Free UK delivery over £35
Trade / Wholesale
MMiss Masala

Legal

Privacy Policy

Last updated 26 June 2026.

Draft for review. This policy was generated as a working draft based on the data Miss Masala actually collects. It should be reviewed by a qualified UK data-protection adviser before launch. It is not legal advice.

1. Who we are

Miss Masala Ltd ("Miss Masala", "we", "us") is the data controller for personal data collected through this website. Contact: privacy@missmasala.co.uk.

2. What data we collect

  • Account data: name, email, phone (optional), marketing-preference flag.
  • Order data: shipping and billing addresses, items ordered, order value, delivery instructions.
  • Trade-account data: business name, address, company / VAT number (where provided), trade reference notes.
  • Payment data: we never see or store full card numbers. Card payments are processed by Stripe; PayPal handles its own payments. We only receive a payment status and a tokenised reference.
  • Site-usage data: session cookies (strictly necessary), and — only with your consent — analytics and marketing cookies.

3. Why we use it (legal basis)

  • Contract — to take and fulfil your order, run trade-account approvals, and provide customer service.
  • Legitimate interests — fraud prevention, security, internal analytics on opt-in data, improving the service.
  • Legal obligation — accounting, tax and food-traceability records (we are required to keep certain order records for up to 6 years).
  • Consent — marketing emails, non-essential cookies.

4. Who we share data with

We share only what's needed, with named processors: Stripe and PayPal (payment processing), our shipping carriers (delivery), our email and hosting providers, and — on lawful request — UK regulators or law enforcement.

5. How long we keep it

Account data: while your account is active, plus 12 months. Order records: 6 years (UK accounting requirement). Marketing data: until you unsubscribe. Anonymised analytics: up to 26 months.

6. Your rights

Under UK GDPR you can: access your data, correct it, request deletion, restrict processing, object to processing, and request portability (a machine-readable export).

You can exercise the two most common rights — export and delete — directly from your account: Account → Privacy & data. For any other request, email privacy@missmasala.co.uk and we'll respond within 30 days.

7. Cookies

Strictly necessary cookies are always on (sign-in, basket, security). Analytics and marketing cookies are off unless you opt in via the banner. You can change your choice any time from the "Cookie preferences" link in the footer.

8. International transfers

Some processors (e.g. payment, email) may transfer data outside the UK / EEA. Where that happens we rely on UK-approved adequacy decisions or Standard Contractual Clauses.

9. Security

Data is held in encrypted, access-controlled databases. Admin and staff accounts are required to use two-factor authentication. We never store card numbers.

10. Complaints

You can complain to the UK Information Commissioner's Office: ico.org.uk · 0303 123 1113.