Privacy Policy

1. Introduction

Vefthranvik ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website or purchase our products.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. By using our website, you acknowledge the practices described in this policy.

2. Data Controller Information

The data controller responsible for your personal data is:

3. Information We Collect

We collect the following types of personal data:

3.1 Information You Provide

• Full name
• Email address
• Phone number (optional)
• Delivery address
• Payment information (processed securely by our payment provider)
• Messages or enquiries you send us

3.2 Information Collected Automatically

• IP address
• Browser type and version
• Device information
• Pages visited and time spent on our website
• Referring website
• Cookie data (see our Cookie Policy for details)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: To fulfill orders and provide services you have requested
• Consent: For marketing communications, where you have provided explicit consent
• Legitimate Interests: To improve our services, prevent fraud, and ensure website security
• Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Information

We use your personal data for the following purposes:

• Processing and fulfilling your orders
• Communicating about your order status and delivery
• Responding to your enquiries and providing customer support
• Sending marketing communications (with your consent)
• Improving our website and services
• Preventing fraud and ensuring security
• Complying with legal obligations

6. Marketing Communications

We only send direct marketing by email where we have a valid legal basis under UK GDPR and the Privacy and Electronic Communications Regulations (PECR), such as your consent or a lawful soft opt-in where applicable. You can unsubscribe at any time using the unsubscribe link or by contacting us.

7. Data Sharing

We may share your personal data with:

• Service Providers: Payment processors, delivery companies, and hosting providers who help us operate our business
• Legal Authorities: When required by law or to protect our legal rights

We do not sell your personal data to third parties. All service providers we work with are bound by data protection agreements and are required to handle your data securely.

8. International Transfers

Your personal data is primarily stored and processed within the United Kingdom and European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA), UK addendum to Standard Contractual Clauses, or adequacy regulations where available.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Order Information: 7 years for tax and legal compliance purposes
• Marketing Preferences: Until you withdraw consent
• Customer Enquiries: 2 years from the last communication
• Website Analytics: 26 months

10. Your Rights

Under UK GDPR, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details provided below. We generally respond within one month, subject to legal exceptions.

11. Automated Decision-Making

We do not carry out solely automated decision-making, including profiling, that produces legal or similarly significant effects for customers.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for data transmission
• Secure servers and databases
• Regular security assessments
• Access controls and authentication measures
• Staff training on data protection

13. Children's Privacy

Our website and products are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

15. Complaints

If you have concerns about how we handle your personal data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113

16. Contact Us

For any questions about this Privacy Policy or to exercise your data protection rights, please contact us: