Consumer Data Privacy Policy

1. Who we are

This Privacy Policy explains how Warmthfoods Ltd, company number 16317046, registered at 86-90 Paul Street, London EC2A 4NEUK collects, uses, and protects personal data when you visit www.walmth.co.uk or buy from us. We are the data controller under UK GDPR. We are also a registered food business with Waltham Forest Council.

ICO registration number: ZB971143

Data Protection contact: contact@walmth.co.uk

Last updated:

2. Personal data we collect

We collect the following categories of personal data:

• Identity and contact: name, email, billing/delivery address, phone number
• Order data: items purchased, order history, returns
• Payment data: we do not store full card details. Card payments are processed by Tyl by Natwest. We may store the last four digits and card type for receipts.
• Account data: username, hashed password, preferences, wishlist
• Dietary preferences and allergen information: where you tell us you avoid certain ingredients (e.g. gluten-free, vegan) or have allergies. Allergy information is treated as health-related and given enhanced protection.
• Age verification ( if alcohol is sold): confirmation that you are 18+ at checkout, and (on delivery) the courier may verify ID. We do not retain copies of identity documents.
• Technical data: IP address, browser, device, operating system
• Marketing data: communication preferences and engagement history

3. How we collect your data

• Directly from you when you create an account, place an order, or contact customer service
• Automatically through cookies and similar technologies
• From third parties such as payment providers, couriers, and analytics services

4. Lawful basis for processing

• Contract: to fulfil and deliver your order, take payment, and handle returns • Legal obligation: to keep records for tax/accounting (6 years), food traceability under UK food law, and — for alcohol orders — to verify customer age under the Licensing Act 2003 • Legitimate interests: to prevent fraud, secure our Site, improve products and commerce services, and market similar items to existing customers • Consent: for marketing emails to new customers and non-essential cookies Allergy/health information: where you provide allergen details (e.g. ” nut allergy” in the order notes), we process this with your explicit consent and only to fulfil your order safely. We do not use it for marketing or share it beyond fulfilment.

5. Who we share your data

• Payment processors: [e.g. Stripe, PayPal, Tyl by Natwest will be able to provide the others. • Delivery couriers: e.g. DPD, Royal Mail, APC — including any specialist temperature-controlled providers, and other contracted logistics providers we may contract. • Hosting and platform: [e.g. woo, AWS] • Email and marketing: [e.g. Mailchimp, Klaviyo] • Analytics: [e.g. Google Analytics, Meta Pixel] • For alcoholic beverages sale Age-verification providers [e.g. Yoti, Onfido]] • Regulators and authorities where required — e.g. the Food Standards Agency or Waltham Forest Council in the event of a product recall or food safety incident, in line with the General Food Law Regulation (EC) 178/2002 We do not sell your data to third parties.

6. Product recalls and food safety incidents

If a product you have purchased is subject to a recall (for example, due to an undeclared allergen, contamination, or labelling error), we may use your contact details to notify you, even if you have opted out of marketing. This is necessary to comply with our legal obligations and to protect your vital interests.

7. International data transfers

Where our payment partners, webservice providers or other third parties transfer your data outside the UK, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses with the UK Addendum, or transfers to countries the UK Government has deemed “adequate”.]

8. How long we keep your data

• Order records: 6 years (UK tax law)• Food traceability records: we keep records of which customers received which batches in line with food law, generally for the shelf life of the product plus a reasonable buffer • Account data: until you close your account, then deleted within 30 days (subject to legal retention requirements) • Allergen/dietary data: only kept against active orders; archived order records may include this information for safety reasons • If alcoholic beverages are sold: Age verification: we retain a record that you confirmed your age, but not copies of ID documents • Marketing data: until you unsubscribe, then suppressed

9. Your rights under UK GDPR

You have the right to: • Be informed about how we use your data • Access a copy of your data • Have inaccurate data corrected • Have your data erased (“right to be forgotten”) • Restrict or object to processing • Data portability • Withdraw consent where consent is the lawful basis To exercise these rights, contact contact@walmth.co.uk We will respond within one month. You can also complain to the Information Commissioner’s Office (ICO) at ico.org.uk or 0303 123 1113.

10. Cookies

We use cookies to operate the Site, remember your preferences, analyse usage, and (with consent) deliver targeted advertising. You can manage preferences.

11. How we protect your data

We use technical and organisational measures including TLS/SSL encryption, PCI DSScompliant payment processing, restricted staff access, and regular security reviews. See our separate Website Security Statement.

12. Children

Our Site is not directed at children under 16, and we do not knowingly collect data from them. Alcoholic products, if sold, may only be ordered by, and delivered to, persons aged 18 or over.]

13. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date reflects the most recent version. Material changes will be communicated by email or a prominent notice on the Site.

14. Contact us

Email: contact@walmth.co.uk

Phone: +44 (0)20 36215932

Address: Warmthfoods Ltd 86-90 Paul Street London EC 2A 4NE