Privacy Policy

This privacy policy explains how Pant Mawr Farmhouse Cheeses collects, uses, and protects your personal data when you visit our website or place an order with us.

1. Who We Are

Pant Mawr Farmhouse Cheeses is an artisan cheese producer and retailer based in Pembrokeshire, Wales. We are the data controller responsible for your personal data.

Business name: Pant Mawr Farmhouse Cheeses
Address: Pant Mawr Farm, Rosebush, Pembrokeshire SA66 7QU, Wales
Phone: 01437 532 627
Website: pantmawrcheeses.co.uk

2. What Data We Collect and Why

We collect only the personal data necessary to fulfil your order and provide you with our services:

• Name - to address you and process your order
• Email address - to send you order confirmations and updates
• Phone number - to contact you about your order if needed
• Delivery address - to dispatch your order to the correct location
• Payment information - processed securely via our payment partners (see section 8). We do not store your card details
• Order history - to maintain records of your purchases and handle any queries or returns

We do not collect sensitive personal data and we do not carry out any automated decision-making or profiling.

3. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases:

• Contract (Article 6(1)(b)) - processing your details is necessary to fulfil your purchase and deliver your order
• Legal obligation (Article 6(1)(c)) - we retain certain financial and transaction records to comply with UK tax and accounting law
• Legitimate interests (Article 6(1)(f)) - we may retain order history to handle returns, disputes, or customer queries

We do not use your data for direct marketing. If this changes, we will seek your explicit consent first.

4. How We Store and Protect Your Data

Your data is stored on secure servers. We take reasonable technical and organisational measures to protect your personal data including:

• Encrypted data transmission (HTTPS/TLS) on our website
• Access controls limiting who can view customer data
• Regular security reviews of our systems

Payment transactions are handled entirely by our payment processors (Nochex, SumUp, and PayPal). We never receive or store your full card number, CVV, or bank details.

5. Data Retention Periods

• Order and transaction records - retained for 7 years to comply with HMRC requirements
• Contact enquiries - retained for 12 months after the matter is resolved
• Account data - retained while your account is active and for 2 years after your last interaction

After the applicable retention period, your data is securely deleted or anonymised.

6. Your Rights

Under UK GDPR, you have the following rights:

• Right of access - request a copy of the personal data we hold about you
• Right to rectification - ask us to correct inaccurate or incomplete data
• Right to erasure - ask us to delete your data, subject to legal obligations
• Right to data portability - request your data in a structured, commonly used format
• Right to object - object to processing based on legitimate interests
• Right to restrict processing - ask us to pause processing in certain circumstances

To exercise any of these rights, please contact us using the details in section 10. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioners Office (ICO) at ico.org.uk or by calling 0303 123 1113.

7. Cookies

Our website uses a small number of cookies:

• Session cookies - temporary cookies essential for the website to function (e.g. maintaining your shopping basket)
• Cookie consent preference - stored in your browser so we do not ask you again on subsequent visits

We do not currently use any analytics, advertising, or tracking cookies. You can control or delete cookies through your browser settings.

8. Third-Party Services

We use the following payment processors:

• Nochex - UK-based payment gateway (nochex.com)
• SumUp - payment processor (sumup.com)
• PayPal - payment service (paypal.com)

These processors act as data controllers for the payment data you submit to them. We do not share your personal data with any other third parties except where required by law.

9. Data Transfers Outside the UK

Our website and customer data are hosted on cloud infrastructure in the Africa (Cape Town) region operated by Amazon Web Services (AWS). AWS provides Standard Contractual Clauses and other transfer mechanisms to ensure adequate protection for data transferred outside the UK.

10. How to Contact Us

If you have questions about this policy or wish to exercise your data rights:

• By phone: 01437 532 627
• By post: Pant Mawr Farm, Rosebush, Pembrokeshire SA66 7QU, Wales
• Via our website: Use the contact form at pantmawrcheeses.co.uk

We aim to respond within one calendar month.

11. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will update the date below.

Last updated: 17 March 2026