0 £0.00

Cart

No products in the cart.

Menu
Home > Privacy Policy

Privacy Policy

Last updated: 28 October 2025

This Privacy Policy explains how we collect, use and share personal data when you use our website, create an account or place an order. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If anything here is unclear, please contact us using the details below.

WHO WE ARE

Controller: Applecross Farm

Registered office: Applecross Farm, Hollands Lane, Kelsall, CW6 0QT

Privacy contact: applecrossfarm@gmail.com

We are the controller of the personal data described in this Privacy Policy.

WHAT DATA WE COLLECT

We only collect what we need to run the site, process orders and provide support.

  • Identity and contact data – name, billing and delivery addresses, email, phone.
  • Account data – login details, saved addresses, preferences, order history, wishlists.
  • Order and transaction data – items purchased, prices, taxes, refunds, delivery method.
  • Payment data – processed by Square. We receive limited payment information such as status, amount, card brand and last 4 digits. We do not store full card numbers or security codes.
  • Communications – messages you send us, reviews and survey responses.
  • Technical and usage data – IP address, device and browser type, pages viewed, actions on site, logs and diagnostics.
  • Marketing preferences – your choices for email or SMS marketing.
  • Analytics and advertising – pseudonymous identifiers from [analytics provider], and cookie data for measuring site performance and advertising effectiveness. See the Cookie Policy.
  • Social sign in – if you sign in with [provider], we receive your [fields].

HOW WE COLLECT DATA

  • Directly from you when you browse, create an account, place an order or contact us.
  • Automatically via cookies and similar technologies – see our Cookie Policy.
  • From our partners to fulfil your order – for example couriers provide delivery updates.

WHY WE USE YOUR DATA AND OUR LEGAL BASES

We process personal data for the purposes below, relying on one or more of these legal bases: contract, legitimate interests, consent and legal obligation.

PurposeExamplesLegal basis
Run the website and your accountaccount creation, login, saved addressesContract; Legitimate interests
Take and fulfil orderscheckout, payments, delivery, returns and refundsContract; Legal obligation
Customer serviceresponding to queries, warranty and supportContract; Legitimate interests
Safety and securitydetecting and preventing fraud or abuseLegitimate interests; Legal obligation
Analytics and improvementmeasuring performance and fixing issuesLegitimate interests; Consent where required
Marketingsending emails or SMS about products and offersConsent, or Legitimate interests as permitted by law
Legal and tax complianceVAT records, regulatory reportingLegal obligation

You can withdraw consent at any time. Where we rely on legitimate interests, we balance those interests against your rights and expectations.

PAYMENTS VIA SQUARE

We use Square to process payments. Your payment details are provided directly to Square and are handled according to Square’s terms and privacy notice. Square acts as our processor for payment processing and, for some activities such as fraud prevention and compliance, may act as an independent controller. We receive confirmation of payment or refund and limited card details. We do not store full card numbers or security codes.

EMAIL MARKETING VIA MAILCHIMP

We use Mailchimp to manage our email marketing. If you subscribe to our emails, we share your name, email address and, where provided, preferences with Mailchimp so we can send you newsletters and offers. Mailchimp also provides engagement reporting (for example, opens, clicks and unsubscribes) to help us understand what content is useful. You can unsubscribe at any time using the link in any email or by contacting us.

WHO WE SHARE DATA WITH

We do not sell your personal data. We share it only with:

  • Service providers acting on our behalf – website hosting, ecommerce platform (WooCommerce), IT and security, email and SMS services (including Mailchimp for newsletters), analytics, customer support tools, delivery partners and payment processing (Square). They must keep your data secure and use it only under our instructions.
  • Professional advisers – accountants, auditors, insurers, lawyers.
  • Authorities – where required by law or to protect rights, safety or prevent fraud.

If we sell or reorganise our business, personal data may be transferred to the new owner subject to the same protections.

INTERNATIONAL TRANSFERS

Some providers may process data outside the UK/EEA. Where this happens we use safeguards permitted by the UK GDPR, such as adequacy regulations or standard contractual clauses, and additional measures where appropriate. Mailchimp and Square may process data in the United States; we rely on the UK Addendum to the EU Standard Contractual Clauses (and any successor transfer tools) and implement supplementary measures where needed.

HOW LONG WE KEEP DATA

We keep data only as long as needed for the purposes above.

  • Accounts – kept while your account is active. If you request deletion we will deactivate or delete the account and retain only what we must keep for legal or audit purposes.
  • Orders and finance – typically kept for 6 years after the end of the financial year of the transaction.
  • Customer service messages – usually kept for up to 24 months.
  • Marketing preferences – kept until you opt out or your account is deleted.
  • Logs and diagnostics – typically retained for up to 12 months.
  • Cookies – retained per our Cookie Policy.

MARKETING

  • We will send you service and transactional emails about your orders and account.
  • We use Mailchimp to send newsletters and promotions when you opt in, or as otherwise permitted by law. You can unsubscribe at any time using the link in our emails or by contacting us. Unsubscribing will stop marketing emails but we may still send service messages about your orders.
  • We may tailor emails based on your purchases or the pages you view. This does not have legal or similarly significant effects on you and you can opt out at any time.
  • If you unsubscribe, we keep a minimal suppression record to ensure we do not email you again by mistake.

COOKIES

We use necessary cookies to make the site work and, with your consent, optional cookies for analytics and advertising. For details of each cookie, its purpose and how long it lasts – and to change your choices at any time – please see our Cookie Policy or the cookie banner settings.

YOUR RIGHTS

You have the following rights under the UK GDPR:

  • Access your personal data and receive a copy.
  • Correct inaccurate or incomplete data.
  • Delete your data in certain circumstances.
  • Restrict or object to our processing, including for direct marketing.
  • Data portability – to obtain and reuse your data across services.
  • Withdraw consent where we rely on it.

To exercise your rights, contact us at applecrossfarmshop@gmail.com. We may need to verify your identity. Your rights may be limited in some cases, for example where we have a legal obligation to keep records.

AUTOMATED DECISION MAKING

We do not make decisions that have legal or similarly significant effects on you based solely on automated processing. Our payment and security partners, including Square, may use automated tools to prevent fraud. You can contact us to request a review of any decision that involves such tools.

SECURITY

We use appropriate technical and organisational measures to protect personal data, including TLS encryption in transit, access controls and regular review of our systems. No method of transmission or storage is completely secure.

CHILDREN

Our site is intended for adults and we do not knowingly collect data from anyone under 18. If you believe a child has provided personal data, please contact us so we can delete it.

THIRD PARTY LINKS

Our site may contain links to other websites. Those websites have their own privacy policies and we are not responsible for their content or practices.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will post the updated version here and update the “Last updated” date. Material changes may also be notified by email or on the site.

CONTACT AND COMPLAINTS

If you have any questions or concerns about privacy, contact us at applecrossfarmshop@gmail.com or write to us at Applecross Farm, Hollands Lane, Kelsall, CW6 0QT.

You also have the right to complain to the UK Information Commissioner’s Office. See www.ico.org.uk for how to contact the ICO.

Support us on Kickstarter

Support our vision and help build a fairer food system by backing our Kickstarter campaign today

Find OUT HOW

Subscribe to our newsletter

Keep up to date with our exciting progress

Sign up
Close Menu

Mobile Menu

Support us on Kickstarter

We’re launching Applecross Farm with your help. Find out how we’ll bring premium, traceable food to more people and support small British farms.

Find out more