Privacy Policy

Identity & Contact Data: Name, email, shipping address, and phone number.

Financial Data: Payment card details (processed securely via Stripe and Strike).

Technical Data: IP address, browser type, and usage patterns via cookies.

To perform a Contract: To process orders, deliver products, and handle returns.

Legitimate Interests: To provide customer support and improve our website functionality.

Consent: To send marketing emails (which you can withdraw at any time) or use non-essential cookies.

Legal Obligation: To keep records for tax and accounting purposes.

We never sell personal data.

We share data with our trusted partners (Processors):

Payments: Stripe & Strike

Fulfilment: Huboo

Infrastructure: Neon (Database), Microsoft Graph (Email), and ipapi.co (Geolocation).

Note on International Transfers: Some of these providers are located outside the UK (e.g., USA). We ensure your data is protected by using UK-approved Standard Contractual Clauses (SCCs) or the International Data Transfer Agreement (IDTA) to ensure a level of protection equivalent to the UK.

We only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including any legal, accounting, or reporting requirements.

Orders & financial records: retained for 6 years to meet UK tax and accounting obligations.

Account information: retained for up to 6 years after last activity (or sooner on request).

Payment information: we never store full card numbers; payment providers retain what they need. Transaction records retained for 6 years.

Support enquiries & correspondence: retained for 3 years.

Marketing preferences & consents: retained until consent is withdrawn or 5 years after last contact.

Logs, IP addresses & technical data: retained for up to 90 days for troubleshooting and fraud prevention, unless required longer for legal reasons.

Analytics & cookies: non-essential cookie data retained for up to 12 months unless you withdraw consent.

You have the following rights under the UK GDPR:

Access: Request a copy of your data.

Correction: Ask us to fix inaccurate info.

Deletion: Ask us to erase your data (in certain circumstances).

Object/Restrict: Object to marketing or restrict how we use your data.

Portability: Request a transfer of your data to another service.

Withdraw Consent: Where we rely on consent, you can withdraw it at any time.

How to exercise your rights: Email support@garlicshop.co.uk with your full name, the email used on the site and any order identifiers. We may ask for minimal verification (for example, confirmation from the registered email or a recent order number). We will respond within one month; if the request is complex we may extend by up to two months but will tell you why within one month.

If you are unhappy with how we use your data, please contact us first at support@garlicshop.co.uk. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection (www.ico.org.uk).

Garlic Shop Ltd.

20 Wenlock Road

London

England

N1 7GU

Company Registration Number: 16529902

Email: support@garlicshop.co.uk

We do not knowingly collect or process personal data from children. If you are under the age at which you can lawfully give consent in your country, please do not create an account or provide personal information without the permission of a parent or guardian.

If we become aware that we have collected a child’s data without appropriate consent, we will take steps to delete that data as soon as possible. To request deletion of a child’s data, contact support@garlicshop.co.uk.

We do not use automated decision-making or profiling that produces legal or similarly significant effects. Any automated processing we run is limited to basic analytics and site functionality and does not affect your rights.

We use industry standard technical and organisational measures to protect personal data, including TLS for data in transit, encryption at rest where appropriate, access controls and secure processes. Payment processing is handled by Stripe and Strike and is PCI-compliant.

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will follow our incident response procedures, notify the ICO where required (within 72 hours where applicable) and notify affected individuals without undue delay.

We do not use third-party tracking to profile you. Functional cookies and technical data (including IP address and ipapi.co location lookups) are used to show the correct currency, calculate shipping costs and for core site functionality.

Non-essential cookies and marketing emails are only used with your explicit consent and you can withdraw consent at any time via the cookie settings or by contacting support@garlicshop.co.uk.

We maintain an internal Record of Processing Activities (RoPA). A public summary of our main processing:

We keep full internal records showing subprocessors, transfer mechanisms (SCCs/IDTA), and legal-basis documentation and will provide it to supervisory authorities on request.

No Tracking. No Tricks. Just Respect.

We only collect what is strictly necessary to get your order from our farm to your door. For orders: we collect your name, email, shipping address, and phone number. For payments: we use Stripe and Strike; they handle card details securely and we never store full card numbers. For the boring stuff: we keep purchase records for 6 years to meet our legal obligations.

Functional cookies are used only to show the right currency and calculate shipping costs. Marketing emails and non-essential cookies are only used with your explicit consent.

If things go wrong, talk to us first or complain to the ICO at www.ico.org.uk.