Data Protection

Last Updated:

1. Introduction to Data Protection

Sieveorganic is committed to protecting the privacy and security of your personal data. This Data Protection notice explains how we comply with data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We recognize that your personal data is valuable and sensitive, and we take our responsibilities as a data controller seriously. This document outlines our data protection practices, your rights, and how we safeguard your information.

2. Data Controller Information

Sieveorganic is the data controller responsible for your personal data. Our contact details are:

Sieveorganic
Unit 1, 147-151 Charlmont Road
London, SW17 9QN
Great Britain

Phone: 0344 556 6111

Email: assist@sieveorganic.world

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

3.1 Contractual Necessity

We process your data to fulfill our contractual obligations when you place an order for our water delivery services. This includes processing your order, arranging delivery, and providing customer support.

3.2 Legitimate Interests

We may process your data based on our legitimate business interests, such as improving our services, preventing fraud, and maintaining the security of our systems. We always balance our interests against your rights and freedoms.

3.3 Legal Obligations

We process certain data to comply with legal and regulatory requirements, such as maintaining financial records, responding to legal requests, and fulfilling tax obligations.

3.4 Consent

For certain processing activities, such as marketing communications, we rely on your explicit consent. You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. Types of Personal Data We Collect

We collect and process the following categories of personal data:

4.1 Identity Data

This includes your name, title, date of birth, and other identifiers that help us verify your identity and provide personalized service.

4.2 Contact Data

We collect your postal address, email address, telephone numbers, and delivery addresses to communicate with you and deliver our products.

4.3 Financial Data

This includes payment card details, bank account information, and transaction history necessary for processing payments and maintaining financial records.

4.4 Transaction Data

We maintain records of your orders, purchases, delivery schedules, and payment history to provide our services and improve customer experience.

4.5 Technical Data

When you visit our website, we collect IP addresses, browser types, device information, and usage data to maintain and improve our online services.

4.6 Communication Data

We keep records of your communications with us, including emails, phone calls, and messages, to provide customer support and improve our services.

5. How We Protect Your Data

We implement comprehensive security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction:

5.1 Technical Measures

We use encryption technologies, secure servers, firewalls, and access controls to protect data during transmission and storage. Our systems are regularly updated and monitored for security vulnerabilities.

5.2 Organizational Measures

We have implemented internal policies and procedures to ensure data protection compliance. Our staff receive regular training on data protection and are bound by confidentiality obligations.

5.3 Access Controls

Access to personal data is restricted to authorized personnel who need the information to perform their duties. We use role-based access controls and authentication mechanisms to prevent unauthorized access.

5.4 Data Minimization

We only collect and retain personal data that is necessary for the purposes for which it is processed. We regularly review our data holdings and delete information that is no longer needed.

5.5 Third-Party Security

When we share data with third-party service providers, we ensure they have appropriate security measures in place and are contractually obligated to protect your data.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations:

6.1 Customer Data

We retain customer account information and order history for the duration of our business relationship and for a reasonable period afterward to handle any queries or issues.

6.2 Financial Records

Financial and transaction data is retained for at least six years to comply with tax and accounting regulations.

6.3 Marketing Data

If you have consented to receive marketing communications, we retain your contact information until you withdraw consent or we determine the data is no longer relevant.

6.4 Technical Data

Website usage data and technical logs are typically retained for shorter periods, usually between 6 and 24 months, depending on the purpose.

6.5 Secure Deletion

When data is no longer needed, we securely delete or anonymize it to prevent unauthorized access or recovery.

7. Your Data Protection Rights

Under UK data protection law, you have the following rights:

7.1 Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

7.2 Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we hold about you.

7.3 Right to Erasure

In certain circumstances, you have the right to request that we delete your personal data, such as when it is no longer necessary for the purposes for which it was collected.

7.4 Right to Restrict Processing

You can request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

7.6 Right to Object

You can object to our processing of your personal data based on legitimate interests or for direct marketing purposes.

7.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you.

7.8 Right to Withdraw Consent

Where we rely on consent to process your data, you have the right to withdraw that consent at any time.

8. Exercising Your Rights

To exercise any of your data protection rights, please contact us using the details provided at the beginning of this document. We will respond to your request within one month, although this may be extended by two months for complex requests.

We may need to verify your identity before processing your request to ensure we are disclosing information to the correct person. This is a security measure to protect your personal data.

You will not normally have to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to comply with your request if it is clearly unfounded, repetitive, or excessive.

9. Data Sharing and Transfers

We may share your personal data with the following categories of recipients:

9.1 Service Providers

We work with third-party service providers who process data on our behalf, such as payment processors, delivery companies, IT service providers, and marketing agencies. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

9.2 Legal and Regulatory Authorities

We may disclose your data to law enforcement, regulatory bodies, or other authorities when required by law or to protect our rights and interests.

9.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner, subject to appropriate safeguards.

9.4 International Transfers

If we transfer your data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, to protect your data in accordance with UK data protection law.

10. Data Breach Procedures

Despite our security measures, data breaches can occur. If we experience a data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
  • Take immediate steps to contain and remediate the breach
  • Investigate the cause of the breach and implement measures to prevent future incidents
  • Maintain records of all data breaches and our response actions

11. Children's Data

Our services are not directed at children under the age of 18, and we do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete that information promptly.

Parents or guardians who believe their child has provided us with personal data should contact us immediately so we can take appropriate action.

12. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals. Any automated processing we conduct is limited to operational purposes such as fraud detection and does not result in decisions that significantly impact your rights.

If our practices change in the future, we will update this notice and provide you with information about the logic involved, the significance, and the envisaged consequences of such processing.

13. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact us first so we can address your concerns. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 0303 123 1113

Website: www.ico.org.uk

14. Updates to This Notice

We may update this Data Protection notice from time to time to reflect changes in our practices, legal requirements, or other factors. We will notify you of any material changes by posting the updated notice on our website and updating the "Last Updated" date.

We encourage you to review this notice periodically to stay informed about how we protect your personal data.

15. Contact Us

If you have any questions about this Data Protection notice or our data protection practices, please contact us:

Sieveorganic
Unit 1, 147-151 Charlmont Road
London, SW17 9QN
Great Britain

Phone: 0344 556 6111

Email: assist@sieveorganic.world