Privacy policy

Last updated: February 26, 2026

1. Introduction

Moo Free Ltd understands that your privacy is important and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect personal data when you interact with us as a customer, supplier, business contact, employee, job applicant or website user.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information About Us

Company Name

Moo Free Ltd (also t/a Moo Free Chocolates and Moo Free) a limited company registered in England under company number 07260970.

Registered Address

3 Kingfisher Units, River Tamar Way, Holsworthy, Devon, EX22 6HL

VAT Number

990977650

Data Protection Contact

  • Name: Mike Jessop
  • Email Address: data-protection@moofree.co.uk
  • Phone: 01409 478110

We have appointed a data protection contact (not a statutory Data Protection Officer) to oversee compliance.

3. What This Privacy Policy Covers

This Privacy Policy applies to personal data we collect from:

  • Consumers purchasing from our website or entering competitions
  • Retailers, wholesalers and distributors
  • Suppliers and logistics partners
  • Overseas customers and business contacts
  • Employees, workers and job applicants
  • Visitors to our website

It covers how personal data is collected, used, stored, shared and your rights in relation to that data.

4. What Is Personal Data?

Under UK GDPR, personal data means any information relating to an identifiable individual. This includes, but is not limited to:

  • Name, address and contact details
  • Business contact details
  • Online identifiers such as IP addresses
  • Order and payment information
  • Correspondence and complaint records

5. Personal Data We Collect

Depending on your relationship with us, we may collect the following categories of personal data:

Consumers and business contacts

  • Name
  • Billing and delivery address
  • Email address
  • Telephone number
  • Business name and job title (where applicable)
  • Order history and transaction records
  • Payment information (processed securely by third-party payment providers)
  • Marketing preferences
  • Competition entries and correspondence
  • IP address and website usage data: We use cookies and similar technologies to operate our website, analyse traffic and improve user experience. Where required by law, we will obtain your consent before placing non-essential cookies. For more information, please see our Cookie Policy.

Employees and job applicants

  • Contact details and identification information
  • Employment history and qualifications
  • Right-to-work documentation
  • Payroll and pension information
  • Performance, disciplinary and training records
  • Health and safety or sickness records (where required by law)

6. Lawful Bases for Processing Personal Data

We only process personal data where we have a lawful basis to do so under UK GDPR, including:

  • Contract: To fulfil orders, supply goods, manage employment or supplier contracts
  • Legal obligation: To comply with food safety, employment, tax, and regulatory requirements
  • Legitimate interests: To operate and grow our business, manage customer relationships, prevent fraud, and improve our products and services
  • Consent: For email marketing, competitions, and where required by law
  • Vital interests: To protect someone’s life (rare circumstances)

7. How We Use Personal Data

Consumers

We use personal data to:

  • Process and deliver orders
  • Manage payments and refunds
  • Handle enquiries, complaints and product issues
  • Administer competitions and promotions
  • Send marketing communications (where consent or lawful soft opt-in applies)
  • Meet food safety, traceability and recall obligations

Retailers, wholesalers and suppliers

We use personal data to:

  • Manage business relationships and contracts
  • Process orders, deliveries and invoices
  • Communicate about products, pricing and availability
  • Send B2B marketing communications where permitted

Employees and job applicants

We use personal data to:

  • Manage recruitment and employment
  • Comply with employment and health & safety law
  • Administer payroll, benefits and pensions
  • Protect our legal interests

Separate Employee and Job Applicant Privacy Notices are provided where appropriate.

8. Special Category Data

In limited circumstances, we may process special category data, such as health information relating to employees (e.g. sickness absence or workplace safety).

This data is processed only where:

  • Required by employment or health & safety law
  • Necessary to protect vital interests
  • Appropriate safeguards are in place

9. Marketing Communications

We may send marketing communications:

  • To consumers who have consented, or where the soft opt-in applies
  • To business contacts where permitted under Privacy and Electronic Communications Regulations (PECR)

You can unsubscribe from marketing emails at any time by:

  • Using the unsubscribe link in emails, or
  • Contacting us using the details in Section 2

10. Data Sharing and Processors

We share personal data only where necessary and appropriate.

We use trusted third-party data processors, including:

  • Website and e-commerce platforms
  • Payment service providers
  • Email marketing platforms
  • CRM systems
  • Cloud storage and email providers
  • HR and payroll systems
  • Delivery and logistics providers

All processors are subject to contractual obligations to protect personal data and act only on our instructions.

We may also disclose personal data where required to comply with legal obligations or regulatory authorities.

11. International Data Transfers

Some of our service providers may process personal data outside the UK.

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations
  • International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses

12. Data Retention

We retain personal data only for as long as necessary, including:

  • Customer orders and invoices: typically 6–7 years for tax and accounting purposes
  • Marketing data: until consent is withdrawn or an opt-out is received
  • Complaints and product safety records: as required for food safety, traceability and legal defence
  • Employee records: in line with employment law and statutory requirements

When data is no longer required, it is securely deleted or anonymised.

13. Your Rights

Under UK GDPR, you have the right to:

  • Be informed about how your data is used
  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure (where applicable)
  • Restrict processing
  • Object to processing
  • Data portability
  • Not be subject to automated decision-making

14. Subject Access Requests

You may request access to your personal data by contacting us.

Requests are usually free of charge.

We will respond within one month. This may be extended by up to two additional months for complex requests

15. Complaints

If you are unhappy with how we handle your personal data, please contact us first.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be published on our website.