Privacy Policy
​Last updated: 29th March 2026​
​​
​
01. Who We Are
This Privacy Policy applies to the website https://www.organic-systems.com, operated by Organic Systems (referred to as “we”, “us”, or “our”). We are based in the United Kingdom.
Email: contact@organic-systems.com
Website: https://www.organic-systems.com
​
We are the Data Controller of the personal data collected through this website.
​
​
02. What Personal Data We Collect
We collect the following categories of personal data:
Identity & Contact Data
• First and last name
• Email address
• Phone number (if provided)
Delivery & Address Data
• Billing address
• Delivery/shipping address
Transaction & Order Data
• Details of products purchased
• Order history and value
• Payment confirmation (we do not store full card details — see Section 12)
Technical & Usage Data
• IP address
• Browser type and version
• Device type
• Pages visited and time spent on site
• Cookie identifiers (see Section 6)
Communications Data
• Messages you send us via email, contact forms, or other channels
• Records of correspondence
Marketing Data
• Your preferences regarding receiving marketing communications from us
We do not collect any special category data (such as health, racial or ethnic origin, religious beliefs, or biometric data) and we do not knowingly collect data from children under 13 (see Section 11).
​​
​
03. How We Collect Your Data
Directly from You
• When you place an order through our online store
• When you create an account on our website
• When you contact us by email, phone, or via a contact form
• When you subscribe to marketing emails or a newsletter
• When you submit a returns or refund request
Automatically
• When you browse our website, through cookies and similar tracking technologies (see Section 6)
• Through analytics tools provided by our website platform which collect usage and technical data
From Third Parties
• From payment processors (e.g. Wix Payments) who confirm payment status
• From delivery and courier services used to fulfil your order
• From social media platforms if you interact with our content or adverts
​
04. How & Why We Use Your Data
We use your personal data only for the purposes set out below and will not use it in ways incompatible with the purpose for which it was collected.
• To process and fulfil your orders — including taking payment, arranging delivery, and sending order confirmations
• To manage your account — if you create a customer account on our site
• To communicate with you about your order — including dispatch notifications, delivery updates, and responding to enquiries
• To process returns, refunds, and complaints
• To send you marketing communications — only where you have given consent or we have a legitimate interest, always with the option to unsubscribe
• To improve our website and store — using anonymised analytics data
• To comply with legal obligations — including tax, accounting, and consumer law requirements
• To prevent fraud and protect our business
​
​
05. Our Lawful Basis for Processing
Under the UK GDPR, we must have a lawful basis for processing your personal data. The table below sets out what we use your data for and the legal basis we rely on in each case.
Purpose
​
Processing and fulfilling your order
​​
​
Taking payment
​​
​
Sending order confirmations and dispatch notifications
​​
Responding to enquiries and complaints
​​
​
Sending marketing emails to existing customers
​​
​
Sending marketing emails to new subscribers
​
Analytics and site improvement
​​
​
Fraud prevention and security
​
​
Keeping financial and tax records
​
​
Processing returns and refunds
Lawful Basis
​
Contract — necessary to perform the contract with you
​
Contract — necessary to perform the contract with you
​
Contract — necessary to perform the contract with you
​
Legitimate interests — to manage our business and maintain customer relationships
​
Legitimate interests — promoting similar products (you may opt out at any time)
​
Consent — you have explicitly opted in
​
Legitimate interests — to improve our website and customer experience
​
Legitimate interests — to protect our business and customers
​
Legal obligation — required by HMRC and applicable law
​
Legal obligation — required under consumer protection law
​
​
06. Cookies
Our website uses cookies — small text files placed on your device — to help the site function correctly, remember your preferences, and understand how visitors use our site.
Types of Cookies We Use
• Essential cookies — required for the website and store to function (e.g. keeping items in your basket, processing checkout). These cannot be disabled.
• Analytics cookies — used to collect anonymised data about how visitors use our site. We use tools provided by our website platform and Google Analytics for this purpose.
• Marketing cookies — used to show relevant advertising on other platforms.
​
When you first visit our site, you will be presented with a cookie consent banner. You can accept or decline non-essential cookies at that time, and update your preferences via the cookie settings link in our footer.
07. Sharing Your Data with Third Parties
We do not sell, rent, or trade your personal data to any third party. We only share your data where necessary, with the following trusted third parties:
Service Providers
• Wix.com — our website and store platform, which hosts our site and processes data on our behalf as a data processor under our instruction.
• Wix Payments — our payment processor, which handles card transactions securely. We never see or store your full card number.
• Courier and delivery services — we share your name and delivery address with our shipping providers to fulfil your order.
• Email marketing tools — used to send order confirmations and marketing emails where you have opted in.
• Analytics providers — which helps us understand how our website is used. Data is anonymised where possible.
Legal Requirements
We may disclose your personal data to law enforcement, regulators, or courts if required by law, or to protect the rights, property, or safety of our business or others.
All third-party service providers are required to process your data only in accordance with our instructions and applicable data protection law.
​​
​
08. International Data Transfers
Because we sell and ship worldwide, and because some of our service providers operate servers outside the UK and EEA, your personal data may be transferred to and stored in countries outside the United Kingdom.
​​​
​
09. How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes it was collected and to comply with our legal obligations:
• Order and transaction records — 7 years, as required by HMRC for tax and accounting purposes
• Customer account data — for the duration your account is active, plus 2 years after your last order or activity
• Marketing preferences and email lists — until you unsubscribe or withdraw consent, after which we retain a suppression record to honour your opt-out
• Customer service correspondence — 3 years from the date of correspondence
• Technical and analytics data — typically 26 months, in line with standard analytics tool settings
Once data is no longer required, it is securely deleted or anonymised.
​
​
10. Your Rights
Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data. If you are located in the EU or EEA, these rights also apply to you under the EU GDPR.​​​
Right
​
Right of access
​​
​
Right to rectification
​​
​
Right to erasure
​
​​
​
Right to restrict processing
​​
​
Right to data portability
​​
​​
​
Right to object
​​
​
​
Right to withdraw consent
​​​
​
​
Rights re: automated decisions
​
​
What it means
​
You can request a copy of the personal data we hold about you (a Subject Access Request).
​
You can ask us to correct inaccurate or incomplete data we hold about you.
​
You can ask us to delete your personal data where there is no compelling reason for us to continue holding it.
​
You can ask us to pause how we use your data in certain circumstances.
​
You can ask us to provide your data in a structured, machine-readable format, or transfer it to another provider where technically feasible.
​
You can object to us processing your data where we rely on legitimate interests, including for direct marketing.
​
Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
​
You have the right not to be subject to decisions made solely by automated processing. We do not currently use automated decision-making of this kind.
​​
​
​
To exercise any of these rights, please contact us at contact@organic-systems.com. We will respond within one calendar month as required by law. We may need to verify your identity before processing your request.
There is no charge for making a request, unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to respond.
​​
​
11. Children's Privacy
Our website and store are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@organic-systems.com and we will delete it promptly.
If you are aged 13–17, please ensure you have the permission of a parent or guardian before making a purchase or providing any personal information on our site.
​
​
12. How We Keep Your Data Secure
We take the security of your personal data seriously and have put in place appropriate technical and organisational measures to protect it:
• SSL encryption — all data transmitted between your browser and our website is encrypted using industry-standard SSL/TLS technology
• Secure payment processing — all card payments are handled by Wix Payments. We never see or store your full card number, CVV, or PIN. Wix Payments is PCI-DSS compliant.
• Access controls — access to your data is restricted to us as the sole operator of this business, and to authorised third-party processors on a need-to-know basis
• Platform security — our website is hosted on a platform that maintains its own security infrastructure and measures
While we take all reasonable steps to protect your data, no method of transmission over the internet is 100% secure. If you believe your interaction with us is no longer secure, please contact us immediately.
​​
​
13. Links to Other Websites
Our website may contain links to third-party websites, social media platforms, or other online services. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of any third-party sites and encourage you to read their privacy policies before providing any personal data to them.
​
​
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we use. The date at the top of this page will be updated whenever a change is made.
For significant changes that affect how we use your data, we will notify you by email (where we hold your email address) or by displaying a prominent notice on our website. Your continued use of our website after any changes constitutes acceptance of the updated policy.
​
​
15. Contact Us & How to Complain
Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your personal data, please contact us:
Email: contact@organic-systems.com