Privacy policy
Last updated: September 3rd, 2025
Sirona Foods (“we”, “our”, or “us”) respects your privacy and is committed to protecting
the personal data you share with us. This Privacy Policy explains how we collect, use,
disclose, and safeguard your information when you visit our website
https://sironafoods.com and interact with our services.
1. Who We Are
Sirona Foods is an Irish-based healthfood company creating instant meals and
convenience foods in line with a 'food as medicine' nutritional philosophy.
We are the data controller for the information collected on this website.
If you have questions, you can contact us at:
Email: sarah@sironafoods.com
Address: 77 Camden Street, Dublin 2, D02 XE80, Republic of Ireland
2. What Personal Data We Collect
We collect only the data necessary to process orders, respond to enquiries, and send
marketing emails (with your consent).
This may include:
a. Information You Provide Directly
• Full name
• Email address
• Phone number
• Shipping and billing address
• Payment details (processed securely via Stripe)
• Information you choose to share when submitting a message through our
contact form
Note: We do not actively collect or process any sensitive personal information that may
be voluntarily shared through contact enquiries.
b. Automatically Collected (via Shopify and cookies):
• IP address
• Device and browser type
• Operating system
• Referring and exit pages
• Pages viewed and time spent
• Approximate location
• Shopping cart contents and preferences
• Session and interaction data
For full details, please see Section 5 – Cookies and Tracking Technologies.
3. How We Use Your Information
We process your personal data for the following purposes:
• To process and fulfil your orders
• To send order updates and respond to inquiries
• To comply with legal obligations (e.g., tax, accounting)
• To improve our website functionality and user experience
• To send occasional marketing emails (only if you opt in)
4. Legal Bases for Processing (GDPR and U.S. Customers)
We rely on the following legal bases to process your personal data:
• Contract - To fulfil orders and pre-orders you place with us
• Legal obligation - To retain records for regulatory or tax purposes
• Consent - For marketing communications and optional cookies
• Legitimate interests - To improve our services and respond to queries
Our use of personal information aligns with fair and transparent business practices and
complies with relevant EU and U.S. state privacy laws including CCPA where applicable.
At Sirona Foods, we do not use automated systems to make decisions about
customers. All order processing, communications, and business decisions involve
human oversight and care.
5. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to ensure core functionality,
enhance user experience, and provide insights into site performance. These are
primarily managed through our platform provider, Shopify.
a. What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help
recognise your device and store preferences or session details.

Note: The exact duration may vary slightly based on browser settings and Shopify
updates.
c. Consent and Control
You will see a cookie banner when visiting our site for the first time. You may:
• Accept all cookies
• Manage preferences by category
• Continue with only essential cookies
Your choices will be remembered and can be changed at any time via the banner.
d. Third-Party Cookies
Currently, we do not use any third-party analytics or marketing tools beyond those
embedded by Shopify. If this changes in the future, this policy will be updated and
appropriate consent will be requested.
6. Data Sharing
We only share your personal data when necessary to operate our business, provide our
services, and comply with legal obligations. We do not sell your personal data under any
circumstances.
Your information may be shared with the following categories of recipients:
a. Service Providers (Data Processors)
We use trusted third-party service providers to help us deliver our services. These
providers only process your data on our behalf and in accordance with our instructions:
• Shopify Inc. – our website host, e-commerce platform, and email marketing
provider. Shopify processes customer and order data to operate the online store,
including checkout, order fulfilment, analytics, and sending email
communications to customers who have opted in. Shopify Privacy Policy
• Stripe Inc. – our payment processing provider. Stripe handles all payment-related
information securely and is PCI-DSS compliant. We do not store or access your
full payment details. Stripe’s Privacy Policy
b. Legal and Regulatory Disclosure
We may disclose your data where required to do so by law or in response to valid legal
requests, such as:
• Government authorities
• Law enforcement agencies
• Tax or regulatory bodies (e.g., for invoicing or audit compliance)
c. Business Transfers
If we undergo a business restructuring, merger, or sale, your data may be transferred to
the new owner, subject to the same level of protection as outlined in this Privacy Policy.
d. Internal Access
Your data may be accessed by our internal team and trusted consultants or agency
partners who assist us with specific business functions, such as order processing,
customer support, marketing, or technical operations. Access is granted strictly on a
need-to-know basis and only for the purposes outlined in this Privacy Policy. All
individuals or organisations handling personal data on our behalf are subject to
appropriate confidentiality agreements and data protection obligations.
7. International Data Transfers
Shopify and Stripe may store and process your data outside the EEA, including in the
United States. Both rely on Standard Contractual Clauses (SCCs) or other safeguards to
ensure compliance with GDPR and CCPA.
8. Data Retention
Our retention periods are based on the type of data, the purpose for processing, and
any applicable legal or regulatory requirements. We carry out scheduled manual
reviews at appropriate intervals to ensure personal data is either securely deleted or
anonymised when it is no longer needed.
Specifically:
a. Order and Transaction Data
We retain order records (including name, address, and purchase details) for a minimum
of 6 years from the end of the relevant accounting period, in line with obligations under
the Irish Taxes Consolidation Act 1997 and Revenue guidelines.
For U.S. transactions, records are also retained to comply with applicable federal and
state tax requirements including CCPA.
b. Customer Support Communications
Any correspondence or messages relating to customer service enquiries are retained
for up to 12 months, unless required longer for legal reasons.
c. Email Marketing Data
If you opt in to receive marketing emails, we retain your contact details and marketing
preferences until:
• You unsubscribe
• You request deletion
• We stop sending email marketing campaigns
In all cases, we retain evidence of your consent for as long as we continue to rely on that
consent for marketing purposes.
Customers may opt out of marketing at any time by using the unsubscribe link in any
email, or by contacting us directly.
d. Website Analytics and Cookies
Cookie and analytics data are retained according to the durations listed in Section 5 –
Cookies and Tracking Technologies, which range from session-only to up to 2 years,
depending on the type.
e. Data Subject Rights Requests
If you submit a DSAR (Data Subject Access Request), we may retain a record of the
request and our response for up to 3 years for accountability and compliance purposes.
9. Your Rights
If you are located in the European Union (EU), you have a number of rights under the
General Data Protection Regulation (GDPR) in relation to your personal data. We are
committed to upholding these rights and enabling you to exercise them easily.
If you are located in the United States, you may also have certain rights under
applicable state privacy laws, such as the right to access or delete your information and
to opt out of marketing communications. We will honour these rights in accordance
with applicable law.
You may exercise any of the rights listed below by contacting us at:
sarah@sironafoods.com
To protect your personal data, we may ask you to verify your identity before acting on
any data access, deletion, or correction request.
We will respond to all valid rights requests within one month, and sooner where
possible. Where permitted under the GDPR and CCPA, we may extend this period by an
additional two months in complex cases, but we will always inform you if this is
necessary.
a. Right to Access
You have the right to request confirmation of whether we process your personal data
and to access a copy of that data, along with related information such as the purpose of
processing, the categories of data, and recipients.
b. Right to Rectification
If any of your personal data is inaccurate or incomplete, you have the right to request
that we correct or update it without undue delay.
c. Right to Erasure (“Right to be Forgotten”)
You may request that we delete your personal data, particularly where:
• It is no longer necessary for the purposes for which it was collected
• You withdraw consent and no other lawful basis applies
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
Note: We may be required to retain certain data for legal or tax compliance purposes.
d. Right to Restrict Processing
You may request that we limit the processing of your personal data under certain
conditions, for example if you contest its accuracy or object to its processing.
e. Right to Object
You can object to our processing of your personal data where we rely on legitimate
interests as a legal basis. We will stop processing unless we can demonstrate
compelling legitimate grounds.
You also have the absolute right to object at any time to the use of your personal data for
direct marketing purposes.
f. Right to Data Portability
Where processing is based on your consent or a contract and carried out by automated
means, you can request to receive your personal data in a structured, commonly used,
and machine-readable format, or have it transmitted directly to another controller.
g. Right to Withdraw Consent
If we process your data based on consent (e.g., for marketing emails), you have the right
to withdraw that consent at any time. This will not affect the lawfulness of processing
before withdrawal.
h. Right to Lodge a Complaint
If you are unhappy with how we handle your personal data, we encourage you to contact
us first at sarah@sironafoods.com, and we will do our best to resolve your concerns
promptly and fairly.
You also have the right to lodge a complaint with a data protection authority, such as the
Irish Data Protection Commission (DPC) or your local supervisory authority.
DPC website: www.dataprotection.ie
10. Data Security
We take the security of your personal data seriously and implement appropriate
technical and organisational measures to protect it against unauthorised access, loss,
misuse, alteration, or disclosure.
These measures include:
• SSL encryption to protect data transmitted between your browser and our
website
• Secure infrastructure provided by Shopify and Stripe, both of which are certified
to high security standards (e.g., PCI DSS for payments)
• Access controls to ensure that only authorised members of our team, including
trusted consultants or agency partners, can access personal data, strictly based
on their role and operational need
• Regular system updates and monitoring provided by Shopify’s platform-level
security
• Data minimisation, collecting only the information necessary for fulfilling orders
and communication
• Staff awareness and confidentiality, ensuring any team member handling data is
trained and committed to safeguarding privacy
Despite our efforts, no system is entirely immune from risk. If we ever become aware of
a data breach that could impact your rights or freedoms, we will notify you without
undue delay and report it to the Data Protection Commission (DPC) as required under
GDPR.
11. Children's Privacy
Our site and services are not directed at children under 16. We do not knowingly collect
personal data from minors. If you believe we’ve collected data from a child, please
contact us and we will delete it.
12. Third-Party Links
Our site may contain links to external sites (e.g., Instagram). We are not responsible for
their privacy practices. Please review their policies before sharing any data.
13. Updates to This Privacy Policy
We may update this Privacy Policy occasionally to reflect changes to our practices or
legal requirements. The revised version will be posted on this page with an updated
“Effective Date.”
We encourage you to review this Policy regularly.
14. Contact Us
If you have any questions or concerns about this Privacy Policy or your data, please
contact us at:
Email: sarah@sironafoods.com
Website: https://sironafoods.com