Privacy Policy
Last updated: 1 January 2026 · Tokan Almanac · 47 Caledonian Road, N1 9BT London, United Kingdom
1. Who We Are
Tokan Almanac is an independent editorial publication focused on everyday wellness practices. The publication is not affiliated with any commercial, governmental, or institutional body. We are the data controller for personal information collected through this website.
Our registered correspondence address is: 47 Caledonian Road, N1 9BT London, United Kingdom. You may contact us at any time regarding data privacy matters at [email protected] or by telephone on +44 20 7183 4526.
This Privacy Policy explains how Tokan Almanac collects, uses, stores, and protects personal data in connection with our website at tokan.info, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data We Collect
We collect the following categories of personal data in connection with your use of this website:
When you use the contact form on our website, we collect your name, email address, and the content of your message. This data is used solely to respond to your enquiry. We do not add you to any mailing list as a result of a contact form submission without your explicit consent.
Where you have accepted analytics cookies, we collect anonymised information about how you interact with our website — pages visited, time spent, referring pages, and device type. This data is collected via Google Analytics and is aggregated; it does not identify you personally.
Our servers automatically record certain technical data when you visit the site, including your IP address, browser type and version, operating system, and the date and time of your request. This information is retained for a maximum of 30 days for security and diagnostic purposes and is not used for profiling.
We store a record of your cookie consent preferences on your device to avoid repeating the consent request on subsequent visits. This does not involve us storing your personal data on our servers — the preference is stored locally in your browser.
We do not collect or process any special category data (such as health information, racial or ethnic origin, political opinions, or religious beliefs). We do not collect any data from persons under the age of 18, and our website is not directed at minors.
3. How We Use Your Data
We use the personal data we collect for the following purposes, each with an identified lawful basis:
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Responding to enquiries | Name, email, message | Legitimate interest |
| Website performance analysis | Analytics data (anonymised) | Consent |
| Website security and diagnostics | Technical/server data | Legitimate interest |
| Compliance with legal obligations | As required by law | Legal obligation |
We do not use your personal data for automated decision-making or profiling. We do not sell, rent, or trade your personal data with third parties for their marketing purposes.
4. Data Sharing and Third Parties
We share limited data with a small number of trusted third-party service providers who assist us in operating this website. All third parties are contractually bound to process data only in accordance with our instructions and applicable data protection law.
Processes anonymised usage data for website performance reporting. Data is transferred to Google LLC servers and is governed by Google's privacy policy. IP anonymisation is enabled. No personal identifiers are transferred.
Our website hosting provider processes technical server data (including IP addresses) as part of delivering the website. All hosting infrastructure is located within the UK or EEA.
Third-party CDN services (jsDelivr, unpkg, Cloudflare) are used to deliver front-end libraries. These services may log request metadata including IP addresses for security and performance purposes.
We will disclose personal data to law enforcement or regulatory bodies where required to do so by law or by valid legal process. We will notify you of any such disclosure where we are permitted to do so.
5. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law:
- — Contact form submissions: retained for up to 12 months from the date of receipt, then permanently deleted.
- — Server/technical logs: retained for a maximum of 30 days, then automatically overwritten.
- — Analytics data: retained for 26 months in Google Analytics, consistent with Google's default retention policy.
- — Cookie preferences: stored locally on your device for up to 12 months, then automatically expire.
6. Your Rights Under UK GDPR
Under UK GDPR, you have the following rights in relation to your personal data:
You may request a copy of the personal data we hold about you at any time.
You may request that we correct any inaccurate personal data we hold about you.
You may request that we delete your personal data, subject to any legal retention obligations.
You may request that we restrict the processing of your personal data in certain circumstances.
Where processing is based on consent, you may request a machine-readable copy of your data.
You may object to processing based on legitimate interests where your own interests override ours.
To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month of receiving your request. There is no charge for exercising your rights, except in cases of manifestly unfounded or excessive requests.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been infringed.
7. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Our website is served exclusively over HTTPS. Access to contact form data is restricted to authorised personnel only.
No method of transmission over the internet or method of electronic storage is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security.
8. International Transfers
Some of our third-party service providers (including Google Analytics) may process data outside the United Kingdom or European Economic Area. Where such transfers occur, they are governed by appropriate safeguards including Standard Contractual Clauses approved under UK GDPR, or adequacy decisions where applicable.
9. Updates to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of the Site after changes are posted constitutes your acceptance of the updated policy.
10. Contact
For any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact: