Food & Vegetables
Wholesale enquiry Get in touch
Home / Legal / Privacy Policy
Legal

Privacy Policy

This policy explains how FOOD AND VEGETABLES LTD collects, uses, shares and protects your personal data when you use our website, our mobile application, or any of our services.

Last updated: 22 April 2026  ·  Effective date: 22 April 2026
Data controller: FOOD AND VEGETABLES LTD · A private limited company registered in England and Wales.

1. Who we are

FOOD AND VEGETABLES LTD (“we”, “us”, “our”) is a private company limited by shares, registered in England and Wales. Our full statutory registration details are available on request to verified partners, regulators, and for legitimate legal purposes.

For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, we are the “controller” of the personal data we process in connection with our websites, our mobile applications, and our services.

If you have any questions about this policy or how we handle your personal data, please contact us at legal@foodvegetables.site.

2. What this policy covers

This policy applies to all personal data we collect and process when you:

  • visit foodvegetables.site or any related sub-domain;
  • install or use our mobile application (the “App”);
  • place an order, sign up for a weekly box, or use any of our services;
  • contact us by email, web form, phone, or social media;
  • engage with us as a supplier, partner, or in another business capacity.

3. Personal data we collect

We only collect personal data that we genuinely need. Depending on how you interact with us, this may include:

  • Identity & contact data: name, email, telephone number, delivery and billing address, organisation name.
  • Order & transaction data: the products you order, delivery preferences, payment confirmations (we do not store full card details ourselves — see section 6).
  • Account data: login credentials, profile preferences, saved addresses, subscription settings.
  • Communications data: the content of emails and messages you send us, and our responses.
  • Technical data: IP address, device type, operating system, browser type, referring URLs, and app diagnostic data, collected automatically when you use our website or App.
  • Usage data: pages viewed, features used, and general interaction patterns, in aggregated or pseudonymised form.
  • Marketing preferences: whether you have opted in to newsletters, promotional emails, or push notifications.

We do not knowingly collect personal data from children under the age of 13. Our services are intended for adults.

4. How we use your personal data (and our legal basis)

We only process personal data when we have a lawful basis to do so under the UK GDPR. The bases we rely on are:

  • Performance of a contract — to take orders, process deliveries, manage subscriptions, and provide customer support.
  • Legitimate interests — to operate, secure and improve our website and App, prevent fraud, analyse usage, and carry on our business in a proportionate way that respects your rights.
  • Consent — for marketing communications, optional cookies and similar technologies, and any other activity where consent is the appropriate basis. You can withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, food-safety, consumer-protection and other laws applicable to us.

5. How we use cookies & similar technologies

Our website uses a small number of cookies and similar technologies. We only use strictly-necessary cookies without consent; all other cookies (analytics, preferences) are set only after you give consent. Full details are in our Cookie Policy.

6. Who we share your data with

We only share your personal data where it is necessary, and always under appropriate contractual and legal safeguards. Categories of recipients include:

  • Service providers — payment processors (e.g. card-payment providers who handle your card details directly and provide us only with confirmation data), hosting providers, email-sending providers, analytics providers, and customer-support tools.
  • Delivery partners — logistics companies we use to fulfil orders; they receive the minimum data required to deliver your parcel.
  • Professional advisors — lawyers, accountants and auditors, where required.
  • Regulators & authorities — where we are legally obliged to disclose data (for example to HMRC, the Information Commissioner’s Office, or the Food Standards Agency).
  • Business transfers — if we reorganise, sell or transfer part of our business, personal data may be transferred to a successor, subject to the same protections.

We do not sell personal data to third parties, and we do not allow third-party advertising tracking on our website or App.

7. International transfers

We primarily store and process personal data within the United Kingdom or the European Economic Area. Where a service provider processes data outside these regions, we ensure appropriate safeguards are in place — typically UK-approved standard contractual clauses, International Data Transfer Agreements, or adequacy decisions recognised by the UK Government.

8. How long we keep your data

We keep personal data only for as long as we need it for the purposes described in this policy, or as required by law. Typical retention periods include:

  • Customer account data: while your account is active, plus up to 2 years after closure.
  • Order and transaction records: 7 years, to meet UK tax and accounting obligations.
  • Marketing preferences: until you unsubscribe, plus a short record of your unsubscribe request.
  • Website & App analytics: up to 26 months in aggregated or pseudonymised form.

9. Your rights under UK GDPR

You have a number of rights in relation to your personal data, including the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request erasure of your data (in certain circumstances);
  • restrict or object to certain processing;
  • request portability of the data you provided to us;
  • withdraw consent at any time, where we rely on consent;
  • complain to the UK Information Commissioner’s Office (ico.org.uk) if you believe we have mishandled your data.

To exercise any of these rights, please email legal@foodvegetables.site. We will respond within one month of your request.

10. How we protect your data

We use industry-standard technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit, access controls, staff training, and regular review of our security practices. No system is 100% secure, so if we ever suffer a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office and affected users in accordance with UK GDPR.

11. Mobile application — additional notes

Our mobile application may collect certain additional data to function correctly, including device identifiers (for push-notification delivery and fraud prevention), crash diagnostics, and approximate location (only where you grant permission, e.g. to estimate delivery timings). You can revoke app-level permissions at any time in your device’s system settings. The App does not include third-party advertising SDKs.

12. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our services, the law, or our practices. When we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you by email or through our website or App.

13. How to contact us

If you have any questions, concerns or requests regarding this policy or your personal data, please contact:

FOOD AND VEGETABLES LTD
Email: legal@foodvegetables.site
Registered in England and Wales.