Privacy policy

Flebo Ltd Last updated: April 2026

Introduction

At Flebo Ltd (“Flebo”, “we”, “us”, “our”), we take your privacy seriously. This Privacy Policy explains what personal information we collect about you, why we collect it, how we use it, who we share it with, how long we keep it, and what your rights are.

This policy applies to all personal information collected through our website at www.flebo.co.uk, through your purchases, through your communications with us, and through our social media channels.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This means we are responsible for deciding how and why your personal data is used, and for keeping it safe.

If you have any questions about this policy or how we handle your data, please contact us at help@flebo.co.uk.

1. The Law That Governs This Policy

We comply with the following legislation:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations 2003 (PECR)
  • Data (Use and Access) Act 2025
  • Consumer Protection Act 1987

We are regulated by the Information Commissioner’s Office (ICO), the UK’s independent data protection authority.


2. Who We Are

Data Controller: Flebo Ltd Email: help@flebo.co.uk Website: www.flebo.co.uk

We do not currently have a Data Protection Officer (DPO) as we do not meet the threshold requiring mandatory appointment under UK GDPR. However, all data protection enquiries are handled directly by our team and can be directed to help@flebo.co.uk.


3. What Personal Information We Collect

We collect the following categories of personal information:

3a. Information You Give Us Directly

  • Identity data: Your full name
  • Contact data: Email address, phone number, delivery address, billing address
  • Payment data: Credit or debit card details, billing information (note: full payment card details are processed securely by our payment processor and are never stored by us directly)
  • Account data: Username and password if you create an account
  • Communications data: Any messages, emails, or enquiries you send us, including customer service correspondence
  • Transaction data: Details of products you have purchased, order history, and subscription details

3b. Information We Collect Automatically

When you visit our website, we automatically collect certain technical information:

  • Device data: IP address, browser type and version, operating system, device type
  • Usage data: Pages visited, time spent on pages, links clicked, search terms used on our site, referring website
  • Cookie data: Information collected through cookies and similar tracking technologies — please see our separate Cookie Policy for full details

3c. Information From Third Parties

  • Shopify: As our e-commerce platform provider, Shopify processes certain data on our behalf including order processing, payment handling, and fraud prevention
  • Royal Mail: Delivery and tracking information related to your orders
  • Google Analytics: Aggregated and anonymised data about how visitors use our website
  • Meta (Facebook/Instagram): If you interact with our paid advertisements or social media content, Meta may share certain data with us in accordance with your privacy settings on those platforms

4. Why We Collect Your Information and Our Legal Basis

Under UK GDPR, we must have a lawful basis for processing your personal data. The table below explains what we use your data for and why we are legally permitted to do so.

Processing your order and delivering your products Lawful basis: Performance of a contract. We cannot fulfil your order without this information.

Processing payment and preventing fraud Lawful basis: Performance of a contract and legal obligation. We are required to carry out fraud checks and maintain financial records.

Sending you order confirmations and customer service communications Lawful basis: Performance of a contract. These are essential communications related to your purchase.

Managing your account and subscription Lawful basis: Performance of a contract. Necessary to provide and manage your subscription service.

Sending you marketing emails, newsletters, or promotional offers Lawful basis: Consent. We will only send you marketing communications if you have opted in. You can withdraw consent at any time.

Improving our website and understanding how it is used Lawful basis: Legitimate interests. We have a legitimate interest in understanding how our website is used so we can improve it for our customers. This does not override your rights.

Running targeted advertising campaigns on Meta and Google Lawful basis: Consent. We only use advertising cookies and tracking pixels where you have provided consent through our cookie banner.

Complying with legal obligations Lawful basis: Legal obligation. For example, keeping financial records for HMRC, or responding to lawful requests from authorities.

Protecting the safety of our customers and preventing misuse of our returns and guarantee policy Lawful basis: Legitimate interests. We maintain records to prevent fraudulent returns claims. This does not override your rights.

5. Children’s Privacy

We take children’s privacy particularly seriously. Under the Data (Use and Access) Act 2025, we have a specific duty to apply higher protection standards when our services are likely to be accessed by children.

Although our website sells products including a Kids Multivitamin range, our website itself is not directed at children and is intended for use by adults (parents and guardians) only. We do not knowingly collect personal data directly from children under the age of 13.

If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately at help@flebo.co.uk and we will delete that information promptly.

6. How We Share Your Personal Information

We do not sell your personal data to third parties. We share your data only in the following circumstances:

Shopify (e-commerce platform) Shopify processes your order and payment data as our data processor. They are contractually bound to process data only on our instructions and in accordance with UK GDPR. For more information: shopify.com/legal/privacy.

Royal Mail (delivery) We share your name and delivery address with Royal Mail to fulfil your order.

Google LLC (analytics and advertising) We use Google Analytics to understand website usage and Google Ads for advertising. Data is shared only where you have consented to analytics and/or advertising cookies. For more information: policies.google.com/privacy.

Meta Platforms, Inc. (advertising) We use Meta Pixel to measure advertising effectiveness on Facebook and Instagram. Data is shared only where you have consented to advertising cookies. For more information: facebook.com/privacy/policy.

Payment processors Payment card data is handled by Shopify Payments and its underlying payment processors. We do not store full card details ourselves.

Legal and regulatory authorities We may disclose your personal data where required to do so by law, court order, or at the request of a regulatory authority such as the ICO, HMRC, or law enforcement.

Business transfers In the event that Flebo Ltd is acquired, merged, or its assets transferred, your personal data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

7. International Data Transfers

Some of the third-party services we use, including Shopify and Google, may transfer and store your personal data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place to protect your data, including:

  • Transfers to countries with UK adequacy decisions
  • Standard contractual clauses approved by the ICO
  • Binding corporate rules where applicable

You can obtain details of the specific safeguards in place for any transfer by contacting us at help@flebo.co.uk.

8. How Long We Keep Your Data

We only keep your personal data for as long as necessary for the purpose it was collected, or as required by law.

  • Order and transaction data: 7 years (required by HMRC for tax purposes)
  • Customer account data: For the duration of your account, plus 2 years after closure
  • Marketing consent records: Until you withdraw consent, plus 2 years thereafter as evidence of consent
  • Customer service correspondence: 3 years from the date of the last communication
  • Website analytics data: Up to 26 months (Google Analytics default, anonymised)
  • Subscription data: For the duration of your subscription, plus 2 years after cancellation
  • Returns and refund records: 3 years from the date of the claim

When data is no longer needed, we securely delete or anonymise it.

9. How We Keep Your Data Safe

We take the security of your personal data seriously and have put in place appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or disclosure. These include:

  • Secure HTTPS encryption across our website
  • Payment data processed through PCI DSS-compliant processors
  • Restricted staff access to personal data on a need-to-know basis
  • Regular reviews of our data security practices

However, no method of transmission over the internet or electronic storage is completely secure. While we do our best to protect your personal data, we cannot guarantee absolute security. If you suspect any misuse or loss of your data, please contact us immediately at help@flebo.co.uk.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours as required by UK GDPR, and will notify you directly where required.

10. Automated Decision-Making

We use limited automated decision-making through Shopify’s fraud prevention tools. This may include:

  • Temporary blocking of IP addresses associated with repeated failed transactions
  • Temporary flagging of payment cards linked to suspicious activity

These measures are in place to protect customers and our business from fraud. They do not have a significant legal or similarly significant effect on you. If you believe you have been incorrectly affected by automated fraud prevention, please contact us at help@flebo.co.uk.

11. Cookies and Tracking Technologies

We use cookies and similar technologies on our website. For full details of what cookies we use, why we use them, and how to manage your preferences, please read our separate Cookie Policy at www.flebo.co.uk/pages/cookie-policy.

12. Marketing Communications

We will only send you marketing emails or promotional communications if you have given us your explicit consent to do so — for example, by signing up to our newsletter or opting in at checkout.

You can withdraw your consent and unsubscribe from marketing communications at any time by:

  • Clicking the “unsubscribe” link at the bottom of any marketing email
  • Emailing us at help@flebo.co.uk
  • Managing your preferences in your account settings

Withdrawing consent does not affect the lawfulness of any processing carried out before you withdrew consent. Please note that unsubscribing from marketing does not affect essential transactional communications such as order confirmations.

13. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights in relation to your personal data:

Right to be informed You have the right to know how we use your personal data. This Privacy Policy fulfils that obligation.

Right of access You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one calendar month of receiving your request.

Right to rectification You have the right to ask us to correct any inaccurate or incomplete personal data we hold about you.

Right to erasure (“right to be forgotten”) You have the right to ask us to delete your personal data in certain circumstances — for example, where it is no longer necessary for the purpose it was collected, or where you withdraw consent.

Right to restrict processing You have the right to ask us to pause the processing of your personal data in certain circumstances — for example, while we verify its accuracy.

Right to data portability You have the right to request that we transfer your personal data to you or to another organisation in a structured, commonly used, and machine-readable format, where processing is based on consent or contract.

Right to object You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will always comply immediately.

Rights related to automated decision-making You have the right not to be subject to decisions made solely by automated means where those decisions have a legal or significant effect on you.

To exercise any of these rights, please contact us at help@flebo.co.uk with your full name and sufficient information to identify your account. We will respond within one calendar month. We may need to verify your identity before processing your request.

There is no charge for exercising your rights in most circumstances. If a request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee or refuse the request, in which case we will explain why.

14. Right to Complain

If you are not satisfied with how we have handled your personal data or responded to your request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office Website: ico.org.uk Telephone: 0303 123 1113 Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first at help@flebo.co.uk.

15. Third-Party Links

Our website may contain links to third-party websites, social media platforms, or external content. This Privacy Policy does not apply to those third-party sites. We are not responsible for their privacy practices and encourage you to read their privacy policies before providing any personal data.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, changes in the law, or changes in the services we use. When we make changes, we will update the date at the top of this policy. For significant changes, we will notify you directly by email where we hold your contact details.

We encourage you to review this policy periodically to stay informed about how we protect your information.

17. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact us:

Flebo Ltd Email: help@flebo.co.uk Website: www.flebo.co.uk

We aim to respond to all data protection enquiries within 5 working days and will resolve all requests within the legally required timeframe of one calendar month.