Privacy policy

  1. About us and how to contact us
  2. Information we collect from you
  3. How we collect and use your information
  4. Keeping your information up to date
  5. How we store your information
  6. Who we share your information with
  7. How long we keep your information
  8. Cookies
  9. International transfers of your information
  10. Your rights
  11. Third-party websites
  12. Updates to this Privacy Policy
  13. Open cookie settings

  1. About us and how to contact us

    We are Sowvital Ltd, a company incorporated and registered in England and Wales under company number 12584044 and whose registered office is at 22-25 Farringdon Street, London, EC4A 4AB, England (“we”, “our”, or “us”). We are registered as a data controller with the Information Commissioner’s Office (the “ICO”) under registration number ZB143545. Our VAT number is GB382882360. We operate the website at www.sowvital.com (our “Website”).

    We collect, use and are responsible for certain personal data (i.e. any information about an individual from which that individual can be identified) about you. When we do so we are subject to the UK General Data Protection Regulation (“UK GDPR”). We are also subject to the EU General Data Protection Regulation (the “EU GDPR”) in relation to products that we offer to individuals in the European Economic Area (the “EEA”). 

    We are committed to protecting and respecting your privacy. Any questions or requests regarding this Privacy Policy, including any requests in respect to your personal data that we process, can be sent by post to the above-stated address or emailed to info@sowvital.com Alternatively, if you are resident in the EEA, you can also contact our appointed EEA data representative at info@sowvital.com.

    This Privacy Policy (together with our Website Terms of Use and any other documents referred to on it, and our Cookie Policy) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. 

    Our Website and the products sold on it are not intended for children and we do not knowingly collect data relating to children.

  2. Information we collect about you

    Depending on the services we provide to you and how you interact with us, we collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:

    • Contact Data, which includes email address, billing address, delivery address, and telephone number (including any phone number used to contact our customer services number).

    • Financial Data, which includes payment card details and other financial and billing information.

    • Identity Data, which includes date of birth, first name, last name, and title.

    • Technical Data, which includes your internet protocol (IP) address, cookie identifiers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website.

    • Transaction Data, which includes information such as details of your purchases and the fulfilment of your orders (such as basket number, order number, subtotal, title, currency, discounts, shipping, number of items, product number), payments to and from you and details of other products you have obtained from us, correspondence or communications with you in respect of your orders, and details of any rewards and bonuses awarded.

    • Usage Data, which includes information about how you use our Website and products, such as clickstream to, through, and from our Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

    • Profile Data, which includes information about purchases or orders made by you, product and style interests, preferences, feedback, and survey responses.

    • Marketing and Communications Data, which includes your preferences in receiving marketing from us and our third parties and your communication preferences.

  3. How we collect and use your information

    We will only collect and process your personal data where we have a lawful basis to do so, i.e. where:

    • we need your personal data to perform a contract with you (for example, to process a payment from you, fulfil your order or provide customer support connected with an order);

    • the processing is in our legitimate interests (i.e. when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights or interests), as further described in the table below;

    • we have a legal obligation to collect or disclose personal data from you; 

    • we need your personal data where you work for our organisation in connection with our obligations and rights in connection with employment, social security, or social protection law; and/or 

    • we have your consent to process your personal data.

    The following table sets out what personal data we collect about you, what we use that personal data for, and our lawful basis for doing so. Please be aware that we sometimes process your personal data using more than one lawful basis, depending on the specific purpose or activity.

    Purpose/Activity

    Type of data

    Lawful basis for processing 

    To register you as a customer 

    (a) Identity

    (b) Contact

    Performance of a contract with you

    To process and deliver your order, including: recording your order details; keeping you informed about the order status; processing payments and refunds; and collecting and recovering money owed to us

    (a) Identity

    (b) Contact

    (c) Financial

    (d) Transaction

    (a) Performance of a contract with you

    (b) Necessary for our legitimate interests (for collecting money owed to us)

    To inform or remind you by email of any task carried out via our Website which remains uncompleted, such as incomplete orders or abandoned baskets

    (a) Identity

    (b) Contact

    (c) Profile

    (d) Technical

    (e) Usage

    Necessary for our legitimate interests (to improve your shopping experience)

    To manage our relationship with you, including: handling any complaints or queries; and notifying you about changes to our Website Terms of Use, Terms of Sale, and/or this Privacy Policy

    (a) Identity

    (b) Contact

    (c) Transaction

    (d) Profile

    (a) Performance of a contract with you

    (b) Necessary to comply with our legal obligations

    To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

    (a) Identity

    (b) Contact

    (c) Technical

    (d) Transaction

    (e) Profile

    (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation or group restructuring exercise)

    (b) Necessary to comply with our legal obligations

    To use data analytics to improve our Website, products/services, marketing, customer relationships and experiences or to ask you to leave a review or take a survey 

    (a) Technical

    (b) Usage

    (c) Profile

    (d) Identity

    (e) Contact

    (f) Transaction

    Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Website updated and relevant and ensure that its content is presented in the most effective manner for you and for your device, to develop our business, to  keep our records updated, to study how customers use our products and services, and to inform our marketing strategy)

    To make suggestions and recommendations to you about goods or services that may be of interest to you (including from our business partners and affiliates), including by way of email and text message

    (a) Identity

    (b) Contact

    (c) Technical

    (d) Usage

    (e) Profile

    (f) Marketing and Communications

    Your consent (you can withdraw this at any time by clicking the link to unsubscribe in our marketing emails and/or the relevant ‘STOP’ number in text messages, or by contacting us using the details above)


    To enable you to partake in a prize draw or competition or to complete a survey

    (a) Identity

    (b) Contact

    (c) Profile

    (d) Usage

    (e) Marketing and Communications

    (a) Performance of a contract with you

    (b) Necessary for our legitimate interests (to study how customers use our products and services, to develop them and grow our business)

    To protect us, our customers, and our Website from fraud and theft

    (a) Identity

    (b) Contact

    (c) Financial

    (d) Transaction

    Necessary for our legitimate interests (for detecting and preventing fraud)

    To undertake, manage, and administer our business 

    (a) Identity

    (b) Contact

    (a) Performance of a contract with you

    (b) Necessary to comply with our legal obligations

    (c) Necessary for our establishment, exercise, or defence of legal claims

    Where the lawful basis stated above is your consent, you have the right to withdraw this consent at any time. You can also object to our processing in certain circumstances where our lawful basis for processing is our legitimate interests and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. Please see section 7 of this Privacy Policy for further information on how to exercise these rights. 

    Please note that, where we rely on your consent or our legitimate interests to process your personal data and you withdraw that consent or object to our processing, we will no longer be able to provide certain services to you that are dependent on this processing. In those circumstances, we may have to cancel certain orders that you have placed with us, but we will notify you if this is the case at the time.

    We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the details provided section 1 of this Privacy Policy.

    If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so (unless we are not able to do so under applicable laws). 

  4. Keeping your information up to date

    If any of your personal data (such as your Contact Data) changes, please ensure that you let us know by editing this in your account settings, so that the information we have about you is kept up to date.

  5. How we store your information

    We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. 

    Our Website uses Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us via the Website. Whenever information is transferred between us in this way, you can check the relevant SSL certificate by looking for a closed padlock system or other trust mark in your browser’s URL bar or toolbar.

    We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

    If you would like detailed information from Get Safe Online on how to protect your personal data and other information and your computers and devices against fraud, identity theft, viruses, and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

  6. Who we share your information with

    We limit access to your personal information to those who have a genuine business need to know it, such as our staff, professional advisors, and business partners, suppliers, and subcontractors that we use in connection with the running of our business for the purposes set out in the table in section 3 of this Privacy Policy (for example, delivery companies, warehouses, and website hosts). 

    If you make a purchase on our Website, your Financial Data is sent to the payment processing service that you select. Please refer to the privacy information provided by the relevant payment processor for further details.   .

    If you have consented to receive marketing communications from us and our affiliates and business partners, your Identity, Contact, and Marketing and Communications Data will also be shared with those affiliates and business partners so that they can contact you. You can withdraw this at any time by clicking the link to unsubscribe in the relevant marketing emails and/or the relevant ‘STOP’ number in text messages, or by contacting us using the details above.

    Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. 

    We or the third parties mentioned above occasionally also share personal data with:

    • our and their external auditors (for example, in order to audit accounts) in which case the recipient of the information will be bound by confidentiality obligations;

    • our and their professional advisers (such as lawyers and other advisers), in which case the recipient of the information will be bound by confidentiality obligations;

    • law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations; and

    • other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.

  7. How long we keep your information

    If you have registered an account on our Website,  we will retain your information for as long as you have an account on our Website. If you delete your account or request us to do so, we will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. 

    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we will be able to use this information indefinitely without further notice to you.

  8. Cookies

    Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our Website. 

    For further information on cookies (including about how we use them and when we will request your consent before placing them and how to disable them), please see our Cookie Policy.

  9. International transfers of your information

    Shopify

    This Website’s online store is powered through Shopify, an e-commerce platform operated by Shopify’s Irish entity, Shopify International Ltd (“Shopify Ireland”), which is based in the Republic of Ireland. We are permitted to transfer your personal data that we collect about you from the United Kingdom to Shopify Ireland under the UK GDPR and EU GDPR. 

    Shopify Ireland processes your Identity Data, Contact Data, Transaction Data, Technical Data, and Usage Data. Some of this personal information is transferred by Shopify Ireland to its Canadian parent entity, Shopify Inc (“Shopify Canada”). 

    Because Shopify Canada is subject to Canada’s own Personal Information Protection and Electronic Documents Act, this transfer of personal data from Shopify Ireland to Shopify Canada is compliant with Shopify Ireland’s obligations under the UK GDPR and EU GDPR. This means that any transfer of your personal data outside of the UK and the EEA to Canada will be subject to measures that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.

    Shopify Canada uses a combination of data centres and cloud server providers to store this personal data, some of which are located in the United States. Where personal data is transferred from Shopify Canada to third-party service providers in the United States, this is done in accordance with the export requirements of Canadian privacy law (which has been determined to provide adequate protection under the UK GDPR and EU GDPR) via contractual arrangements substantially similar to those between us and Shopify Ireland.

    For further information as to how Shopify complies with applicable data protection legislation, please refer to Shopify’s GDPR whitepaper document. You can also read more on how Shopify uses your personal information by reading its own privacy policy here. 

    Klaviyo

    We use a customer relationship management (CRM) system provided by Klaviyo Inc, a US-based company, and its subsidiaries and affiliates (together, “Klaviyo”) to store your Identity and Contact Data. Your Marketing and Communications Data is also shared with Klaviyo to help us manage our email lists and to communicate you where you have requested or consented to receive our emails and marketing messages. This Identity Data, Contact Data, and Marketing and Communications Data is transferred to Klaviyo in the United States on the basis of legally approved standard data protection clauses issued further to Article 46(2) of the UK GDPR and EU GDPR in order to give the transferred information the same protection that it has in the UK and EEA. You can read more on how Klaviyo uses your personal information by reading its own privacy policy here.

    Zendesk

    We additionally use a customer service platform provided by Zendesk, Inc, a US-based company, and its subsidiaries and affiliates (together, “Zendesk”) to communicate with our customers via various channels and provide customer support services via email and live chat. In order to give it the same protection that it has in the UK and EEA, your Identity Data, Contact Data, and Transaction Data is transferred to Zendesk internationally (including the United States) on the basis of binding corporate rules approved by supervisory authorities pursuant to Article 47 of the UK GDPR and EU GDPR. Zendesk then transfers some of this personal data to its subprocessors located outside the UK and the EEA on the basis of legally approved standard data protection clauses issued further to Article 46(2) of the UK GDPR and EU GDPR. You can find out more on how Zendesk uses your personal information by reading its own privacy policy here.

    We will notify any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally to you in accordance with section 12 below.

  10. Your rights

    Under applicable data protection laws, you have a number of important rights free of charge. In summary, those include rights to:

    • access to your personal information and to certain other supplementary information that this Privacy Policy is already designed to address;

    • require us to correct any mistakes in your information which we hold;

    • require the erasure of personal information concerning you in certain situations (please note this that this right will not apply where it is necessary for us to continue to use the relevant personal information for a lawful reason);

    • receive the personal information concerning you which you have provided to us (and where the relevant lawful basis stated in section 3 of this Privacy Policy is your consent or our performance of a contract with you), in a structured, commonly used, and machine-readable format and have the right to transmit those data to a third party in certain situations (please note that this right does not apply to personal data contained only in hard-copy records);

    • withdraw your consent (if you have given this to us previously) for us to contact you for direct marketing purposes;

    • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;

    • object in certain other situations to our continued processing of your personal information; and

    • otherwise restrict our processing of your personal information in certain circumstances.

    If you would like to exercise any of those rights, please contact us using the details provided section 1 of this Privacy Policy, letting us know the information to which your request relates. 

    We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests (in which case we will notify you and keep you updated).

    There are some exceptions to the rights listed above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.

    We hope that we can resolve any query or concern you raise about our use of your information. You have the right to make a complaint at any time to the supervisory authority in the United Kingdom for data protection issues, the ICO, whose website is at www.ico.org.uk. If your usual place of residence is in the European Economic Area (EEA), you additionally have a right to a lodge a complaint with your local supervisory authority. Click here for the contact details of each EEA country’s supervisory authority.  

    We would, however, appreciate the opportunity to deal directly with your concerns before you approach the ICO or any other supervisory authority, and would be pleased to respond to any such complaints as your first-priority contact. 

  11. Third-party websites

    Our Website includes links to third-party websites. We do not control these third-party websites and are not responsible for their privacy statements, notices, or policies. When you leave our Website, we encourage you to read the Privacy Policy of every website you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites. Please check these policies before you submit any personal data to such third-party websites. 

  12. Updates to this Privacy Policy

    This Privacy Policy was last updated on 29 April 2022.

    We may amend this Privacy Policy from time to time as necessary to comply with law or for legitimate business purposes. Any changes we make to this Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this Privacy Policy.