Privacy policy
Last updated: 8 May 2026
This Privacy Policy describes how Almorio ("Almorio," "we," "us," or "our") collects, uses, and discloses your personal information when you visit our website, browse our store, place an order, sign up for our communications, contact us, or otherwise interact with our online services (collectively, the "Services"). Our store is hosted on Shopify, which provides our underlying e-commerce infrastructure.
This Privacy Policy is issued in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
By using the Services, you acknowledge that you have read and understood this Privacy Policy. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.
1. Personal Information We Collect
The categories of personal information we collect depend on how you interact with us. We may collect:
- Contact details - your name, email address, phone number, shipping address, and billing address.
- Order and transaction information - items viewed, added to your cart or wishlist, purchased, returned, or exchanged; order history; shipping and tracking details.
- Payment information - payment card details and billing information. Card numbers are processed by Shopify Payments and other PCI-compliant payment processors; we do not store full payment card numbers on our systems.
- Account information - username, hashed password, saved addresses, communication preferences, and account settings, if you create an account.
- Communications - messages, product reviews, customer-service enquiries, and feedback you send to us.
- Device and technical information - IP address, browser type, operating system, device identifiers, referring URLs, and similar information.
- Usage information - pages visited, time spent on the site, clicks, and other interactions with the Services.
- Cookies and tracking data - see Section 6.
We do not generally collect special-category personal data (such as health, biometric, or political-opinion data). Please do not send us such information unless we specifically request it.
2. How We Collect Personal Information
We collect personal information:
- Directly from you when you place an order, create an account, subscribe to our newsletter, leave a review, or contact customer service.
- Automatically through cookies, pixels, SDKs, and similar technologies when you use the Services.
- From service providers and partners, including Shopify, payment processors, shipping carriers, analytics providers, and advertising platforms.
3. How We Use Personal Information and Our Lawful Bases
Under the UK GDPR, we are required to identify a lawful basis for each processing activity. We use your personal information for the following purposes and on the following lawful bases:
| Purpose | Lawful basis |
|---|---|
| Processing and fulfilling orders, including shipping, returns, exchanges, and refunds | Performance of a contract with you (Art. 6(1)(b)) |
| Creating and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Communicating with you about orders and customer-service enquiries | Performance of a contract (Art. 6(1)(b)) |
| Sending marketing emails to existing customers about similar products | Legitimate interests (Art. 6(1)(f)) and the PECR "soft opt-in" |
| Sending marketing emails or messages to non-customers | Your consent (Art. 6(1)(a)) |
| Personalising your experience and recommending products | Legitimate interests in providing a relevant shopping experience (Art. 6(1)(f)) |
| Showing you relevant advertisements on third-party platforms | Your consent for non-essential advertising cookies (Art. 6(1)(a)), and our legitimate interests in promoting our products (Art. 6(1)(f)) |
| Analysing how the Services are used and improving them | Legitimate interests in operating and improving our business (Art. 6(1)(f)) |
| Detecting, preventing, and responding to fraud, abuse, and security incidents | Legitimate interests in protecting our business and customers (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)) |
| Complying with our tax, accounting, and other legal obligations | Legal obligation (Art. 6(1)(c)) |
| Establishing, exercising, or defending legal claims | Legitimate interests (Art. 6(1)(f)) |
Where we rely on legitimate interests, we have considered whether those interests are overridden by your rights and freedoms. You have the right to object to such processing - see Section 10.
4. How We Share Personal Information
We share personal information only as described below:
Service providers. We share information with vendors who perform services on our behalf - including Shopify (e-commerce platform and hosting), payment processors, shipping and fulfilment partners, customer-service tools, email and SMS providers, analytics services, and cloud-storage providers - under contracts that require them to protect your information and use it only for the purposes we specify.
Advertising and analytics partners. We share certain information with advertising and analytics providers (such as Meta Platforms, Google, and similar partners) for measurement, audience-building, and personalised advertising, including through tools such as the Meta Pixel, the Meta Conversions API, Google Ads tags, and Google Analytics. Where required by law, we obtain your consent before deploying non-essential cookies and similar technologies.
Shopify. As our e-commerce platform, Shopify processes information about your interactions with our store. Shopify may also use information about your interactions with our store, alongside other Shopify-powered merchants, to provide enhanced features such as Shop Pay, fraud prevention, and personalised recommendations. Shopify acts as an independent controller for these purposes. See Shopify's Consumer Privacy Policy at https://www.shopify.com/legal/privacy.
Legal and safety. We may disclose personal information where we reasonably believe it is necessary to comply with applicable law, respond to lawful requests from public authorities, enforce our terms, or protect the rights, property, or safety of Almorio, our customers, or others.
Business transfers. If we are involved in a merger, acquisition, financing, reorganisation, insolvency, or sale of assets, your information may be transferred as part of that transaction.
With your direction or consent. Where you ask us to share information with a third party, or where you publicly post information (such as a product review).
We do not sell your personal information.
5. Cookies and Tracking Technologies
We and our partners use cookies, pixels, SDKs, local storage, and similar technologies to operate the Services, remember your preferences, analyse traffic, and deliver advertising. The categories we use include:
- Strictly necessary cookies - required for cart, checkout, login, and security. These do not require your consent.
- Analytics cookies - used to understand how the Services are performing.
- Advertising cookies and pixels - used to measure ad performance and show you relevant ads on third-party platforms.
In line with PECR, we ask for your consent before placing analytics or advertising cookies on your device. You can change your preferences at any time through our cookie banner or your browser settings. Please note that disabling certain cookies may affect how the Services function.
We honour the Global Privacy Control (GPC) signal where applicable.
6. Marketing Communications
We may send you marketing emails or messages where you have given us consent, or where you are an existing customer and the messages relate to similar products (the PECR "soft opt-in"). You can opt out of marketing at any time by clicking the "unsubscribe" link in any marketing email, replying STOP to any marketing text message, or contacting us at info@almorio.com. Even if you opt out of marketing, we may still send you transactional messages about your orders or account.
7. International Transfers
Your personal information may be transferred to, stored, and processed in countries outside the United Kingdom, including by our service providers (such as Shopify) and our advertising partners. Where we transfer personal data outside the UK, we rely on a recognised transfer mechanism - such as a UK adequacy decision, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses — together with appropriate supplementary measures where required. You can request further information about these safeguards by contacting us at info@almorio.com.
8. Data Retention
We retain personal information for as long as we need it to provide the Services and for the legitimate purposes described in this Privacy Policy, including:
- Order and transaction data - for at least six years from the date of the transaction, to comply with HMRC and accounting obligations.
- Account data - for as long as your account is active, plus a reasonable period after closure for legitimate business and legal purposes.
- Marketing data - until you unsubscribe or otherwise withdraw consent, plus a short period to record that you have opted out.
- Customer-service correspondence - typically up to three years from the last interaction.
- Cookies and similar technologies - for the period set out in our cookie banner, which varies by cookie type.
When personal information is no longer needed, we delete or anonymise it.
9. Security
We use appropriate technical and organisational measures to protect personal information, including encryption in transit, access controls, and reliance on PCI-compliant payment processors. No method of transmission or storage is fully secure, however, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
10. Your Rights Under the UK GDPR
You have the following rights in relation to your personal information. Some of these rights only apply in certain circumstances and are not absolute.
- Right of access - request a copy of the personal information we hold about you.
- Right to rectification - ask us to correct inaccurate or incomplete information.
- Right to erasure ("right to be forgotten") - ask us to delete your personal information in certain circumstances.
- Right to restrict processing - ask us to limit how we use your personal information in certain circumstances.
- Right to data portability - receive a copy of your personal information in a structured, commonly used, machine-readable format.
- Right to object - object to processing based on our legitimate interests, including direct marketing, which you can opt out of at any time.
- Right to withdraw consent - where we rely on your consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Rights related to automated decision-making - we do not currently make decisions about you based solely on automated processing that produce legal or similarly significant effects.
To exercise any of these rights, email us at info@almorio.com. We may need to verify your identity before fulfilling your request and will respond within one month, as required by the UK GDPR. In some cases, this period may be extended by up to two further months for complex requests, in which case we will let you know.
11. Right to Complain
If you have concerns about how we handle your personal information, please contact us first at info@almorio.com so we can try to resolve the issue. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
- Website: https://ico.org.uk/make-a-complaint
- Helpline: 0303 123 1113
If you are based in the European Economic Area, you may also contact your local data protection supervisory authority.
12. Children's Privacy
The Services are not intended for, and we do not knowingly collect personal information from, children under the age of 16. If you believe a child has provided us with personal information, please contact us at info@almorio.com and we will take appropriate steps to delete it.
13. Third-Party Links
The Services may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party site you visit.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will post the updated policy on this page and revise the "Last updated" date. Where the changes are material, we will provide more prominent notice in line with applicable law.
15. Contact Us
If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us at:
Email: info@almorio.com