Privacy Policy

• "Account": An account required to access and/or use certain areas and features of Our Sites.
• "Data Controller": Determines the purposes and means of processing personal data. Soabar Ltd is the "Data Controller" for the data collected and described in this notice.
• "Cookie": A small text file placed on your computer or device by Our Sites when you visit certain parts and/or use certain features of Our Sites.
• "Cookie Law" / "PECR": The Privacy and Electronic Communications (EC Directive) Regulations 2003 (including all subsequent UK amendments).
• "Data Protection Legislation": The UK GDPR and the Data Protection Act 2018.
• "Personal Data": Any and all data that relates to an identifiable person who can be directly or indirectly identified from that data.
• "We/Us/Our": Soabar Ltd, a limited company registered in England under company number 06546634. Our registered address is Unit 7, Ashville Way, Whetstone, Leicester, Leicestershire, United Kingdom, LE17 5AW.

• The right to be informed about our collection and use of your personal data.
• The right to access the personal data we hold about you.
• The right to rectification if any of your personal data held by us is inaccurate or incomplete.
• The right to be forgotten (Erasure), which allows you to ask us to delete or dispose of your personal data (subject to certain legal exceptions, such as tax record retention).
• The right to restrict or prevent the processing of your personal data.
• The right to object to us using your personal data for a particular purpose or purposes (including direct marketing).
• The right to data portability, allowing you to obtain and reuse your personal data across different services.
• Rights relating to automated decision-making and profiling. Please note: We do not perform any automated decision-making or profiling.

Tip for Unsolicited Marketing: You may wish to sign up for one or more of the UK preference services to prevent unsolicited marketing: The Telephone Preference Service (TPS), the Corporate Telephone Preference Service (CTPS), and the Mailing Preference Service (MPS). These services will not, however, block marketing communications that you have actively consented to receive.

• Identity Data: Name, date of birth, gender, business/company name, job title, and profession.
• Contact Data: Email addresses, telephone numbers, billing addresses, and delivery addresses.
• Financial Data: Credit or debit card numbers. Note: We do not store or see your full financial data on our servers. This information is provided directly and securely to our third-party payment processor, Stripe.
• Technical Data: IP address, web browser type and version, operating system, and computer details.
• Usage Data: A list of URLs starting with a referring site, your activity on Our Sites, and the site you exit to.

• Contracted Customers: We typically retain your data for 8 years after the end of our contract to comply with regulatory, tax, accounting, and legal requirements.
• Non-Contracted Enquiries: Where we have never established a contract with you, we will typically keep your data for 5 years.
• Recruitment Data: Any data submitted to recruitment areas of our website will be safely deleted 1 year after upload.

• All data is transmitted securely via HTTPS on our website.
• High-risk data is encrypted based on thorough risk assessments.
• Access to our internal systems requires a verified, secure connection.
• We assess our Cyber Security annually via IASME and hold Cyber Essentials certification, alongside completing annual system penetration testing.
• We assess our PCI DSS Compliance annually to ensure payment card data safety.

International Transfers & Stripe

While we aim to keep data within the UK and European Economic Area (EEA), we use Stripe, Inc. to handle secure payment gateway services. Stripe stores and processes transaction information on secure servers located in the United States.

To legally safeguard this transfer under the UK GDPR, Stripe is certified under the Data Privacy Framework (DPF) and its UK Extension (the UK-US Data Bridge). This ensures your data receives an equivalent and legally compliant level of protection when handled in the United States.

• Group Companies: We may share your data with other companies within our corporate group.
• Third-Party Service Providers: We contract with trusted third parties to perform functions on our behalf, specifically Stripe, Inc. for payment processing, alongside delivery/courier services. These third parties are bound by strict contractual data processing agreements to keep your data safe.
• Business Transfers: If we expand or reduce our business, involving the sale or transfer of control of all or part of Soabar Ltd, relevant customer data will transfer to the new owner under the precise terms of this privacy policy.
• Legal Mandates: In certain circumstances, we may be legally required to share data held by us—for example, where we are involved in legal proceedings or complying with a court order or HMRC audit.

You may access certain areas of Our Sites without providing any data at all. However, to purchase goods or utilize all features and functions available on Our Sites, you will be required to submit or allow for the collection of certain data. You may also choose to restrict our use of Cookies via your browser settings.

If you want to view, amend, or request the deletion of your personal data, please contact us using the details in Section 12.

There is normally no charge for such a request. We will respond to your request within one month. If your request is exceptionally complex, we may extend this period by up to a maximum of three months, keeping you fully informed of our progress. If a request is manifestly unfounded or excessive, an administrative fee may apply.

Our Sites place and access certain first-party and third-party Cookies on your computer or device to ensure operational performance, ease of use, and security.

• Strictly Necessary Cookies: These are vital to the core functioning of our website, including managing your shopping basket and maintaining a secure checkout session via Stripe. Cookie Law allows these to load automatically without explicit prior consent, but you may still block them via your browser settings (though the site may cease to function correctly).
• Functional & Session Cookies: These remember choices you make (such as login states) to optimize your user experience.

You can choose to delete or disable cookies via your internet browser settings at any time. It is recommended that you keep your browser and operating system up to date to properly manage your privacy preferences.

If you have any questions about Our Sites, your data, or this Privacy Policy, please contact Us using the following avenues:

Email: info@soabar.co.uk
Telephone: 0116 2847000
Postal Address: Soabar Ltd, Unit 7, Ashville Way, Whetstone, Leicester, LE8 6NU.

If you have any cause for complaint regarding our handling of your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk/. We would, however, appreciate the chance to address and resolve your concerns directly before you approach the ICO.

We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Sites and you will be deemed to have accepted the updated terms on your first use of Our Sites following the alterations.