top of page

Privacy Policy

1. Introduction

Norfolk Chillis (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website (www.norfolkchillis.co.uk), place an order, make an enquiry, or otherwise interact with us. It also tells you about your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
 

This Privacy Policy should be read alongside our Terms & Conditions (available on our website), which govern the ordering process, your use of the site, and set out important information about amendments, cancellations, and our commitment to making things right if an order isn't perfect.

Please read this policy carefully. By using our website or providing us with your personal data (including by placing an order), you consent to the practices described in this policy.

2. Who We Are (Data Controller)

The data controller responsible for your personal data is:

Jesse Plunkett-Hall

Trading as Norfolk Chillis

Oak Cottage, Wolterton, Norwich, NR11 7LY, United Kingdom

Email: jesse@norfolkchillis.co.uk

Telephone: 07768 982623

We are a small UK business specialising in handmade chilli-infused products (oils, sauces, honeys, and snacks) grown and crafted in Norfolk. We sell primarily through our website and at local farmers’ markets. Our Terms & Conditions include a clear commitment to customer satisfaction — if something isn't right with your order, we’ll do our best to make it right.

3. What Personal Data We Collect

We may collect and process the following types of personal data about you:

  • Identity and Contact Data: Your name, email address, telephone number, and postal address (billing and delivery) when you place an order or make an enquiry via our contact form or email.

  • Order and Transaction Data: Details of the products you purchase, order history, delivery address, and payment references. We never store or have access to your full card details. Payment is processed securely by our third-party payment processor at the time you place your order. You'll receive an email confirmation once your order has been placed, as set out in our Terms & Conditions.

  • Technical and Usage Data: IP address, browser type and version, device information, operating system, pages visited on our site, time spent on pages, and referring website (collected via cookies and analytics tools provided by Wix).

  • Marketing and Communications Data: Your preferences for receiving marketing communications from us and your interaction with our emails (if you have subscribed to our newsletter or marketing list).

  • Enquiry Data: Any information you provide when you contact us via email, contact form, or social media.

4. How We Collect Your Data

We collect personal data in the following ways:

  • Directly from you: When you place an order through our Wix online store (subject to our Terms & Conditions), complete a contact or enquiry form, sign up for our newsletter (if applicable), or communicate with us by email or phone.

  • Automatically: Through cookies and similar tracking technologies when you browse our website. Wix provides built-in analytics and essential cookies for site functionality.

  • From third parties: From service providers such as Wix (our website and e-commerce platform), payment processors, and delivery partners.

5. How We Use Your Personal Data and Our Lawful Bases

We use your personal data for the following purposes and on the following lawful bases under UK GDPR:

  • Processing and fulfilling orders (performance of a contract): To process payments (taken at the time of order as detailed in our Terms & Conditions), arrange delivery, send order confirmations and updates, and provide customer support. Please note that our Terms & Conditions state we are generally unable to amend or cancel orders once they have been processed for dispatch — this is to ensure we can prepare and fulfil orders efficiently.

  • Responding to enquiries and providing customer service (legitimate interest or contract): To answer your questions, resolve issues, and maintain records of communications. This aligns with our commitment in the Terms & Conditions to do our best to make things right if an order isn't perfect.

  • Improving our website, products, and services (legitimate interest): To analyse how visitors use our site, identify popular products, and make improvements. This helps us run and grow our small business effectively while delivering on our customer satisfaction promise.

  • Marketing communications (consent): To send you newsletters, special offers, or information about new products if you have opted in. You can withdraw consent at any time.

  • Legal and regulatory compliance (legal obligation): To comply with tax, accounting, consumer protection, and other legal requirements (e.g. keeping financial records for HMRC). Our retention practices support both our Terms & Conditions and legal duties.

6. Marketing Communications

If you have provided your consent, we may send you marketing emails about our products, special offers, and news from Norfolk Chillis. You can unsubscribe at any time by clicking the “unsubscribe” link at the bottom of any marketing email or by contacting us directly at jesse@norfolkchillis.co.uk. We will not send you marketing communications if you have not opted in or have previously opted out.

7. Sharing Your Personal Data

We do not sell or rent your personal data to third parties. We may share your data with the following categories of recipients:

  • Service providers and processors: Wix.com Ltd (our website hosting, e-commerce platform, and data processor). Wix processes data in accordance with its own Privacy Policy (available at wix.com/about/privacy).

  • Payment processors: Our chosen secure payment processor(s) to process your payments. These providers are PCI-DSS compliant and only receive the information necessary to complete the transaction. We never store or have access to your full card details, consistent with our Terms & Conditions.

  • Delivery and logistics partners: Royal Mail, couriers, or other delivery services to fulfil and deliver your orders (as referenced in the ordering process in our Terms & Conditions).

  • Professional advisers: Accountants, solicitors, or insurers where necessary for business operations.

  • Legal authorities: If required by law, court order, or to protect our rights, property, or safety.

8. International Data Transfers

Some of our service providers, including Wix, are based outside the United Kingdom. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements. This may include using Standard Contractual Clauses approved by the UK Government or relying on adequacy regulations. You can request further information about these safeguards by contacting us.

9. How Long We Keep Your Personal Data

We retain personal data only for as long as is necessary for the purposes for which it was collected, or to comply with legal, accounting, or reporting requirements — supporting both our operational needs and the commitments in our Terms & Conditions:

  • Order and transaction records: Typically retained for 6 years after the end of the financial year in which the transaction occurred, to meet HMRC and legal requirements (and to handle any post-dispatch queries in line with our customer satisfaction promise).

  • Marketing data: Retained until you unsubscribe or withdraw your consent.

  • Enquiry and contact data: Retained for as long as necessary to respond to your enquiry and maintain a record of the interaction, usually up to 2 years.

  • Website analytics data: Anonymised or aggregated where possible; raw data retained according to Wix’s data retention policies (typically 14–26 months).

10. Your Legal Rights Under UK GDPR

Subject to certain conditions and exceptions, you have the following rights in relation to your personal data:

  • Right to be informed – You have the right to be informed about how we collect and use your data (this policy fulfils that right).

  • Right of access – You can request a copy of the personal data we hold about you.

  • Right to rectification – You can ask us to correct inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”) – You can request that we delete your personal data in certain circumstances.

  • Right to restrict processing – You can ask us to limit how we use your data in certain situations.

  • Right to data portability – You can request a copy of your data in a structured, machine-readable format so you can transfer it to another service.

  • Right to object – You can object to processing based on legitimate interests or for direct marketing purposes.

  • Rights related to automated decision-making and profiling – We do not make solely automated decisions that have a significant legal or similar effect on you.

To exercise any of these rights, please contact us at jesse@norfolkchillis.co.uk. We will respond within one month (or longer in complex cases, in which case we will inform you). You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk if you are unhappy with how we have handled your data.

Important note on limitations: Some of these rights may be limited in certain circumstances. For example, we may need to retain data to fulfil our contractual obligations under our Terms & Conditions (which generally do not permit amendments or cancellations once an order has been processed for dispatch) or to comply with legal obligations such as tax, accounting, or consumer protection requirements. We will always explain any limitations when you make a request.

11. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies (such as pixels or local storage) provided primarily by Wix, our website platform. Cookies are small text files placed on your device to help the site function properly, improve performance, and provide analytics.

Types of cookies we use:

  • Essential cookies: Required for core site functionality such as the shopping cart, checkout process, and security. These cannot be disabled.

  • Analytical/performance cookies: Help us understand how visitors use the site (e.g. which pages are most popular) so we can improve it. Wix provides built-in analytics tools.

  • Functionality cookies: Remember your preferences (e.g. language or region) to enhance your experience.

You can manage or disable cookies through your browser settings at any time. However, disabling essential cookies may affect the functionality of the website (e.g. you may not be able to complete a purchase). For more information on the specific cookies used by Wix, please refer to Wix’s Cookie Policy (wix.com/about/cookie-policy). We may implement a cookie consent banner on the site in the future to give you more granular control.

12. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These include the use of SSL/TLS encryption on our website, secure hosting via Wix, and restricted access to personal data within our small team. Payment transactions are processed by PCI-DSS compliant third-party providers, so we never store sensitive card details on our systems — consistent with the commitments in our Terms & Conditions.

13. Links to Other Websites

Our website may contain links to external websites (for example, social media platforms or partner sites). We are not responsible for the privacy practices or content of those third-party sites. We encourage you to read their privacy policies before providing any personal data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we use (including any updates to our Terms & Conditions). The latest version will always be posted on this page with the “Last updated” date clearly shown. We encourage you to review this policy periodically. If we make significant changes, we may notify you via email (if we hold your email address) or by posting a prominent notice on the website.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to contact us:

Jesse Plunkett-Hall

Norfolk Chillis

Oak Cottage, Wolterton, Norwich, NR11 7LY

Email: jesse@norfolkchillis.co.uk

Telephone: 07768 982623

bottom of page