FDA Registered ✅
FREE Shipping over $120 👌
Accepting HSA/FSA cards ⭐

Privacy policy

Introduction

We are committed to safeguarding the privacy of our website visitors and customers. This policy explains how we handle your personal data.

This policy applies where we are acting as a data controller, meaning we determine the purposes and means of processing your personal data.

We use cookies on our website. Where cookies are not strictly necessary for the operation of our site, we will ask for your consent when you first visit.

In this policy, "we", "us" and "our" refer to Cosi Care Ltd.

The Personal Data We Collect

We may collect and process the following categories of data:

  • Contact Data: name, email address, phone number, postal address.
  • Transaction Data: details relating to purchases, including payment information (processed securely via our payment providers).
  • Communication Data: information you send to us via email, phone, post, or social media.
  • Usage Data: IP address, browser type, operating system, referral source, time on site, pages viewed (via analytics tools).
  • Marketing Data: your email address and preferences if you subscribe to marketing updates.
  • Enquiry Data: information submitted via website forms.

We do not knowingly collect data from individuals under the age of 18. If you are under 18, please do not provide any personal information.

Purposes of Processing & Legal Bases

We process your personal data for the following purposes:

  • Operations: to fulfil orders and provide services (legal basis: contract & legitimate interests).
  • Customer Relationships: to respond to enquiries and provide support (legal basis: legitimate interests).
  • Marketing: to send marketing emails/newsletters if you’ve subscribed or previously purchased from us (legal basis: consent & legitimate interests).
  • Research & Analysis: to improve our website, services, and marketing effectiveness (legal basis: legitimate interests).
  • Record Keeping & Security: to maintain records, protect our systems, prevent fraud, and comply with laws (legal basis: legal obligations & legitimate interests).

Where required by law (e.g. EU/UK), we will seek your consent before processing certain data, such as marketing emails.

Providing Your Personal Data to Others

We may share your data with:

  • Service providers who support our website, marketing, payments, and fulfilment (Shopify, Klaviyo, Google Analytics, Facebook/Instagram).
  • Insurers, advisors, and professional consultants for risk management and compliance.
  • Authorities where required by law or to protect legal rights.

International transfers (e.g. to the USA via Klaviyo) are protected using standard contractual clauses or adequacy decisions.

Retaining & Deleting Personal Data

  • Contact Data: kept for 6 years after contract ends.
  • Transaction Data: 1 year after transaction (6 years if linked to a customer contract).
  • Communication & Enquiry Data: 1–2 years, longer if linked to contracts.
  • Usage Data: up to 1 year.
  • Marketing Data: kept until you opt out, after which we retain minimal suppression data to ensure no further contact.

Security of Personal Data

We use appropriate technical and organisational measures to protect your personal data, including encryption, secure servers, and restricted access. However, no transmission over the internet is entirely secure.

Your Rights

UK & EU (GDPR/UK GDPR)

You have the right to:

  • Access, rectify, or erase your personal data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent (where consent is the legal basis)
  • Lodge a complaint with the ICO (UK) or your local EU data authority

USA (including CCPA/CPRA for California residents)

You have the right to:

  • Request access to the personal data we hold about you
  • Request deletion of your personal data
  • Opt-out of the “sale” or “sharing” of your personal data for targeted advertising
  • Not be discriminated against for exercising these rights

To exercise any of these rights, contact us at info@cosi-care.com.

Cookies & Tracking

We use cookies and tracking pixels for:

  • Website functionality (shopping cart, login, authentication)
  • Analytics (Google Analytics)
  • Marketing & advertising (Facebook Pixel, Instagram, Klaviyo)
  • Personalisation and remembering preferences

You can manage cookies via your browser settings or our cookie pop-up. Blocking cookies may affect website functionality.

Children’s Data

Our website is not directed at children under 13, and we do not knowingly collect data from them. If we discover that we have done so, we will delete it immediately.

Amendments

We may update this policy from time to time. Changes will be published on this page. Please review periodically.

Our Details

This website is owned and operated by Cosi Care Ltd.

  • Registered in England & Wales (No. 11566503)
  • Registered office: The Engine House, Erith, United Kingdom

Contact us:

  • Email: info@cosi-care.com
  • Website contact form
  • By post: The Engine House, Erith, United Kingdom

 

Wave