Privacy policy

PRIVACY POLICY

Last updated: 11 May 2026

1. WHO WE ARE

This website (essentis.co.uk) is operated by THERISEN LTD (Company 
number: 15699962), a company registered in England and Wales, 
trading as "Essentis" ("we", "us", "our").

Registered office: Unit 4 64-68 Elm Grove, Worthing, England, BN11 5LH
Contact email: privacy@essentis.co.uk
Website: https://essentis.co.uk

THERISEN LTD is the Data Controller responsible for your personal 
data under the UK General Data Protection Regulation (UK GDPR) and 
the Data Protection Act 2018.

2. WHAT PERSONAL DATA WE COLLECT

We collect and process the following categories of personal data 
when you interact with our website or place an order:

- Identity data: name, billing/shipping address
- Contact data: email address, phone number
- Transaction data: order details, payment confirmations (we do NOT 
  store full payment card details; these are processed by Shopify 
  Payments and our payment processors)
- Technical data: IP address, browser type, device information, 
  pages visited, time spent on site
- Marketing data: email subscription preferences
- Communications data: messages you send us via contact form, email, 
  or social media

3. HOW WE COLLECT YOUR DATA

We collect data through:
- Direct interactions (when you place an order, create an account, 
  subscribe to our newsletter, or contact us)
- Automated technologies (cookies, analytics tools, server logs)
- Third parties (payment processors, shipping carriers, marketing 
  platforms such as Meta and Google)

4. HOW WE USE YOUR DATA

We use your personal data to:
- Process and deliver your orders
- Communicate with you about your purchases
- Send marketing emails (only with your consent)
- Improve our website and services
- Prevent fraud and ensure security
- Comply with legal and regulatory obligations
- Personalise your shopping experience

5. LAWFUL BASIS FOR PROCESSING

Under UK GDPR Article 6, we process your personal data on the 
following lawful bases:

- Contract (Article 6(1)(b)): to fulfil your orders and provide 
  customer support
- Legitimate interests (Article 6(1)(f)): to improve our services, 
  prevent fraud, and analyse site usage
- Consent (Article 6(1)(a)): for marketing communications and 
  non-essential cookies
- Legal obligation (Article 6(1)(c)): to comply with tax, accounting, 
  and consumer protection laws

You can withdraw consent at any time where consent is the lawful 
basis.

6. SHARING YOUR PERSONAL DATA

We share your personal data only with trusted third parties who 
help us operate our business:

- Shopify (e-commerce platform & payments)
- Royal Mail / DPD / Evri (shipping carriers)
- Google Analytics (website usage analysis)
- Meta (Facebook/Instagram advertising)
- Klaviyo / Shopify Email (email marketing)
- Judge.me (product reviews)
- HMRC and other authorities (where legally required)

All third-party processors are bound by contractual obligations 
to protect your data and use it only for the purposes we specify.

We do NOT sell your personal data to third parties.

7. COOKIES & TRACKING

Our website uses cookies and similar technologies. You can manage 
your cookie preferences through our cookie banner. We use:

- Essential cookies: required for the website to function (cart, 
  checkout, login)
- Analytics cookies: help us understand how visitors use the site 
  (Google Analytics 4)
- Marketing cookies: enable personalised ads on Meta and Google 
  (Meta Pixel, Google Ads)

Essential cookies do not require consent. All other cookies are 
loaded only after you provide consent via our cookie banner.

8. DATA RETENTION

We retain your personal data as follows:

- Order and transaction records: 7 years (HMRC tax requirement)
- Customer account data: until account deletion or 3 years of 
  inactivity, whichever comes first
- Marketing preferences: until you unsubscribe
- Website analytics data: 26 months (Google Analytics default)
- Customer service correspondence: 3 years from last contact
- Cookie preferences: 12 months or until you change them

After these periods, data is securely deleted or fully anonymised.

9. INTERNATIONAL DATA TRANSFERS

Some of our third-party processors (e.g., Shopify, Google, Meta) 
may transfer and process your personal data outside the United 
Kingdom, primarily in the United States and the European Union.

Such transfers are governed by:
- UK adequacy regulations (for EU/EEA destinations)
- UK International Data Transfer Agreement (IDTA) or Standard 
  Contractual Clauses (SCCs) for other destinations
- Additional safeguards as required by UK GDPR

By using our services, you acknowledge that your data may be 
processed in countries outside the UK with equivalent protection 
standards in place.

10. YOUR RIGHTS UNDER UK GDPR

You have the following rights regarding your personal data:

- Right to access: request a copy of the personal data we hold
- Right to rectification: request correction of inaccurate data
- Right to erasure: request deletion of your data ("right to be 
  forgotten")
- Right to restrict processing: limit how we use your data
- Right to data portability: receive your data in a structured 
  format
- Right to object: object to processing based on legitimate interests
- Right to withdraw consent: at any time, for consent-based processing
- Right not to be subject to automated decision-making

To exercise any of these rights, contact us at 
privacy@essentis.co.uk. We will respond within 30 days.

11. HEALTH INFORMATION & AGE RESTRICTION

Essentis sells dietary supplements regulated under the UK Food 
Supplements Regulations 2003. We do NOT collect or process special 
category health data as defined under UK GDPR Article 9.

If you contact our customer service with health-related questions, 
any information you share will be:
- Processed only to respond to your inquiry
- Not retained beyond resolution of the matter
- Not used for marketing purposes
- Not shared with third parties

Our products and website are intended for individuals aged 18 and 
older. We do not knowingly collect personal information from anyone 
under 18. If you believe we have inadvertently collected data from 
a minor, contact us immediately at privacy@essentis.co.uk and we 
will delete it.

12. DATA SECURITY

We implement appropriate technical and organisational measures to 
protect your personal data:
- SSL/TLS encryption for all data in transit
- Secure access controls and authentication
- Regular security audits of our systems
- Trusted, GDPR-compliant third-party processors only
- Staff training on data protection

While we take every reasonable precaution, no method of internet 
transmission is 100% secure.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Any changes 
will be posted on this page with an updated "Last updated" date. 
For material changes, we will notify you by email (if you have an 
account or have subscribed to our newsletter).

14. CONTACT US

For any questions, requests, or concerns about your personal data:

THERISEN LTD trading as Essentis
Unit 4 64-68 Elm Grove, Worthing, England, BN11 5LH
Email: privacy@essentis.co.uk
Website: https://essentis.co.uk

15. COMPLAINTS TO THE ICO

If you are not satisfied with how we have handled your data or any 
complaint you have raised with us, you have the right to lodge a 
complaint with the UK supervisory authority, the Information 
Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

We would, however, appreciate the opportunity to address your 
concerns first — please contact us at privacy@essentis.co.uk before 
escalating to the ICO.