Last updated: 16 June 2026

Your privacy matters to us. This Privacy Policy explains what personal data Spice Éire collects about you, why we collect it, how we use and protect it, and what rights you have. We have written it in plain English so that it is easy to understand.

Please read this policy carefully. By using our website at https://spiceeire.ie or by shopping with us in any of our stores, you acknowledge that we process personal data as described here.

1. Who We Are

Spice Éire is an ethnic and world-food grocery shop and fresh butcher operating two physical stores in Dublin and an online shop.

We are the data controller for the personal information we collect about you, which means we decide why and how your data is used. Our details are:

  • Trading name: Spice Éire
  • Spice Éire Kimmage
    175 Kimmage Road Lower, Kimmage, Dublin 6W, D6W TR62
  • Spice Éire Tallaght
    2 Main Street, Tallaght, Dublin 24, D24 AHY8
  • Phone: 089 942 1135
  • Email: info@spiceeire.ie
  • Website: https://spiceeire.ie

For any privacy-related question or request, you can contact us at the email or postal addresses above.

2. What Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

2.1 Account and Identity Information

  • First and last name
  • Username and password (stored in encrypted form)
  • Email address
  • Phone number

2.2 Order, Billing and Delivery Information

  • Billing address
  • Delivery address (if different from billing)
  • Order history and contents
  • Invoice and transaction records

2.3 Payment Information

  • Payment card details are processed securely by our third-party payment processors. We do not receive, store or have access to your full card number, CVV or PIN.
  • We retain only the information needed to reference a transaction (e.g. partial card digits, transaction reference, amount, and date).

2.4 Communications

  • Messages you send us via email, contact forms, or social media, including the content of those messages
  • Records of customer service interactions (in-store, by phone, or online)

2.5 Marketing Preferences

  • Whether you have opted in or out of receiving marketing emails or newsletters from us
  • Responses to promotions, competitions or surveys

2.6 Automatically Collected Technical Data

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on pages
  • Referring URLs (how you arrived at our site)
  • Cookie identifiers and similar tracking data (see Section 5 for full details)

3. How We Collect Your Data

3.1 Directly From You

We collect data directly when you:

  • Create an account or guest checkout on our website
  • Place an order online or in-store
  • Contact us by phone, email, or via a contact form
  • Sign up for our newsletter or marketing communications
  • Participate in a promotion, competition, or survey
  • Apply for a job with us

3.2 Automatically

When you visit our website, we automatically collect certain technical data about your device and browsing behaviour using cookies and similar technologies (see Section 5).

3.3 From Third Parties

We may also receive personal data from:

  • Payment processors — confirmation that a payment was authorised or declined, and a transaction reference
  • Delivery partners (such as Just Eat) — delivery status updates and, where relevant, customer contact details shared to complete your order
  • Analytics providers — aggregated or pseudonymous data about how visitors use our site (such as Google Analytics)

4. Why We Use Your Data and Our Legal Basis

Under the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, we must have a lawful basis for processing your personal data. The sections below set out our purposes and the basis we rely on for each.

4.1 To Process and Fulfil Your Orders — Contract

Processing is necessary to perform our contract with you (or to take steps at your request before entering into one). This covers:

  • Processing your online or in-store purchases
  • Arranging delivery or click-and-collect
  • Sending order confirmations and receipts
  • Handling returns, refunds and exchanges

4.2 To Manage Your Account — Contract

  • Creating and maintaining your customer account on our website
  • Allowing you to view your order history
  • Responding to account-related queries

4.3 To Comply With Legal Obligations — Legal Obligation

  • Retaining accounting records and invoices as required by Irish tax and company law (including the Taxes Consolidation Act 1997 and related Revenue guidance)
  • Responding to lawful requests from public authorities or courts
  • Complying with food safety and consumer protection regulations

4.4 To Run and Improve Our Business — Legitimate Interests

We process certain data on the basis of our legitimate interests, provided those interests are not overridden by your rights. This covers:

  • Analysing website usage to improve our site and product ranges
  • Fraud prevention and security monitoring
  • Responding to complaints and customer service queries
  • Internal record-keeping and business administration
  • Sending service-related communications (e.g. policy updates, changes to opening hours)

4.5 To Send You Marketing — Consent (or Legitimate Interests for existing customers)

  • Sending promotional emails, newsletters, and offers — only where you have opted in, or (for existing customers) where we have a legitimate interest and you have not opted out
  • Showing relevant advertising online where you have consented to cookies

You can withdraw your consent to marketing at any time by clicking “Unsubscribe” in any of our emails, or by contacting us at info@spiceeire.ie.

4.6 Cookies and Analytics — Consent

Non-essential cookies (analytics, functional and marketing cookies) are only placed with your consent, obtained via our cookie banner. See Section 5 for full details.

5. Cookies and Similar Technologies

Our website uses cookies — small text files placed on your device — as well as similar technologies such as web beacons and pixel tags. Below is a summary of the types we use.

5.1 Strictly Necessary Cookies

These cookies are essential for the website to function. They enable core features such as shopping basket functionality, user log-in sessions, and security measures. These cookies cannot be disabled without breaking the website.

  • Shopping cart and checkout session management
  • User authentication (keeping you logged in)
  • Security and fraud prevention tokens

Legal basis: Legitimate interests (essential operation of the site).

5.2 Performance and Analytics Cookies

These cookies help us understand how visitors use our website — for example, which pages are most popular and whether visitors encounter errors. The information is aggregated and does not directly identify you.

  • Analytics tools such as Google Analytics

Legal basis: Consent.

5.3 Functional Cookies

These cookies remember choices you have made (such as your preferred language or currency) to give you a more personalised experience.

Legal basis: Consent.

5.4 Marketing and Targeting Cookies

These cookies are set by our advertising partners to build a profile of your interests and show you relevant adverts on other websites. They do not store directly personal information, but are based on uniquely identifying your browser and device.

Legal basis: Consent.

5.5 How to Manage Cookies

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You can change your preferences at any time by clicking the cookie settings link in our website footer.

You can also control and delete cookies through your browser settings. For guidance on how to do this, visit www.aboutcookies.org. Please note that disabling certain cookies may affect the functionality of our website.

For more information about Google Analytics cookies and how to opt out, visit tools.google.com/dlpage/gaoptout.

6. Who We Share Your Data With

We do not sell your personal data to any third party. We share your data only where necessary to provide our services, comply with legal obligations, or protect our legitimate business interests. The categories of recipient are:

6.1 Payment Processors

When you make a purchase online, your payment details are transmitted securely to our payment processor(s). These providers are independently certified to industry security standards (PCI-DSS) and have their own privacy policies governing use of your data.

6.2 Delivery and Fulfilment Partners

If you choose home delivery, we share your name, delivery address, phone number, and order details with the relevant delivery partner (such as Just Eat) to enable fulfilment of your order.

6.3 Hosting and IT Service Providers

Our website is hosted by third-party providers. These companies store and process data on our behalf under strict contractual obligations and are not permitted to use your data for their own purposes.

6.4 Analytics Providers

We use third-party analytics tools (such as Google Analytics) to understand website performance. Data shared with these providers is typically pseudonymised or aggregated.

6.5 Legal and Regulatory Authorities

We may disclose personal data to the Revenue Commissioners, An Garda Síochána, the Data Protection Commission, courts, or other regulatory bodies where we are required or permitted to do so by law, or to protect the rights, property, or safety of Spice Éire, our staff, or our customers.

6.6 Professional Advisors

We may share data with our accountants, lawyers, auditors, or insurers where necessary, subject to obligations of professional confidentiality.

7. International Transfers of Data

Spice Éire is based in Ireland and our primary data processing takes place within the European Economic Area (EEA). However, some of our service providers (for example, certain cloud-hosting or analytics platforms) may process data outside the EEA.

Where this occurs, we ensure that appropriate safeguards are in place, such as:

  • The European Commission’s Standard Contractual Clauses (SCCs), which require the recipient to protect your data to the same standards as apply within the EEA
  • Transfers to countries that the European Commission has determined provide an adequate level of data protection
  • Binding Corporate Rules (where the recipient organisation has adopted approved internal data protection policies)

You can request details of the specific safeguards in place for any transfer by contacting us at info@spiceeire.ie.

8. How Long We Keep Your Data

We keep your personal data only for as long as necessary to fulfil the purposes set out in this policy, unless a longer retention period is required by law. Our key retention principles are:

  • Customer account data: Retained for as long as your account is active. If you close your account, we will delete or anonymise your data unless we are required to retain it for legal or financial reasons.
  • Order and transaction records (including invoices): Retained for a minimum of six years in accordance with Irish tax and accounting law (including obligations under the Taxes Consolidation Act 1997 and the requirements of the Revenue Commissioners).
  • Marketing preferences and consent records: Retained for as long as you remain a subscriber, plus a reasonable additional period to evidence consent (typically three years after you last interacted with us).
  • Customer communications and complaints: Retained for up to three years following resolution of the matter.
  • Website analytics data: Retained in accordance with the settings of the relevant analytics platform (typically 14 months for Google Analytics). Aggregated/anonymised data may be kept indefinitely.
  • Security and fraud-prevention logs: Retained for up to 12 months, or longer if required by an ongoing investigation.

9. How We Protect Your Data

We take data security seriously. We have implemented appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include:

  • HTTPS encryption on our website, so data in transit between your device and our server is protected
  • Secure, encrypted storage of passwords (we never store passwords in plain text)
  • Restricted access to personal data — only staff who need to access your information to perform their role are permitted to do so
  • Use of PCI-DSS compliant payment processors so that full card details are never transmitted to or stored on our systems
  • Regular review of our security practices and those of our suppliers

While we take all reasonable precautions, no method of data transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours of becoming aware of it and, where required, notify you directly without undue delay.

10. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights. You can exercise any of these rights by contacting us at info@spiceeire.ie or in writing to either of our store addresses.

10.1 Right of Access

You have the right to ask us whether we hold personal data about you and, if so, to receive a copy of that data along with details of how we use it. This is known as a Subject Access Request (SAR).

10.2 Right to Rectification

If the personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct or complete it.

10.3 Right to Erasure (“Right to Be Forgotten”)

In certain circumstances, you have the right to ask us to delete your personal data — for example, where it is no longer needed for the purpose for which it was collected, or where you withdraw consent and we have no other legal basis to keep it. This right does not apply where we are required to retain the data to comply with a legal obligation (such as tax record retention).

10.4 Right to Restriction of Processing

You may ask us to suspend processing of your data in certain circumstances — for example, while you contest the accuracy of the data, or while we assess whether our legitimate interests override yours.

10.5 Right to Data Portability

Where processing is based on your consent or on a contract with you, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit that data to another controller.

10.6 Right to Object

You have the right to object at any time to:

  • Processing based on our legitimate interests — we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms
  • Direct marketing — we will always stop sending marketing messages if you object, with no questions asked

10.7 Right to Withdraw Consent

Where we rely on your consent to process personal data (e.g. for marketing emails or non-essential cookies), you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

10.8 Right to Lodge a Complaint

If you are unhappy with how we handle your personal data, we encourage you to contact us first so we can try to resolve the matter. You also have the right to lodge a complaint with the supervisory authority in Ireland:

We aim to respond to all data rights requests within one calendar month. In complex cases we may extend this by a further two months, but we will notify you if this is necessary.

11. Children’s Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental or guardian consent. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at info@spiceeire.ie and we will promptly delete that information.

12. Links to Third-Party Websites

Our website may contain links to external websites — for example, our delivery partners or social media platforms. We have no control over those websites and are not responsible for their content or privacy practices. We encourage you to read the privacy policy of any website you visit via a link from our site.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal requirements, or the services we provide. When we make material changes, we will post the updated policy on this page with a revised “Last updated” date, and we may notify you by email where appropriate.

We encourage you to check this page periodically to stay informed about how we protect your personal data.

14. How to Contact Us

To exercise any of your data rights, ask a question about this policy, or raise a privacy concern, please get in touch with us using any of the following methods:

  • Email: info@spiceeire.ie
  • Phone: 089 942 1135
  • Post — Kimmage:
    Spice Éire, 175 Kimmage Road Lower, Kimmage, Dublin 6W, D6W TR62
  • Post — Tallaght:
    Spice Éire, 2 Main Street, Tallaght, Dublin 24, D24 AHY8

We aim to acknowledge your enquiry within two working days and resolve it within one calendar month, as required by GDPR.