Privacy Policy

Privacy Policy

Onewell Brands Ltd Last updated: 14 April 2026

1. Introduction

Onewell Brands Ltd ("Onewell," "we," "us," or "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website at [www.onewell.co.uk] (the "Site"), place an order, subscribe to our communications, or otherwise interact with us.

We are the data controller for the personal data we process about you. This means we are responsible for deciding how and why your personal data is used.

This Privacy Policy is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. About Us

  • Data controller: Onewell Brands Ltd
  • Registered address: London, EC1V 2NX, United Kingdom
  • Contact email: hello@shop-onewell.com

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

3. What Personal Data We Collect

We collect and process the following categories of personal data, depending on how you interact with us:

3.1 Information You Provide to Us

  • Identity data: Your first name, last name, and title.
  • Contact data: Your email address, delivery address, billing address, and telephone number.
  • Payment data: Your payment card details or other payment information. Payment is processed securely by our payment provider(s) through Shopify. We do not store your full payment card details on our systems.
  • Order data: Details of the products you have purchased, order history, and transaction records.
  • Communication data: Any information you include when you contact us by email, through our Site, or via social media, including the content of your messages and any attachments.
  • Account data: If you create an account, your login credentials, preferences, and account settings.
  • Review and feedback data: Any product reviews, ratings, or feedback you voluntarily submit.

3.2 Information We Collect Automatically

When you visit our Site, we may automatically collect:

  • Technical data: Your IP address, browser type and version, operating system, device type, screen resolution, and time zone setting.
  • Usage data: Information about how you use our Site, including pages visited, time spent on pages, click patterns, referring website addresses, and navigation paths.
  • Cookie data: Information collected through cookies and similar tracking technologies. Please see our Cookie Policy at [link to Cookie Policy] for full details.

3.3 Information from Third Parties

We may receive personal data about you from third parties, including:

  • Shopify: As our e-commerce platform provider, Shopify processes data on our behalf relating to your orders and site interactions.
  • Payment providers: Confirmation of payment transactions.
  • Analytics providers: Aggregated and, in some cases, individual-level browsing data.
  • Marketing platforms: If you interact with our advertisements or social media content, we may receive data from those platforms.

4. How We Use Your Personal Data

We only use your personal data when we have a lawful basis to do so under the UK GDPR. The table below sets out the purposes for which we process your data and the corresponding legal basis.

4.1 Performance of a Contract

We process your data where it is necessary to fulfil our contract with you, including:

  • Processing and fulfilling your orders.
  • Managing payments and refunds.
  • Arranging delivery of your products.
  • Communicating with you about your order status, delivery updates, and any issues with your order.
  • Administering your account, if you create one.

4.2 Legitimate Interests

We process your data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights. This includes:

  • Improving and optimising our Site, product range, and customer experience.
  • Analysing how customers use our Site to identify trends and inform business decisions.
  • Detecting, preventing, and investigating fraud or other unlawful activity.
  • Protecting our business, employees, and customers.
  • Administering and managing our business operations.

4.3 Consent

Where we rely on your consent, we will ask for it clearly and you may withdraw it at any time. We rely on consent for:

  • Sending you marketing emails, newsletters, or promotional communications about our products, offers, and news. You can unsubscribe at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at onewellbrands@gmail.com.
  • Setting non-essential cookies on your device. See our Cookie Policy for details.

4.4 Legal Obligations

We process your data where it is necessary to comply with a legal obligation, including:

  • Maintaining financial and tax records as required by HMRC and Companies House.
  • Responding to lawful requests from regulatory authorities or law enforcement.
  • Complying with food safety and product traceability requirements under UK food law.

5. Marketing Communications

We will only send you direct marketing communications where you have given us your consent to do so, or where you are an existing customer and the communications relate to similar products to those you have previously purchased (in accordance with the "soft opt-in" rule under the Privacy and Electronic Communications Regulations 2003).

You have the right to opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email.
  • Contacting us at onewellbrands@gmail.com.

Opting out of marketing will not affect communications relating to your orders or account.

6. Who We Share Your Data With

We do not sell your personal data to third parties. We may share your data with the following categories of recipients, only to the extent necessary for the purposes described in this Privacy Policy:

  • Shopify: Our e-commerce platform provider, which hosts our Site and processes order and payment data on our behalf.
  • Payment processors: To securely process your payments (for example, Stripe, PayPal, or other providers available at checkout).
  • Delivery and fulfilment partners: To ship your orders to you, including Royal Mail, courier services, or third-party fulfilment providers.
  • Email and marketing service providers: To send transactional and, where you have consented, marketing communications.
  • Analytics providers: Such as Google Analytics, to help us understand how our Site is used.
  • Professional advisers: Including solicitors, accountants, and insurers, where necessary for the operation of our business.
  • Regulatory and law enforcement authorities: Where we are required to do so by law or to protect our legal rights.

All third-party service providers are required to process your data securely and only in accordance with our instructions and applicable data protection law.

7. International Data Transfers

Some of our third-party service providers, including Shopify, may process your data outside the United Kingdom. Where your personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:

  • Transfers to countries that the UK Government has determined provide an adequate level of data protection.
  • Standard contractual clauses approved by the Information Commissioner's Office (ICO) or the UK Secretary of State.
  • Other lawful transfer mechanisms recognised under the UK GDPR.

If you would like further information about the specific safeguards applied to international transfers of your data, please contact us.

8. How Long We Keep Your Data

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are as follows:

  • Order and transaction data: 6 years from the date of the transaction, in line with HMRC requirements and the Limitation Act 1980.
  • Account data: For as long as your account remains active, plus a reasonable period thereafter to deal with any queries or disputes.
  • Marketing data: Until you withdraw your consent or unsubscribe, after which we will suppress your details to ensure we do not contact you again.
  • Website analytics data: Typically retained in aggregated or anonymised form. Individual-level data is retained for no longer than 26 months.
  • Communication records: For a reasonable period to resolve any queries or complaints, typically up to 3 years.

When your data is no longer required, we will securely delete or anonymise it.

9. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR).

9.2 Right to Rectification

You have the right to ask us to correct any personal data that is inaccurate or incomplete.

9.3 Right to Erasure

You have the right to ask us to delete your personal data in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected, or where you withdraw your consent.

9.4 Right to Restrict Processing

You have the right to ask us to limit how we use your personal data in certain circumstances, for example while we are verifying the accuracy of data you have asked us to correct.

9.5 Right to Data Portability

Where we process your data based on your consent or for the performance of a contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transfer it to another controller where technically feasible.

9.6 Right to Object

You have the right to object to our processing of your personal data where we are relying on a legitimate interest, or where we are processing your data for direct marketing purposes.

9.7 Rights Related to Automated Decision-Making

We do not currently make any decisions about you based solely on automated processing (including profiling) that produce legal or similarly significant effects. If this changes, we will inform you and ensure appropriate safeguards are in place.

9.8 Right to Withdraw Consent

Where we process your data based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

How to Exercise Your Rights

To exercise any of the above rights, please contact us at onewellbrands@gmail.com. We will respond to your request within one month. In complex cases, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.

We may need to verify your identity before processing your request. There is no fee for exercising your rights, unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

10. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, loss, or destruction. These measures include:

  • Use of SSL/TLS encryption across our Site.
  • Secure processing of payments through PCI-DSS-compliant payment providers via Shopify.
  • Restricted access to personal data on a need-to-know basis.
  • Regular review of our data processing practices and security measures.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining appropriate protections.

11. Children's Privacy

Our Site and products are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that data as soon as possible. If you believe we may hold data relating to a child, please contact us immediately.

12. Cookies and Tracking Technologies

We use cookies and similar technologies on our Site to improve your browsing experience, analyse site traffic, and support our marketing activities. For full details of the cookies we use, how they work, and how you can manage your preferences, please see our Cookie Policy at [link to Cookie Policy].

13. Links to Third-Party Websites

Our Site may contain links to websites operated by third parties. This Privacy Policy applies only to our Site. We are not responsible for the privacy practices of any third-party website. We encourage you to read the privacy policy of any website you visit.

14. Health and Supplement Data

We sell food supplements and may collect information related to your purchase preferences. We want to be clear about how we handle this information:

  • We do not collect or process any special category data (such as health or medical data) unless you voluntarily provide it to us, for example in a customer service enquiry.
  • If you do share health-related information with us, we will treat it with extra care and process it only for the purpose of responding to your enquiry. We will not use it for marketing or share it with third parties except where required by law.
  • Purchase history data (the products you buy) is treated as standard transactional data, not health data.

15. Social Media and User-Generated Content

If you interact with us through social media platforms or submit reviews, testimonials, or other content, please be aware that:

  • Any information you post publicly on social media or review platforms may be visible to others.
  • We may use positive reviews or testimonials in our marketing with your consent or where we have a legitimate interest, but we will not identify you without your permission.
  • Social media platforms have their own privacy policies, which we do not control.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this page periodically. Where changes are significant, we may notify you by email or by placing a prominent notice on our Site.

17. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

  • Website: www.ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at hello@shop-onewell.com.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

  • Email: hello@shop-onewell.com
  • Onewell Brands Ltd
  • Address: London, EC1V 2NX, United Kingdom

This Privacy Policy is effective as of the "Last updated" date shown at the top of this page.