Home About Products Rewards Sourcing Delivery Articles Newsletter Contact
Skip to content

Privacy policy

Privacy Policy

Last updated: 27 April 2026

This Privacy Policy explains how Navi Organics Ltd (trading as Na'vi Organics) collects, uses, shares, and protects your personal information when you visit www.naviorganics.uk, place an order, contact us, or interact with our marketing.

We are committed to handling your data carefully, transparently, and in line with UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

Who we are

Navi Organics Ltd is the data controller responsible for your personal information.

  • Legal entity: Navi Organics Ltd
  • Trading name: Na'vi Organics
  • Companies House registration: SC480613 (Scotland)
  • Registered office: Achnanellan, Acharacle, Argyll, PH36 4JX
  • ICO data protection registration: ZB672822
  • VAT number: GB247112234
  • Contact for data protection enquiries: hello@naviorganics.uk

What personal information we collect

We collect different categories of personal data depending on how you interact with us:

When you browse the site

Device information including IP address, browser type and version, operating system, time zone, referring pages, and how you interact with pages and products. Collected through cookies, log files, and similar tracking technologies. See our cookies section below.

When you place an order

Name, billing address, shipping address, email address, phone number, payment information (processed directly by our payment providers, see “Sharing your information” below), and details of the products you have ordered.

When you start checkout but do not complete

Email address (entered at the checkout page), phone number (if entered), shipping address (if entered), and details of items left in your basket. We hold this information so we can complete your order if you return to it, and so we can send a small number of reminder emails (see “Cart recovery emails” below).

When you create an account or sign up to our newsletter

Email address, name (if provided), and any preferences you choose. For our Gemstones rewards programme, we also hold your earned points balance and any transaction history connected to it.

When you contact us

Your email address, name, and the content of your message. We hold this in our customer support system so we can respond and keep a record of the conversation.

When you subscribe to a recurring delivery

The information needed to manage your subscription, including billing schedule, delivery frequency, and any changes you make to the subscription over time.

How we use your information

Your data may be used for the following purposes, each with a specific lawful basis under UK GDPR:

1. Fulfilling your order

Processing payments, packing and shipping, sending confirmation and tracking emails, and providing customer service for the order.

Lawful basis: Performance of a contract (UK GDPR Article 6(1)(b)).

2. Cart recovery emails

If you reach our checkout page, enter your email, and do not complete the purchase, we may send you up to three follow-up emails reminding you of the items in your basket. Each email includes an unsubscribe link.

Lawful basis: PECR regulation 22(3), known as the soft opt-in. We are permitted to do this because the email was collected during the process of a sale, the follow-up is about the same or similar products, and we provide a clear opt-out at the point of collection and in every message.

3. Marketing emails

Newsletters, product launches, offers, and wellness content, sent only to people who have ticked a marketing opt-in box.

Lawful basis: Your express consent (UK GDPR Article 6(1)(a) and PECR regulation 22(2)). You can withdraw consent at any time.

4. Service and operational emails

Privacy Policy updates, important notices about your account or subscription, security alerts.

Lawful basis: Our legitimate interests in operating our business responsibly (UK GDPR Article 6(1)(f)).

5. Subscription management

Processing renewals, sending reminder notices, handling cancellations and amendments to subscriptions.

Lawful basis: Performance of a contract (UK GDPR Article 6(1)(b)).

6. Site analytics and improvement

Understanding how customers find and use the site, identifying what works and what needs improvement, measuring marketing campaign effectiveness.

Lawful basis: Our legitimate interests in operating and improving the site (UK GDPR Article 6(1)(f)). You can opt out of analytics at any time using our cookie controls.

7. Fraud prevention and risk screening

Checking orders against patterns of fraudulent behaviour, protecting your account and ours.

Lawful basis: Our legitimate interests in protecting against fraud (UK GDPR Article 6(1)(f)).

8. Legal and regulatory compliance

Tax records, VAT returns, accounting, responding to lawful requests from authorities.

Lawful basis: Compliance with a legal obligation (UK GDPR Article 6(1)(c)).

Sharing your information

We never sell your personal data. We never share it with third parties for their own marketing.

We do share specific information with the following service providers, each of whom processes your data on our behalf under a data processing agreement that requires them to protect it to UK GDPR standards:

Shopify (Shopify International Limited, Ireland)

Our e-commerce platform. Holds your order information, account details, and browsing data on the site.
Privacy policy: shopify.com/legal/privacy

Klaviyo (Klaviyo Inc, USA)

Our email marketing and automation platform. Holds your email address, profile information, browsing and purchase history, and the emails we have sent you.
Privacy policy: klaviyo.com/legal/privacy

Recharge (ReCharge Inc, USA)

Our subscription management platform. Holds your subscription details, billing schedule, and transaction history for recurring orders.
Privacy policy: rechargepayments.com/privacy-policy

Smile.io (Smile.io Inc, Canada)

Our Gemstones rewards programme platform. Holds your account balance, points history, and referral information.
Privacy policy: smile.io/privacy-policy

eDesk (eDesk, Ireland)

Our customer service platform. Holds the content of your support conversations with us, along with your name and email address.
Privacy policy: edesk.com/privacy

Google Analytics (Google LLC, USA)

Our site analytics provider. Holds anonymised information about how you interact with the site. You can opt out at tools.google.com/dlpage/gaoptout.
Privacy policy: google.com/policies/privacy

Royal Mail, DHL, and other carriers

Your name, delivery address, and phone number are passed to the carrier delivering your order so they can complete the delivery.

Payment processors (Shopify Payments, PayPal, Klarna, Apple Pay, Google Pay, Shop Pay)

Your payment details are handled directly by the payment processor you choose at checkout. We do not see or store your full card details. Each provider has its own privacy policy available on their website.

We may also disclose your information if required by law (for example, in response to a court order, subpoena, or lawful request from a UK regulator), or where necessary to protect our legal rights or the safety of others.

International transfers

Some of the providers above are based outside the UK. Where your data is transferred outside the UK, we ensure it is protected by appropriate safeguards, including UK adequacy regulations (for transfers to the EEA, recognised jurisdictions, and others), or International Data Transfer Agreements or Standard Contractual Clauses approved by the UK Information Commissioner's Office, for transfers to other countries.

Cookies and tracking technologies

We use cookies and similar technologies to make the site work, remember your preferences, understand how you use the site, and deliver relevant marketing.

We use the following categories of cookies:

  • Strictly necessary cookies. Required for the site to function (for example, remembering items in your basket, keeping you signed in). These do not require consent.
  • Functional cookies. Remember your preferences (such as language, currency, and recent products viewed). Set only with your consent.
  • Analytics cookies. Help us understand how the site is used. Set only with your consent.
  • Marketing cookies. Allow us and our advertising partners to show you relevant ads on other sites. Set only with your consent.

You can manage your cookie preferences at any time using the cookie banner or the privacy settings link in the footer of the site. You can also block or delete cookies through your browser settings.

How long we keep your information

We keep your data only as long as we need to for the purposes set out above:

  • Order and transaction records: seven years from the date of the order, for tax and accounting purposes (HMRC requirement).
  • Subscription records: for the duration of the subscription and seven years afterwards.
  • Marketing subscriber records: until you unsubscribe, after which your email is added to a permanent suppression list to prevent re-contact.
  • Cart recovery profiles (checkout started but not completed, no marketing opt-in): 12 months from your last activity, after which your data is deleted unless you have opted in to marketing or completed a purchase in the meantime.
  • Customer support conversations: three years from the date the conversation closes.
  • Site analytics data: 26 months (Google Analytics default), or as configured.

If we have a legal obligation to keep certain information for longer, we may do so.

Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access (Article 15). You can ask for a copy of all personal data we hold about you. We will provide this free of charge within one month.
  • Right to rectification (Article 16). You can ask us to correct inaccurate data or complete incomplete data we hold about you.
  • Right to erasure (Article 17). You can ask us to delete your personal data. Where we are not legally required to retain it (for example, for tax records on completed orders), we will action this within 30 days and confirm in writing once it is done.
  • Right to restrict processing (Article 18). You can ask us to pause processing of your data while a query about its accuracy or legitimacy is resolved.
  • Right to data portability (Article 20). You can ask for a copy of the data you have provided to us in a structured, machine-readable format, so you can transfer it to another service.
  • Right to object (Article 21). You can object to processing based on our legitimate interests, including for direct marketing.
  • Right to withdraw consent. Where we rely on your consent (for marketing emails, cookies), you can withdraw it at any time using the unsubscribe link in any email or the cookie preferences in the footer.
  • Right to complain to the ICO. If you believe we have not handled your data correctly, you can complain to the Information Commissioner's Office at ico.org.uk or by phoning 0303 123 1113.

To exercise any of these rights, please email hello@naviorganics.uk. We may need to verify your identity before actioning the request.

Children's data

The site is not intended for use by children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in how we handle your data, our service providers, or applicable law. The “Last updated” date at the top of this page will always show the most recent version. Significant changes will be notified to you by email if we hold one for you.

Contact us

For any questions about this Privacy Policy or how we handle your data:

Email: hello@naviorganics.uk
Post: Navi Organics Ltd, Achnanellan, Acharacle, Argyll, PH36 4JX

You can also complain to the Information Commissioner's Office at ico.org.uk or by phoning 0303 123 1113.