Privacy Policy

Privacy Policy

Effective Date: 30 May 2026

Sirona Foods (“we”, “our”, or “us”) respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://sironafoods.com and interact with our services.

1. Who We Are

Sirona Foods is an Irish-based healthfood company creating instant meals and convenience foods in line with a 'food as medicine' nutritional philosophy.

We are the data controller for the information collected on this website.

If you have questions, you can contact us at:

Email: info@sironafoods.com
Address: 77 Camden Street, Dublin 2, D02 XE80, Republic of Ireland

2. What Personal Data We Collect

We collect only the data necessary to process orders, respond to enquiries, and send marketing emails (with your consent). This may include:

a. Information You Provide Directly

  • Full name
  • Email address
  • Phone number
  • Shipping and billing address
  • Payment details (processed securely via Stripe)
  • Information you choose to share when submitting a message through our contact form

Note: We do not actively collect or process any sensitive personal information that may be voluntarily shared through contact enquiries.

b. Automatically Collected (via Shopify and cookies):

  • IP address
  • Device and browser type
  • Operating system
  • Referring and exit pages
  • Pages viewed and time spent
  • Approximate location
  • Shopping cart contents and preferences
  • Session and interaction data

For full details, please see Section 5 – Cookies and Tracking Technologies.

3. How We Use Your Information

We process your personal data for the following purposes:

  • To process and fulfil your orders
  • To send order updates and respond to inquiries
  • To comply with legal obligations (e.g., tax, accounting)
  • To improve our website functionality and user experience
  • To send occasional marketing emails (only if you opt in)

4. Legal Bases for Processing (GDPR and U.S. Customers)

We rely on the following legal bases to process your personal data:

  • Contract - To fulfil orders and pre-orders you place with us
  • Legal obligation - To retain records for regulatory or tax purposes
  • Consent - For marketing communications and optional cookies
  • Legitimate interests - To improve our services and respond to queries

Our use of personal information aligns with fair and transparent business practices and complies with the GDPR. As our operations expand internationally, we will also comply with applicable U.S. state privacy laws where they apply to us.

At Sirona Foods, we do not use automated systems to make decisions about customers. All order processing, communications, and business decisions involve human oversight and care.

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to ensure core functionality, enhance user experience, and provide insights into site performance. These are primarily managed through our platform provider, Shopify.

a. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help recognize your device and store preferences or session details.

b. Types of Cookies We Use

Cookie Name Category Purpose Duration
_merchant_essential Essential Core site functionality and security (Shopify platform) ~1 year
cart_currency Essential Stores cart currency preference ~1 month
keep_alive Session Maintains session state during visits Session
localization Functional Stores location to show correct regional settings ~1 year
master_device_id Essential Device identification for security and session management ~1 year
_shopify_y Analytics Shopify analytics tracking (unique visitor ID) ~1 year
_shopify_s Analytics Shopify analytics (session-based tracking) ~30 minutes
_landing_page Analytics Tracks landing page for attribution and analysis ~1 month
_orig_referrer Marketing Captures referral source for attribution ~1 month
_tracking_consent Consent Stores user cookie preferences ~1 year

Note: The exact duration may vary slightly based on browser settings and Shopify updates.

c. Consent and Control

You will see a cookie banner when visiting our site for the first time. You may:

  • Accept all cookies
  • Manage preferences by category
  • Continue with only essential cookies

Your choices will be remembered and can be changed at any time via the banner.

d. Third-Party Cookies

Currently, we do not use any third-party analytics or marketing tools beyond those embedded by Shopify. If this changes in the future, this policy will be updated and appropriate consent will be requested.

6. Data Sharing

We only share your personal data when necessary to operate our business, provide our services, and comply with legal obligations. We do not sell your personal data under any circumstances.

Your information may be shared with the following categories of recipients:

a. Service Providers (Data Processors)

We use trusted third-party service providers to help us deliver our services. These providers only process your data on our behalf and in accordance with our instructions:

  • Shopify Inc. – our website host, e-commerce platform, and email marketing provider. Shopify processes customer and order data to operate the online store, including checkout, order fulfilment, analytics, and sending email communications to customers who have opted in. Shopify Privacy Policy
  • Stripe Inc. – our payment processing provider. Stripe handles all payment-related information securely and is PCI-DSS compliant. We do not store or access your full payment details. Stripe’s Privacy Policy

b. Legal and Regulatory Disclosure

We may disclose your data where required to do so by law or in response to valid legal requests, such as:

  • Government authorities
  • Law enforcement agencies
  • Tax or regulatory bodies (e.g., for invoicing or audit compliance)

c. Business Transfers

If we undergo a business restructuring, merger, or sale, your data may be transferred to the new owner, subject to the same level of protection as outlined in this Privacy Policy.

d. Internal Access

Your data may be accessed by our internal team and trusted consultants or agency partners who assist us with specific business functions, such as order processing, customer support, marketing, or technical operations. Access is granted strictly on a need-to-know basis and only for the purposes outlined in this Privacy Policy. All individuals or organisations handling personal data on our behalf are subject to appropriate confidentiality agreements and data protection obligations.

7. International Data Transfers

Shopify and Stripe may store and process your data outside the EEA, including in the United States. Both rely on Standard Contractual Clauses (SCCs) or other safeguards to ensure compliance with the GDPR.

8. Data Retention

Our retention periods are based on the type of data, the purpose for processing, and any applicable legal or regulatory requirements. We carry out scheduled manual reviews at appropriate intervals to ensure personal data is either securely deleted or anonymised when it is no longer needed.

Specifically:

a. Order and Transaction Data

We retain order records (including name, address, and purchase details) for a minimum of 6 years from the end of the relevant accounting period, in line with obligations under the Irish Taxes Consolidation Act 1997 and Revenue guidelines.

For U.S. transactions, records are also retained to comply with applicable federal and state tax requirements.

b. Customer Support Communications

Any correspondence or messages relating to customer service enquiries are retained for up to 12 months, unless required longer for legal reasons.

c. Email Marketing Data

If you opt in to receive marketing emails, we retain your contact details and marketing preferences until:

  • You unsubscribe
  • You request deletion
  • We stop sending email marketing campaigns

In all cases, we retain evidence of your consent for as long as we continue to rely on that consent for marketing purposes.

Customers may opt out of marketing at any time by using the unsubscribe link in any email, or by contacting us directly.

d. Website Analytics and Cookies

Cookie and analytics data are retained according to the durations listed in Section 5 – Cookies and Tracking Technologies, which range from session-only to up to 1 year, depending on the type.

e. Data Subject Rights Requests

If you submit a DSAR (Data Subject Access Request), we may retain a record of the request and our response for up to 3 years for accountability and compliance purposes.

9. Your Rights

If you are located in the European Union (EU), you have a number of rights under the General Data Protection Regulation (GDPR) in relation to your personal data. We are committed to upholding these rights and enabling you to exercise them easily.

If you are located in the United States, you may also have certain rights under applicable state privacy laws, such as the right to access or delete your information and to opt out of marketing communications. We will honour these rights in accordance with applicable law.

You may exercise any of the rights listed below by contacting us at: sarah@sironafoods.com

To protect your personal data, we may ask you to verify your identity before acting on any data access, deletion, or correction request.

We will respond to all valid rights requests within one month, and sooner where possible. Where permitted under applicable law, we may extend this period by an additional two months in complex cases, but we will always inform you if this is necessary.

a. Right to Access

You have the right to request confirmation of whether we process your personal data and to access a copy of that data, along with related information such as the purpose of processing, the categories of data, and recipients.

b. Right to Rectification

If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or update it without undue delay.

c. Right to Erasure (“Right to be Forgotten”)

You may request that we delete your personal data, particularly where:

  • It is no longer necessary for the purposes for which it was collected
  • You withdraw consent and no other lawful basis applies
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Note: We may be required to retain certain data for legal or tax compliance purposes.

d. Right to Restrict Processing

You may request that we limit the processing of your personal data under certain conditions, for example if you contest its accuracy or object to its processing.

e. Right to Object

You can object to our processing of your personal data where we rely on legitimate interests as a legal basis. We will stop processing unless we can demonstrate compelling legitimate grounds.

You also have the absolute right to object at any time to the use of your personal data for direct marketing purposes.

f. Right to Data Portability

Where processing is based on your consent or a contract and carried out by automated means, you can request to receive your personal data in a structured, commonly used, and machine-readable format, or have it transmitted directly to another controller.

g. Right to Withdraw Consent

If we process your data based on consent (e.g., for marketing emails), you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

h. Right to Lodge a Complaint

If you are unhappy with how we handle your personal data, we encourage you to contact us first at sarah@sironafoods.com, and we will do our best to resolve your concerns promptly and fairly.

You also have the right to lodge a complaint with a data protection authority, such as the Irish Data Protection Commission (DPC) or your local supervisory authority.

DPC website: www.dataprotection.ie

10. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse, alteration, or disclosure.

These measures include:

  • SSL encryption to protect data transmitted between your browser and our website
  • Secure infrastructure provided by Shopify and Stripe, both of which are certified to high security standards (e.g., PCI DSS for payments)
  • Access controls to ensure that only authorised members of our team, including trusted consultants or agency partners, can access personal data, strictly based on their role and operational need
  • Regular system updates and monitoring provided by Shopify’s platform-level security
  • Data minimisation, collecting only the information necessary for fulfilling orders and communication
  • Staff awareness and confidentiality, ensuring any team member handling data is trained and committed to safeguarding privacy

Despite our efforts, no system is entirely immune from risk. If we ever become aware of a data breach that could impact your rights or freedoms, we will notify you without undue delay and report it to the Data Protection Commission (DPC) as required under GDPR.

11. Children’s Privacy

Our site and services are not directed at children under 16. We do not knowingly collect personal data from minors. If you believe we’ve collected data from a child, please contact us and we will delete it.

12. Third-Party Links

Our site may contain links to external sites (e.g., Instagram). We are not responsible for their privacy practices. Please review their policies before sharing any data.

13. Updates to This Privacy Policy

We may update this Privacy Policy occasionally to reflect changes to our practices or legal requirements. The revised version will be posted on this page with an updated “Effective Date.”

We encourage you to review this Policy regularly.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please contact us at:

Email: info@sironafoods.com
Website: https://sironafoods.com