Privacy notice

At SpiceBoxx, we are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains what information we collect, how we use it, how we store it, and your rights in relation to your personal data. A UK privacy notice should clearly explain who collects the data, why it is used, how long it is kept, who it is shared with, and the rights people have.

1. Information We Collect

We may collect and process the following information:

  • Your name
  • Your phone number
  • Your email address
  • Your delivery or billing address
  • Order details
  • Payment-related information
  • Messages submitted through contact forms
  • Technical data such as IP address, browser type, device type, and website usage information

2. How We Use Your Information

We use your personal information to:

  • process and manage your orders;
  • deliver your food or prepare your collection order;
  • contact you about your order;
  • respond to enquiries or complaints;
  • improve our website and customer experience;
  • maintain website security and prevent misuse;
  • send marketing communications where you have agreed to receive them or where permitted by law.

Privacy information should tell people the purposes for processing, retention periods, and sharing arrangements, and it should be provided when data is collected.

3. Legal Basis for Processing

We process your personal data where necessary:

  • to perform a contract with you, such as processing your order;
  • to comply with legal obligations;
  • for our legitimate interests, such as improving our services and protecting our business from fraud;
  • on the basis of your consent where required, such as for certain marketing or non-essential cookies.

The ICO says you should decide and explain your lawful bases before using personal data, and where consent is used, people should be told they can withdraw it.

4. Payment Information

Payments made through our website may be processed by third-party payment providers. We do not store your full card details on our website unless this is clearly stated and securely managed by an authorised payment processor.

5. Sharing Your Information

We may share your information with:

  • payment service providers;
  • delivery partners;
  • website hosting or technical support providers;
  • professional advisers where necessary;
  • legal or regulatory authorities where required by law.

Where we link to or use third-party services, their own privacy practices may also apply.

6. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to make the website work properly, improve performance, remember preferences, and understand how visitors use the site. Under UK rules, you must clearly explain what cookies do and why, and consent is generally needed for non-essential cookies. Essential cookies used to provide a service the user asked for, such as basket or security functions, are treated differently.

You can manage cookie preferences through your browser settings or our cookie banner, where available.

7. Marketing Communications

If you sign up for offers, updates, or promotions, we may send you marketing by email or other electronic means where permitted. You can unsubscribe or opt out at any time by using the unsubscribe link or contacting us directly. Direct marketing by email, text, phone, and similar channels is also governed by PECR.

8. How Long We Keep Your Information

We only keep personal information for as long as necessary for the purposes for which it was collected, including legal, accounting, tax, operational, or complaint-handling requirements. If you do not have a fixed retention period, you should explain the criteria used to decide how long data is kept.

9. Data Security

We take reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, misuse, or disclosure. However, no online transmission or storage system can be guaranteed to be completely secure.

10. Your Rights

Under UK data protection law, you may have the right to:

  • request access to your personal data;
  • ask us to correct inaccurate data;
  • ask us to erase your data in certain circumstances;
  • ask us to restrict processing in certain circumstances;
  • object to certain types of processing;
  • request transfer of your data where applicable;
  • withdraw consent where consent is the basis for processing;
  • complain to the Information Commissioner’s Office (ICO).


11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the latest version will apply from the date it is published.