of collection or consent, unless a shorter or longer period is specified or consent is withdrawn.
Advertising campaign content: archived for up to 10 years for legal, contractual, or compliance purposes.
GDPR Art. 6(1)(b) – Contract:
GDPR Art. 6(1)(f) – Legitimate interest:
Affiliate program data – retained for the duration of your participation in the program and up to 5 years after termination (for accounting, legal, and fraud-prevention purposes);
Payment records – retained for 10 years to comply with financial/accounting laws;
Affiliate photos and videos - as agreed in specific affiliate program, or mutual agreement.
In Short: We get your Data directly from you, through your use of our Website, or from trusted third parties and public sources. This helps us operate our Services and stay in touch with you.
We might collect Data from the following source (-s):
In Short: Yes, but only when necessary and with strong safeguards—always ensuring your privacy is protected.
Yes - but only when necessary, and with your privacy in mind.
We may share limited Data with trusted third parties to provide our services, meet legal obligations, or support business daily operations. Whenever we do, we ensure that your Data is protected and handled responsibly. For this reason, parties who process Data on our behalf, they act as Data Processors and are contractually bound by Data Processing Agreements (DPAs). These agreements ensure they follow our instructions, apply appropriate safeguards, and do not use your Data for their own purposes. We may share your Data with:
In Short: We keep your Data only as long as needed for legal, contractual, or service-related purposes—then we delete or anonymize it securely.
We keep your Data only for as long as necessary to:
Detailed retention periods for each Data processing purpose are set out in Section 3 of this Policy. Once the applicable retention period has expired, we will either safely delete your Data or irreversibly anonymize it within a reasonable timeframe, in line with best industry practices and legal requirements.
In Short: We use strong technical and organizational measures to keep your Data safe and work continuously to prevent unauthorized access and protect your privacy.
We are committed to protecting your Data and take the security of your information seriously. We apply a combination of technical and organisational measures to prevent unauthorised access, accidental loss, misuse, alteration, or disclosure of Personal data. Our security safeguard practices are based on core data protection principles and include, but are not limited to:
While we apply strong security measures, no system is entirely risk-free - especially during internet transmission. To help protect your Data, please stay vigilant online and always use a strong, unique password, keep it confidential, secure your devices, be cautious when sharing information online especially via strange links. Security incidents resulting from user actions (e.g. credential sharing or phishing) may fall outside our control.
In Short: Yes, sometimes - but only when necessary and always with strong legal safeguards to keep your data protected.
Yes - but only when necessary, and always with strong protection in place.
We mainly store and process your Data within the European Economic Area (EEA), and there may be times when some of your Data is transferred to trusted partners or service providers located in countries outside the EEA - for example, for cloud hosting, technical support, or specialist services. Where applicable, such recipients are listed in Section 3 of this Policy.
Whenever we send your Data outside the EEA, we make sure that it remains protected, and your privacy rights are respected. We never transfer your Data lightly — we always assess the risks and take appropriate steps to keep your Data safe, wherever it goes. Where Data is transferred outside the EEA:
If you would like more details about these transfers, you can contact us using the details provided in Section 11 of this Policy.
In Short: Yes, but we don’t make important decisions about you using only AI. We may use smart tools to support our services, but all important decisions involve real people, not just programs.
Yes. We may use certain Artificial Intelligence (AI) - based tools and fully or semi-automated systems - for example, in customer support or during phone calls - to enhance the speed and accuracy of our Services.
However, we do not engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, within the meaning of Art. 22(1) GDPR. Specifically:
In Short: You have rights over your Personal data, including access, correction, deletion, objection, and more. This section outlines how you can exercise them and what to expect.
If we process your Data as set out in this Policy, or you believe we may be doing so, you have the following rights as a Data Subject. These rights apply regardless of whether we process your Data as a client, supplier, contractor, or professional contact:
Please note: Your rights are not absolute. In some cases, the exercise of your rights may be restricted under applicable data protection laws - for example, where fulfilling your request would adversely affect the rights and freedoms of others, or where we are legally required to retain certain Personal data (e.g. for compliance, legal claims, or regulatory purposes).
If you have any general questions about this Policy, how we process Data, complaint or if you wish to exercise any of your Data Subject rights, you can contact us by email at: disputes@oldwaysremedies.com.
To help us process your request efficiently, please:
You may also authorize someone to act on your behalf. If so, please ensure your authorized person provides us with written and signed permission confirming they are allowed to act for you. We may deny a request if sufficient proof of authorization is not provided.
We aim to respond without undue delay and within one month of receiving your request. If your request is particularly complex or involves multiple issues, we may extend this period by an additional month – in which case, we will inform you in advance and explain the reason for the delay.
This Addendum supplements our Global Privacy Policy and applies where your Personal Data is subject to the laws of the country or region in which you reside, or where our processing activities are specifically targeted. These regional terms complement the Global Privacy Policy and override it only where required by applicable local law.
If you a UK resident or our processing relates to UK individuals, the processing of your Personal Data is subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Your Rights under UK Data Protection Law:
International Data Transfers from the UK:
If we transfer your Personal Data outside the UK (e.g., to the EEA, the United States, or other countries), we ensure that adequate safeguards are in place, such as:
Supervisory Authority:
If you have concerns about how we handle your Personal Data, you may lodge a complaint with the UK’s supervisory authority: Information Commissioner’s Office (ICO), website: https://ico.org.uk.
If you are Australia resident or our processing relates to Australian individuals, the processing of your Personal Data is subject to the the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Your Rights under Australian Privacy Law:
Overseas Transfers (Cross-Border Disclosures):
We may disclose your personal information to recipients located outside Australia (e.g., in the EU, US, or other countries). Before doing so, we take reasonable steps to ensure that overseas recipients do not breach the APPs. These steps may include:
Supervisory Authority:
If you are not satisfied with our response to a privacy concern, you may contact: Office of the Australian Information Commissioner (OAIC), website: https://www.oaic.gov.au
Phone: 1300 363 992.
