Privacy policy

Last updated: September 3rd, 2025

 

Sirona Foods (“we”, “our”, or “us”) respects your privacy and is committed to protecting

the personal data you share with us. This Privacy Policy explains how we collect, use,

disclose, and safeguard your information when you visit our website

https://sironafoods.com and interact with our services.

 

1. Who We Are

Sirona Foods is an Irish-based healthfood company creating instant meals and

convenience foods in line with a 'food as medicine' nutritional philosophy.

We are the data controller for the information collected on this website.

If you have questions, you can contact us at:

Email: sarah@sironafoods.com

Address: 77 Camden Street, Dublin 2, D02 XE80, Republic of Ireland

 

2. What Personal Data We Collect

We collect only the data necessary to process orders, respond to enquiries, and send

marketing emails (with your consent).

This may include:

a. Information You Provide Directly

Full name

Email address

Phone number

Shipping and billing address

Payment details (processed securely via Stripe)

Information you choose to share when submitting a message through our

contact form

 

Note: We do not actively collect or process any sensitive personal information that may

be voluntarily shared through contact enquiries.

 

b. Automatically Collected (via Shopify and cookies):

IP address

Device and browser type

Operating system

Referring and exit pages

Pages viewed and time spent

Approximate location

Shopping cart contents and preferences

Session and interaction data

 

For full details, please see Section 5 – Cookies and Tracking Technologies.

 

3. How We Use Your Information

We process your personal data for the following purposes:

To process and fulfil your orders

To send order updates and respond to inquiries

To comply with legal obligations (e.g., tax, accounting)

To improve our website functionality and user experience

To send occasional marketing emails (only if you opt in)

 

4. Legal Bases for Processing (GDPR and U.S. Customers)

We rely on the following legal bases to process your personal data:

Contract - To fulfil orders and pre-orders you place with us

Legal obligation - To retain records for regulatory or tax purposes

Consent - For marketing communications and optional cookies

Legitimate interests - To improve our services and respond to queries

Our use of personal information aligns with fair and transparent business practices and

complies with relevant EU and U.S. state privacy laws including CCPA where applicable.

 

At Sirona Foods, we do not use automated systems to make decisions about

customers. All order processing, communications, and business decisions involve

human oversight and care.

 

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to ensure core functionality,

enhance user experience, and provide insights into site performance. These are

primarily managed through our platform provider, Shopify.

 

a. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help

recognise your device and store preferences or session details.

Note: The exact duration may vary slightly based on browser settings and Shopify

updates.

 

c. Consent and Control

You will see a cookie banner when visiting our site for the first time. You may:

Accept all cookies

Manage preferences by category

Continue with only essential cookies

Your choices will be remembered and can be changed at any time via the banner.

d. Third-Party Cookies

Currently, we do not use any third-party analytics or marketing tools beyond those

embedded by Shopify. If this changes in the future, this policy will be updated and

appropriate consent will be requested.

 

6. Data Sharing

We only share your personal data when necessary to operate our business, provide our

services, and comply with legal obligations. We do not sell your personal data under any

circumstances. 

Your information may be shared with the following categories of recipients:

 

a. Service Providers (Data Processors)

We use trusted third-party service providers to help us deliver our services. These

providers only process your data on our behalf and in accordance with our instructions:

Shopify Inc. – our website host, e-commerce platform, and email marketing

provider. Shopify processes customer and order data to operate the online store,

including checkout, order fulfilment, analytics, and sending email

communications to customers who have opted in. Shopify Privacy Policy

Stripe Inc. – our payment processing provider. Stripe handles all payment-related

information securely and is PCI-DSS compliant. We do not store or access your

full payment details. Stripe’s Privacy Policy

 

b. Legal and Regulatory Disclosure

We may disclose your data where required to do so by law or in response to valid legal

requests, such as:

Government authorities

Law enforcement agencies

Tax or regulatory bodies (e.g., for invoicing or audit compliance)

 

c. Business Transfers

If we undergo a business restructuring, merger, or sale, your data may be transferred to

the new owner, subject to the same level of protection as outlined in this Privacy Policy.

 

d. Internal Access

Your data may be accessed by our internal team and trusted consultants or agency

partners who assist us with specific business functions, such as order processing,

customer support, marketing, or technical operations. Access is granted strictly on a

need-to-know basis and only for the purposes outlined in this Privacy Policy. All

individuals or organisations handling personal data on our behalf are subject to

appropriate confidentiality agreements and data protection obligations.

 

7. International Data Transfers

Shopify and Stripe may store and process your data outside the EEA, including in the

United States. Both rely on Standard Contractual Clauses (SCCs) or other safeguards to

ensure compliance with GDPR and CCPA.

 

8. Data Retention

Our retention periods are based on the type of data, the purpose for processing, and

any applicable legal or regulatory requirements. We carry out scheduled manual

reviews at appropriate intervals to ensure personal data is either securely deleted or

anonymised when it is no longer needed.

 

Specifically:

a. Order and Transaction Data

We retain order records (including name, address, and purchase details) for a minimum

of 6 years from the end of the relevant accounting period, in line with obligations under

the Irish Taxes Consolidation Act 1997 and Revenue guidelines.

For U.S. transactions, records are also retained to comply with applicable federal and

state tax requirements including CCPA.

b. Customer Support Communications

 

Any correspondence or messages relating to customer service enquiries are retained

for up to 12 months, unless required longer for legal reasons.

c. Email Marketing Data

If you opt in to receive marketing emails, we retain your contact details and marketing

preferences until:

You unsubscribe

You request deletion

We stop sending email marketing campaigns

In all cases, we retain evidence of your consent for as long as we continue to rely on that

consent for marketing purposes.

Customers may opt out of marketing at any time by using the unsubscribe link in any

email, or by contacting us directly.

d. Website Analytics and Cookies

Cookie and analytics data are retained according to the durations listed in Section 5 –

Cookies and Tracking Technologies, which range from session-only to up to 2 years,

depending on the type.

e. Data Subject Rights Requests

If you submit a DSAR (Data Subject Access Request), we may retain a record of the

request and our response for up to 3 years for accountability and compliance purposes.

 

9. Your Rights

If you are located in the European Union (EU), you have a number of rights under the

General Data Protection Regulation (GDPR) in relation to your personal data. We are

committed to upholding these rights and enabling you to exercise them easily.

If you are located in the United States, you may also have certain rights under

applicable state privacy laws, such as the right to access or delete your information and

to opt out of marketing communications. We will honour these rights in accordance

with applicable law.

 

You may exercise any of the rights listed below by contacting us at:

sarah@sironafoods.com

 

To protect your personal data, we may ask you to verify your identity before acting on

any data access, deletion, or correction request.

We will respond to all valid rights requests within one month, and sooner where

possible. Where permitted under the GDPR and CCPA, we may extend this period by an

additional two months in complex cases, but we will always inform you if this is

necessary.

 

a. Right to Access

You have the right to request confirmation of whether we process your personal data

and to access a copy of that data, along with related information such as the purpose of

processing, the categories of data, and recipients.

b. Right to Rectification

If any of your personal data is inaccurate or incomplete, you have the right to request

that we correct or update it without undue delay.

c. Right to Erasure (“Right to be Forgotten”)

You may request that we delete your personal data, particularly where:

It is no longer necessary for the purposes for which it was collected

You withdraw consent and no other lawful basis applies

You object to processing and there are no overriding legitimate grounds

The data has been unlawfully processed

Note: We may be required to retain certain data for legal or tax compliance purposes.

d. Right to Restrict Processing

You may request that we limit the processing of your personal data under certain

conditions, for example if you contest its accuracy or object to its processing.

e. Right to Object

You can object to our processing of your personal data where we rely on legitimate

interests as a legal basis. We will stop processing unless we can demonstrate

compelling legitimate grounds.

You also have the absolute right to object at any time to the use of your personal data for

direct marketing purposes.

f. Right to Data Portability

Where processing is based on your consent or a contract and carried out by automated

means, you can request to receive your personal data in a structured, commonly used,

and machine-readable format, or have it transmitted directly to another controller.

g. Right to Withdraw Consent

If we process your data based on consent (e.g., for marketing emails), you have the right

to withdraw that consent at any time. This will not affect the lawfulness of processing

before withdrawal.

h. Right to Lodge a Complaint

If you are unhappy with how we handle your personal data, we encourage you to contact

us first at sarah@sironafoods.com, and we will do our best to resolve your concerns

promptly and fairly.

 

You also have the right to lodge a complaint with a data protection authority, such as the

Irish Data Protection Commission (DPC) or your local supervisory authority.

DPC website: www.dataprotection.ie

 

10. Data Security

We take the security of your personal data seriously and implement appropriate

technical and organisational measures to protect it against unauthorised access, loss,

misuse, alteration, or disclosure.

These measures include:

 

SSL encryption to protect data transmitted between your browser and our

website

Secure infrastructure provided by Shopify and Stripe, both of which are certified

to high security standards (e.g., PCI DSS for payments)

Access controls to ensure that only authorised members of our team, including

trusted consultants or agency partners, can access personal data, strictly based

on their role and operational need

Regular system updates and monitoring provided by Shopify’s platform-level

security

Data minimisation, collecting only the information necessary for fulfilling orders

and communication

Staff awareness and confidentiality, ensuring any team member handling data is

trained and committed to safeguarding privacy

Despite our efforts, no system is entirely immune from risk. If we ever become aware of

a data breach that could impact your rights or freedoms, we will notify you without

undue delay and report it to the Data Protection Commission (DPC) as required under

GDPR.

 

11. Children's Privacy

Our site and services are not directed at children under 16. We do not knowingly collect

personal data from minors. If you believe we’ve collected data from a child, please

contact us and we will delete it.

 

12. Third-Party Links

Our site may contain links to external sites (e.g., Instagram). We are not responsible for

their privacy practices. Please review their policies before sharing any data.

 

13. Updates to This Privacy Policy

We may update this Privacy Policy occasionally to reflect changes to our practices or

legal requirements. The revised version will be posted on this page with an updated

“Effective Date.”

We encourage you to review this Policy regularly.

 

14. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please

contact us at:

Email: sarah@sironafoods.com

Website: https://sironafoods.com