loader
Buy your daily essentials from us.
Help?
Account Login
0 item(s) Wishlist
0 items Cart
My Menu

Privacy Policy

Last Updated: May 2025

1. Introduction

Welcome to FoodMarts ("FoodMarts", "we", "us", "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (foodmarts.co.uk), use our mobile applications, or use our services (collectively, the "Services").

This policy applies where we are acting as a data controller with respect to the personal data of our Service users; in other words, where we determine the purposes and means of the processing of that personal data.

Please read this Privacy Policy carefully. By using our Services, you acknowledge you have read and understood this Privacy Policy.

FoodMarts is operated by Ifeanyi Emeagi, trading as FoodMarts. For the purpose of UK data protection law, Ifeanyi Emeagi is the data controller responsible for your personal data. You can contact us regarding data privacy at [email protected] or by post at 60 Canterbury Street, South Shields, NE33 4DQ.

2. Information We Collect

We may collect and process the following categories of personal data:

2.1 Information You Provide to Us

  • Account Data: When you (as a Buyer or Vendor) create an account, we collect your name, email address, phone number, and account credentials (username and password). For registered Buyers, we also collect your postcode.
  • Derived Location Data (Buyers): We use the postcode you provide to generate approximate geographical coordinates (latitude and longitude) using a geocoding service. We store these coordinates in our database for registered users only.
  • Order Data (Buyers): Delivery address (which will include your postcode if different from registration), order details, and order history.
  • Vendor Data (Vendors): In addition to Account Data, we collect business name, business address (including postcode, which we may also geocode for mapping and location-based service purposes), bank account details (for payouts, processed via Stripe Connect), VAT registration numbers (if applicable), food hygiene ratings/certifications, and details about the products you list.
  • Payment Data: When you place an order, payment is processed by our third-party payment processor, Stripe. We do not store your full credit/debit card details. Stripe provides us with partial payment information (e.g., last four digits of the card, card type, expiry date) and a transaction token. For Vendors, Stripe processes payouts to your connected bank account. Stripe may collect additional information directly from you under its own privacy policy.
  • Communication Data: Any information you provide when you contact us (e.g., customer support inquiries, feedback) or communicate with other users (e.g., Buyers messaging Vendors) through our Platform.
  • Profile Data: Information you add to your user profile, such as preferences or reviews you submit.
  • Marketing Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.

2.2 Information We Automatically Collect

When you access or use our Services, we may automatically collect:

  • Usage Data: Information about how you use our Services, such as the pages you view, features you use, searches you perform, time spent on the Platform, and other actions you take.
  • Device and Technical Data: IP address, device type, operating system, browser type and version, time zone setting, browser plug-in types and versions, and other technology on the devices you use to access our Services.
  • Location Data (General): We may infer your approximate location from your IP address or more precise location if you enable location services on your device (beyond postcode geocoding) for specific features. You can generally disable device location services through your device settings.
  • Cookie Data: We use cookies and similar tracking technologies. For more information, please see Section 7 ("Cookies and Tracking Technologies") and our Cookie Preference Setting.

3. How We Use Your Information and Legal Basis for Processing

We use your personal data for the following purposes, based on the specified legal grounds:

  • To provide and manage our Services:
    • To register and manage your account (Buyer or Vendor). (Legal Basis: Performance of a contract)
    • To process and fulfill your orders, including sharing necessary details with Vendors. (Legal Basis: Performance of a contract)
    • To use your derived latitude and longitude (from your postcode) to estimate potential shipping costs during checkout for orders. (Legal Basis: Performance of a contract – as it's integral to providing the ordering and delivery service)
    • To facilitate payments via Stripe Connect. (Legal Basis: Performance of a contract)
    • To enable communication between Buyers and Vendors. (Legal Basis: Performance of a contract; Legitimate interests - to facilitate transactions)
    • To provide customer support and respond to your inquiries. (Legal Basis: Performance of a contract; Legitimate interests - to assist our users)
  • To improve and personalize our Services:
    • To understand how users interact with our Services, for analysis and improvement. (Legal Basis: Legitimate interests - to improve our platform and user experience)
    • To personalize your experience for Buyers by using your derived latitude and longitude (from your postcode) to sort and display Vendors and their Goods based on proximity to you. (Legal Basis: Legitimate interests - to provide a more relevant, user-friendly service by helping you find nearby options and deals)
    • To personalize other aspects of your experience, such as showing relevant content or recommendations (Legal Basis: Legitimate interests - to provide a more relevant service; Consent for certain advanced types of personalization beyond basic functionality)
  • For marketing and communication:
    • To send you transactional emails (e.g., order confirmations, service updates). (Legal Basis: Performance of a contract; Legitimate interests - to keep you informed)
    • To send you marketing communications about our Services, offers, and promotions, where you have consented or where permitted by law (e.g., for existing customers about similar products/services). You can opt-out at any time. (Legal Basis: Consent; Legitimate interests for certain existing customer communications)
  • For security and legal compliance:
    • To ensure the security of our Platform, prevent fraud, and enforce our Terms and Conditions. (Legal Basis: Legitimate interests - to protect our business and users; Legal obligation)
    • To comply with applicable legal and regulatory obligations, such as tax and accounting requirements. (Legal Basis: Legal obligation)

4. Sharing Your Information

We may share your personal data with the following categories of third parties:

  • Vendors: When you place an order, we share necessary information with the Vendor to enable them to fulfill your order (e.g., your name, order details, delivery address including postcode, contact information if needed for delivery). Vendors act as independent data controllers for the data they receive to fulfill orders and must comply with applicable data protection laws.
  • Payment Processors: We use Stripe Connect to process payments and manage payouts. Stripe processes your payment information as an independent data controller. We recommend reviewing Stripe's privacy policy.
  • Delivery Partners: If a Vendor uses a third-party delivery service, or if we facilitate delivery, necessary information (name, address, phone number, order details) will be shared with them to complete the delivery.
  • Service Providers (Data Processors): We engage third-party service providers to perform functions on our behalf, such as website hosting, data analytics, geocoding services (to convert postcodes to coordinates), email delivery, customer support tools, and marketing services. These providers only have access to personal data needed to perform their functions and are contractually obligated to process it securely and only on our instructions.
  • Legal Authorities and Regulators: If required by law, legal process, or to respond to a valid governmental request (e.g., for tax purposes, law enforcement).
  • Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your personal data may be transferred as part of that transaction. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.
  • Professional Advisors: Such as lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services, where necessary in the course of the professional services that they render to us.

5. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

For example, account information (including derived location data from your postcode) is generally kept while your account is active and for a period of [e.g., 6 years] thereafter for legal and audit purposes. Order data may also be retained for a similar period for tax and transaction record-keeping.

6. International Data Transfers

Our primary servers, where your personal data is processed and stored, are located within the United Kingdom (hosted on Oracle Cloud, London region). We prioritize using service providers that also process personal data within the UK or the European Economic Area (EEA), regions which the UK authorities have determined provide an adequate level of data protection.

Specifically:

  • Our geocoding service for converting postcodes to geographical coordinates (Postcodes.IO) processes data within the UK/EEA.
  • Our email delivery services are configured to process data within the UK or EEA (currently Mailgun, European region; planned Amazon SES, London region).

While we actively seek to use UK/EEA-based services, some of our third-party service providers (for functions such as analytics, customer support tools, or as a contingency for core services) may be based outside the UK or EEA, or may process data through servers located in other countries.

In any instance where your personal data is transferred by us or our service providers out of the UK or EEA to a country not covered by a UK adequacy decision, we will ensure that legally-compliant appropriate safeguards are implemented to protect your personal data. These safeguards are designed to provide your data with a level of protection equivalent to that which it receives within the UK and may include:

  • The use of the UK's International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs) with the recipient service provider.
  • Transferring data to a country that the UK government has formally recognized as providing an adequate level of data protection.

You have a right to obtain more information about the safeguards we use when transferring your personal data outside the UK or EEA by contacting us.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Preference Setting.

8. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. These measures aim to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. For example, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal data, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

9. Your Privacy Rights (Under UK GDPR)

Under UK data protection law, you have certain rights regarding your personal data. These include the right to:

  • Request access to your personal data (commonly known as a "data subject access request").
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party).
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or to a third party (data portability).
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
  • Lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

To exercise any of these rights, please contact us at [email protected]. We may need to request specific information from you to help us confirm your identity.

10. Children's Privacy

Our Services are not intended for, and we do not direct them to, individuals under the age of 18. We require users to be at least 18 years old to create an account and use our Services, as stated in our Terms and Conditions, primarily because users enter into binding contracts when making purchases and using the platform.

We do not knowingly collect personal data from individuals under the age of 18. If you are a parent or guardian and you believe that your child under the age of 18 has provided us with personal data without your consent, please contact us at [email protected].

If we become aware that we have collected personal data from an individual under the age of 18 in contravention of our policy, we will take steps to remove that information from our servers and may terminate the account.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We may also provide notice to you in other ways, such as through the contact information you have provided, if the changes are material.

You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, our data practices, or your privacy rights, please contact our Data Privacy Manager at:

Email: [email protected]

Address: 60 Canterbury Street, South Shields, NE33 4DQ

This document was last updated in May 2025.

My cart

Your cart is empty.
Continue Shopping