Privacy policy

Sina Crisps Ltd ("SINA", "we", "us", or "our") operates this store and website, including all related information, content, features, tools, products, and services (collectively, the "Services"). We are powered by Shopify, which enables us to provide the Services to you. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit, use, or make a purchase through the Services or otherwise communicate with us. It applies to all users in the United Kingdom (UK) and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

If there is a conflict between our Terms of Service and this Privacy Policy regarding personal data, this Privacy Policy prevails. Please read this Privacy Policy carefully. By using the Services, you acknowledge that you have read and understood how we process your personal data as described below.

---

1. Data Controller

Sina Crisps Ltd is the data controller responsible for your personal data.

• Company Number: 160932 (registered in Jersey)
• Registered Office: 167–169 Great Portland Street, London, W1W 5PF, United Kingdom
• VAT Number: 499 3070 51
• Email: hello@sinacrisps.com
• Postal Address: As above

We are registered with the Jersey Office of the Information Commissioner (JOIC) and the UK Information Commissioner's Office (ICO). Our registration numbers are available upon request.

---

1. Personal Data We Collect

We collect the following categories of personal data (as defined under UK GDPR): We do not collect special category data (e.g., health, race, religion) unless you voluntarily provide it (e.g., in a support message), in which case it will be processed only with your explicit consent.

---

1. How We Collect Your Personal Data

---

1. Legal Bases for Processing (UK GDPR Article 6)

We only process your personal data when we have a lawful basis:

---

1. How We Use Your Personal Data

We use your data to:

1. Fulfil your orders – process payments, arrange shipping via Royal Mail 48hr Tracked, handle returns.
2. Manage your account – login, saved addresses, order history.
3. Send transactional communications – order confirmations, shipping updates, subscription reminders.
4. Provide customer support – respond to inquiries via email.
5. Send marketing (optional) – only if you opt in. You can unsubscribe anytime via the link in any email.
6. Improve our Services – analyse usage patterns (anonymised where possible).
7. Prevent fraud – monitor for suspicious activity.
8. Comply with legal obligations – VAT reporting, allergen record-keeping, right-to-be-forgotten requests.

---

1. Who We Share Your Data With

We share personal data only where necessary and under strict contracts: We do not sell your personal data. We do not share it for cross-context behavioural advertising unless you consent.

---

1. International Data Transfers

Your data may be transferred outside the UK (e.g., to Shopify in Canada or Cloudflare in the US). We ensure appropriate safeguards:

• Canada & Switzerland: Recognised as providing adequate protection by the UK.
• USA: We use UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) with suppliers, plus Transfer Impact Assessments (TIA) where required.

---

1. Data Retention

We keep your data only as long as necessary: After retention periods, data is securely deleted or anonymised.

---

1. Your Rights Under UK GDPR

You have the following free rights (subject to legal exceptions):

1. Right to be informed – via this Privacy Policy
2. Right of access – get a copy of your data (within 1 month)
3. Right to rectification – correct inaccurate data
4. Right to erasure ("right to be forgotten") – delete your data
5. Right to restrict processing – limit how we use your data
6. Right to data portability – receive your data in a structured format
7. Right to object – to marketing or legitimate interest processing
8. Rights re automated decisions – not subject to fully automated decisions

To exercise any right, email: privacy@sinacrisps.com
We may verify your identity before responding. You can withdraw consent at any time (e.g., unsubscribe from marketing).

---

1. Cookies & Tracking

We use cookies and similar tech to:

• Remember your cart
• Improve site performance
• Show relevant recommendations
• Measure marketing effectiveness

See our full Cookie Policy: https://sinacrisps.com/policies/cookies You can manage preferences via the cookie banner or browser settings. We honour Global Privacy Control (GPC) signals for opt-out of targeted advertising.

---

1. Security

We protect your data with:

• End-to-end encryption via Proton Mail for all email communications
• TLS encryption in transit
• Secure Shopify infrastructure
• Access controls and staff training
• Regular security audits

No system is 100% secure, but we act promptly in case of any breach and will notify you if required by law.

---

1. Children

Our Services are not intended for children under 16. We do not knowingly collect data from children. If we learn we have done so, we will delete it immediately.

---

1. Changes to This Policy

We may update this Privacy Policy. Changes will be posted here with a new "Last Updated" date. Material changes will be notified via email or website notice.

---

1. Complaints

If you're unhappy with how we handle your data:

1. Contact us first: privacy@sinacrisps.com
2. You can complain to:
   • Jersey Office of the Information Commissioner (JOIC): www.jerseyoic.org
   • UK Information Commissioner’s Office (ICO): www.ico.org.uk/make-a-complaint

---

1. Contact Us

For privacy questions or to exercise your rights: Email: privacy@sinacrisps.com
Post: Data Protection, Sina Crisps Ltd, 167–169 Great Portland Street, London, W1W 5PF We respond within 1 month (extendable in complex cases).