Kidney Vitality← Home

Privacy Policy

Last updated: May 2026

This Privacy Policy explains how Aura & Oak LTD ("we", "us", "our"), trading as Kidney Vitality, collects, uses, stores and protects your personal data when you visit kidneyvitality.co.uk or place an order with us. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are (Data Controller)

Aura & Oak LTD, registered in England & Wales, is the data controller responsible for your personal data. You can contact us at hello@kidneyvitality.co.uk.

2. What data we collect

  • Identity & contact data: name, email address, billing and shipping address, telephone number.
  • Order & transaction data: products purchased, order value, delivery preferences. Card details are processed directly by Stripe; we do not store full card numbers.
  • Technical data: IP address, browser type, device information, pages visited, referring URL.
  • Marketing data: your preferences in receiving marketing from us and your communication preferences.
  • Customer support data: any messages you send us via email or contact forms.

We do not knowingly collect data from anyone under 18.

3. How we use your data (lawful bases)

  • Contract: to process your order, take payment, deliver products and handle returns.
  • Legal obligation: to comply with tax, accounting and consumer-protection laws (e.g. retaining invoices for 6 years under HMRC rules).
  • Legitimate interests: to operate, secure and improve our website, prevent fraud, and respond to enquiries.
  • Consent: to send marketing emails (you can withdraw consent at any time) and to set non-essential cookies.

4. Sharing your data

We share data only with trusted third-party processors who help us run the business:

  • Stripe — payment processing.
  • Royal Mail / our courier partners — order fulfilment and delivery.
  • Email and hosting providers — order confirmations and website hosting.
  • HMRC and other regulators — where legally required.

We never sell your personal data.

5. International transfers

Some of our processors are based outside the UK. Where data is transferred outside the UK or EEA, we rely on UK-approved safeguards (UK International Data Transfer Agreement or Standard Contractual Clauses with the UK Addendum).

6. How long we keep data

  • Order and invoice records: 6 years (HMRC requirement).
  • Account and marketing data: until you ask us to delete it or unsubscribe.
  • Website analytics: typically up to 26 months.

7. Cookies

We use essential cookies to make the website work (e.g. cart and checkout) and, with your consent, analytics cookies to understand how the site is used. You can manage cookies via your browser settings.

8. Your rights under UK GDPR

You have the right to:

  • Access a copy of the data we hold on you.
  • Have inaccurate data corrected.
  • Have your data erased (the "right to be forgotten") where applicable.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time.
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email hello@kidneyvitality.co.uk. We will respond within one calendar month.

9. Security

We use HTTPS encryption across the site, store data on UK/EU-based infrastructure, and limit access to personal data to staff who need it to perform their role.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page reflects the latest revision.