Last updated: 30 April 2026
1. Our commitment to your security
At, Warmthfoods Ltd, protecting your personal and payment information is a priority. This statement explains the security measures we have in place to safeguard your data when you browse www.walmth.co.uk, www.walmth.com and when you make a purchase. Please read alongside our Privacy Policy and Terms and Conditions.
2. Secure browsing (TLS/SSL encryption)
Every page on our Site is served over HTTPS:
- Data between your device and our servers is encrypted using TLS
- Our SSL certificate is issued by Google Trust Services, US ( WE1 ) and renewed regularly.
- You can verify encryption by clicking the padlock icon in your browser’s address bar
3. How we handle your card details
We do not see, store, or process your full card details on our own systems. When you enter card information at checkout, it is transmitted directly from your browser to our payment processor over an encrypted connection. Our payment processor is Tyl by Natwest, a PCI DSS Level 1 compliant provider — the highest level of certification under the Payment Card Industry Data Security Standard. In practice:
- Card numbers, expiry dates, and CVV codes go directly to the payment processor and never touch our servers
- We may store a token, the card type, and the last four digits for receipts and recurring orders
- CVV codes are never stored by anyone, including the processor (a PCI DSS requirement)
4. Strong Customer Authentication (SCA / 3D Secure)
In line with the UK Payment Services Regulations 2017, your bank may ask you to verify your identity for online card payments via 3D Secure (Verified by Visa, Mastercard SecureCode, Amex SafeKey). This adds an extra layer of protection — typically via app notification, SMS code, or biometric check.
5. Our PCI DSS responsibilities
We comply with PCI DSS as a merchant by completing the appropriate Self-Assessment Questionnaire ([SAQ A for fully outsourced / SAQ A-EP for iframe-hosted fields]) and reviewing it annually.
6. Age verification at checkout
Where your basket contains age-restricted products, you will be asked to confirm at checkout that you are 18 or over. We may also use a third-party age-verification service e.g. Yoti, Onfido for an additional electronic check. Final verification takes place on delivery, where our courier may ask for valid photo ID under our Challenge 25 policy. We do not retain copies of identity documents — only a record that the check was passed.
7. Account and password security
- Passwords are stored using industry-standard one-way hashing (bcrypt, Argon2 or equivalent) — we cannot read or recover your password, only reset it
- We enforce minimum password complexity at registration We may offer optional two-factor authentication (2FA) on customer accounts]
What you can do: use a unique, strong password (a password manager helps), never share your login, and log out on shared devices.
8. Infrastructure and operational security
- Hosting: 123-reg — with ISO 27001 / SOC 2 certified data centres
- Firewalls and intrusion detection at the network perimeter
- Software, plugins, and operating systems patched regularly
- Access to customer data restricted to authorised staff on a need-to-know basis and logged
- Encrypted backups taken regularly and stored securely
9. Fraud prevention
- Address Verification Service (AVS) checks at payment
- CVV verification on every transaction
- Machine-learning fraud screening provided by our payment processor
- Manual review of unusual or high-value orders
10. Staff training and access controls
- Staff with access to customer data complete data protection and security training
- Access granted on a least-privilege basis and reviewed periodically
- Written information security and acceptable-use policies for all staff
11. Data breach response
No system can be guaranteed 100% secure. If we discover a personal data breach likely to result in a risk to your rights or freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours. Where the breach is high-risk, we will also notify affected customers without undue delay.
12. Reporting a security concern
If you believe you have found a vulnerability, please contact us promptly and confidentially:
Email: contact@walmth.co.uk Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate. We will acknowledge your report within 5 working days.
13. What you can do to stay safe
- Always check for the padlock and “https://” before entering payment details
- Be wary of phishing. We will never ask for your full card number, CVV, or password by email or phone
- Keep your browser and device operating system up to date
- If you suspect unauthorised use of your card, contact your bank and report it to Action Fraud (actionfraud.police.uk or 0300 123 2040)
14. Contact us General security:
General security: contact@walmth.co.uk
Data protection: contact@walmth.co.uk
Phone: +44 (0)20 36215932