Privacy Policy

Privacy Policy

Privacy Policy

Last updated: [today’s date]

The Little Supplement Company Ltd (“LSC”, “we”, “us”, “our”) respects your privacy. This policy explains how we collect, use and protect your personal data when you use our websites, services and stores.

We process personal data in line with the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and changes introduced by the Data (Use and Access) Act 2025. DLA Piper Data Protection+1

1. Who we are (data controller)

Controller: The Little Supplement Company Ltd
Registered address: 22 Hyde Road, Paignton, Devon, TQ4 5BY
Email: thelittlesupplementcompany@gmail.com
Phone: 07711393130
If you have questions about this policy or your data, contact us using the details above. You can also contact the ICO (UK regulator) at ico.org.uk if you’re unhappy with our response. DLA Piper Data Protection

Note: This policy replaces older references to the “Data Protection Act 1998” and outdated domains. Please ignore any earlier versions you may have seen.

2. Where this policy applies

This policy covers:

  • Websites: littlesupplementcompany.co.uk and any brand pages we host under this domain.

  • Shopify store (including checkout) and payment service providers we use to fulfil orders.

3. The data we collect

  • Identity & contact data: name, billing/shipping address, email, phone.

  • Order & account data: items purchased, order history, saved preferences.

  • Payment data: processed securely by our payment providers; we do not store full card details.

  • Technical data: IP address, device identifiers, browser, pages viewed, time on page, referral URLs, interactions, and cookie IDs (see Cookie section).

  • Marketing preferences & communications.

  • Support data: messages, reviews, and survey responses.

4. How we get your data

  • Directly from you: when you browse, create an account, place an order, contact support, or join marketing lists.

  • Automatically: via cookies and similar tech on our sites (see Cookie section).

  • From partners: payment, delivery, analytics and advertising providers that help us run our services.

5. Why we use your data (lawful bases)

We only process your data when we have a lawful basis:

  • To fulfil a contract with you: take payment, deliver products, manage returns, provide customer service.

  • Our legitimate interests: run and improve our store; prevent fraud; keep our services secure; understand product performance; show limited, relevant offers to existing customers (“soft opt-in” – you can opt out anytime).

  • Your consent: send email/SMS marketing to new subscribers; place non-essential cookies; use certain analytics/ads cookies (you can withdraw consent at any time). PECR rules apply. ico.org.uk

  • Legal obligations: tax and accounting records; responding to lawful requests.

6. Marketing

  • Existing customers: we may email about similar products (soft opt-in). You can unsubscribe at any time from footer links or by contacting us.

  • New subscribers/third-party marketing: we only send if you opt in.

  • We never sell your personal data.

7. Cookies & similar technologies

We use cookies and similar tech to make our site work, measure performance and (with consent) improve ads. You can manage your choices in our Cookie banner and Cookie Settings at any time. We only set non-essential cookies with your consent, except for limited PECR exceptions (e.g., strictly necessary cookies, certain low-risk purposes as set out in ICO guidance). See our Cookie Policy for details of each cookie, purpose and lifespan. ico.org.uk+1

8. Who we share data with (processors & recipients)

We share personal data with:

  • Shopify (store platform & hosting) and payment providers (e.g., Shopify Payments, PayPal) to process orders.

  • Delivery partners to ship your order.

  • Analytics/advertising providers (only where permitted by law/consent).

  • IT/security and support vendors who help us operate our services.

  • Authorities or purchasers if required by law, for fraud prevention, or as part of a sale/merger.

We require processors to protect your data and only act on our instructions.

9. International transfers

Some providers are outside the UK. Where we transfer data internationally, we use approved transfer tools such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, and we assess risks where required. ico.org.uk+1

10. Security

We use technical and organisational measures to protect your data, including encryption in transit (TLS/SSL), access controls and secure hosting. Payment details are handled by our PCI-compliant providers.

11. How long we keep your data

We keep data only as long as needed:

  • Orders & accounting: usually 6 years (legal requirement).

  • Accounts: while your account is active.

  • Marketing: until you unsubscribe or your consent is withdrawn, then we keep a minimal suppression record.
    We delete or anonymise data when it’s no longer needed.

12. Your rights

You have rights over your personal data:

  • Access your data;

  • Correct inaccurate data;

  • Erase (in some cases);

  • Restrict or object to processing (including direct marketing);

  • Data portability;

  • Withdraw consent at any time (where processing is based on consent).

To exercise any right, email thelittlesupplementcompany@gmail.com. We do not charge a fee for requests unless they are manifestly unfounded or excessive, in line with the UK GDPR. You also have the right to complain to the ICO (ico.org.uk). DLA Piper Data Protection

13. Children

Our services are for adults. We do not knowingly collect data from children under 16. If you believe a child has provided data, contact us to remove it.

14. Automated decision-making

We do not make decisions that have legal or similarly significant effects on you solely by automated means. If this changes, we will tell you and explain your rights.

15. Links to other sites

Our site may link to other websites. Those sites have their own privacy policies; we are not responsible for their content or practices.

16. Changes to this policy

We may update this policy to reflect changes in our practices or the law (including the DUAA). We will post the new version here and, where appropriate, notify you by email or in-account message. ico.org.uk

17. Contact us

Questions, comments or requests about this policy:
Email: thelittlesupplementcompany@gmail.com
Post: 22 Hyde Road, Paignton, Devon, TQ4 5BY