Privacy Policy

PRIVACY POLICY Last updated: 19 May 2025

1. WHO WE ARE

Veya ("we", "us", "our") operates the website veya.info and sells whole-food nutritional products. Our farm and registered business are based in East Staffordshire, England.

We are the data controller for personal information collected through this website. If you have any questions about how we handle your data, please see Section 12 (Contact Us).

2. DATA WE COLLECT

Information you give us directly

  • Order information — name, billing and delivery address, email address, phone number, and payment details (processed securely by Shopify Payments and third-party providers).
  • Account information — if you create a customer account, we store your login credentials and order history.
  • Communications — if you contact us by email or through our website, we keep a record of that correspondence.
  • Marketing sign-up — email address if you subscribe to our newsletter or join our community.

Information collected automatically

  • Usage data — pages visited, time spent, clicks, and referring URLs.
  • Device & technical data — IP address, browser type, operating system, and device identifiers.
  • Cookies & similar technologies — see Section 6 below.

Information from third parties We may receive limited data from payment processors (e.g. Shopify Payments, PayPal), social media platforms (e.g. Instagram), and analytics providers to help us understand how our website is used.

3. HOW WE USE YOUR DATA

We use your personal information to:

  • Process and fulfil your orders, including sending order confirmations and shipping updates.
  • Manage your customer account and handle returns or refunds under our 180-day money-back guarantee.
  • Respond to enquiries, complaints, and customer service requests.
  • Send you marketing emails and product updates, where you have opted in or where we have a legitimate interest to do so.
  • Improve our website, products, and overall customer experience.
  • Detect and prevent fraud or other illegal activity.
  • Comply with legal obligations, including tax and accounting requirements.

4. LEGAL BASIS (UK GDPR)

We process your personal data on the following lawful bases under the UK General Data Protection Regulation (UK GDPR):

  • Contract — to fulfil your orders and provide the services you have requested.
  • Legal obligation — to comply with applicable laws (e.g. tax, consumer protection).
  • Legitimate interests — for fraud prevention, improving our services, and direct marketing to existing customers (where proportionate and not overridden by your interests).
  • Consent — for marketing emails where you have explicitly opted in, and for non-essential cookies.

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. SHARING YOUR DATA

We do not sell your personal data. We share it only in the following circumstances:

  • Service providers — we use Shopify to power our online store; shipping carriers to deliver your orders; payment processors (Stripe, PayPal, etc.) to handle transactions; and email service providers for marketing communications. These parties process data solely on our instructions.
  • Analytics — anonymised or aggregated data may be shared with analytics services (e.g. Google Analytics) to help us understand site performance.
  • Legal requirements — we may disclose data when required by law, court order, or to protect the rights, property, or safety of Veya, our customers, or others.
  • Business transfers — if Veya is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. COOKIES & TRACKING

Our website uses cookies and similar technologies across four categories:

  • Strictly necessary — essential for the website to function (e.g. shopping cart, login session). These cannot be disabled.
  • Performance & analytics — help us understand how visitors interact with our website (e.g. Google Analytics). We request consent before setting these.
  • Functional — remember your preferences, such as country/region selection.
  • Marketing — used to show relevant advertisements on third-party platforms. We request consent before setting these.

You can manage your cookie preferences via the consent banner displayed on your first visit, or by adjusting your browser settings. Note that disabling certain cookies may affect website functionality.

7. HOW LONG WE KEEP YOUR DATA

We retain personal data only for as long as necessary for the purposes it was collected, or as required by law:

  • Order & transaction records — 7 years (UK tax and accounting legislation).
  • Customer accounts — for the life of the account, and up to 2 years after the last interaction.
  • Marketing communications — until you unsubscribe or withdraw consent.
  • Customer service enquiries — up to 3 years after resolution.

When data is no longer required, we securely delete or anonymise it.

8. YOUR RIGHTS

Under UK GDPR you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate or incomplete data.
  • Right to erasure — ask us to delete your data where it is no longer necessary, or you withdraw consent.
  • Right to restriction — ask us to limit processing in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making — we do not make solely automated decisions that significantly affect you.

To exercise any of these rights, please contact us at privacy@veya.info. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK's supervisory authority for data protection. Visit ico.org.uk or call 0303 123 1113.

9. SECURITY

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include SSL/TLS encryption for data in transit, access controls, and regular security reviews.

Our website is hosted on Shopify, which maintains its own rigorous security standards and is PCI DSS Level 1 certified. Despite our best efforts, no transmission over the internet is completely secure — if you have concerns, please contact us immediately.

10. CHILDREN'S PRIVACY

Our products and website are not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email.

We encourage you to review this page periodically. Continued use of our website following any changes constitutes your acceptance of the updated policy.

12. CONTACT US

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please reach out:

Email: privacy@veya.info Business: Veya, East Staffordshire, England, UK Response time: Within 30 days