Privacy Policy

1Introduction

This Privacy Policy explains how Equinutrients Ltd ("we", "us", "our"), the operator of okapi-shop.com (the "Site"), collects, uses, stores, shares, and protects your personal data when you visit our Site, place an order, create an account, subscribe to our communications, or otherwise interact with us.

We are committed to protecting your privacy and processing your personal data lawfully, fairly, and transparently in accordance with applicable data protection laws.

This policy should be read alongside our Terms & Conditions of Sale and our Cookie Policy.

2Who We Are (Data Controller)

For the purposes of UK data protection law, the data controller responsible for your personal data is:

Where personal data is shared with OKAPI GmbH (the manufacturer of OKAPI products, located in Berlin, Germany) for the limited purposes of order fulfilment, product supply or product safety, OKAPI GmbH acts as a separate controller for its own processing or as our processor where appropriate.

3Applicable Data Protection Laws

Depending on your location, the following data protection laws may apply to the processing of your personal data:

• United Kingdom: UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
• European Economic Area: EU General Data Protection Regulation (EU GDPR).
• Australia: Privacy Act 1988 (Cth) and the Australian Privacy Principles.
• California, USA: California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA).

4Personal Data We Collect

4.1 Data you provide directly

• Account & order data: name, billing and delivery address, email, telephone number, order history.
• Payment data: payment method, partial card details (last 4 digits only); full card data is processed by our PCI-DSS-compliant payment service providers and never stored by us.
• Communications: emails, contact form submissions, customer service correspondence.
• Marketing preferences: consent to email newsletters, marketing preferences.

4.2 Data collected automatically

• Technical data: IP address, browser type and version, device type, operating system, referring URL.
• Usage data: pages visited, time spent, products viewed, items added to cart.
• Cookies and similar technologies: see our Cookie Policy for details.

5Purposes & Legal Bases for Processing

We process your personal data for the following purposes, on the legal bases set out below (UK GDPR Art. 6):

5.1 To fulfil your order — Art. 6(1)(b) (contract)

Processing necessary to take steps prior to entering into a contract and to perform the contract: order processing, payment, delivery, customer service, returns and refunds.

5.2 To comply with legal obligations — Art. 6(1)(c)

Retention of invoices and order records for tax and accounting purposes (typically 6 years under UK tax law); compliance with consumer protection law; product safety obligations under UK feed law.

5.3 Legitimate interests — Art. 6(1)(f)

Site security, fraud prevention, IT operations, basic web analytics in aggregated form, internal record-keeping. We balance these interests against your rights and provide an opt-out where appropriate.

5.4 Consent — Art. 6(1)(a)

Marketing emails, non-essential cookies, and any other processing for which we ask for your explicit consent. You can withdraw consent at any time.

6Sharing Your Data

We share your personal data only where necessary, and only with the following categories of recipient:

• Payment processors — to process card payments and PayPal transactions (e.g. Stripe, PayPal).
• Couriers and delivery partners — to deliver your order (name, address, phone if needed for delivery).
• OKAPI GmbH (manufacturer) — for product supply, batch traceability and product safety obligations.
• IT & hosting providers — under appropriate data processing agreements.
• Email marketing platforms — only where you have given consent (e.g. Klaviyo, Mailchimp).
• Professional advisors — accountants, auditors, lawyers, where necessary.
• Authorities — where legally required (e.g. HMRC, courts, regulators).

We do not sell your personal data to third parties.

7International Transfers of Data

Some of our service providers (including OKAPI GmbH in Germany and certain hosting / email providers) are located outside the United Kingdom. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

• Transfers to countries covered by a UK adequacy decision (including EU/EEA Member States);
• Standard contractual clauses approved by the UK Information Commissioner's Office (ICO);
• Where applicable, the UK Addendum to the EU Standard Contractual Clauses for transfers to providers in third countries.

You can request a copy of the relevant safeguards by contacting us at info@okapi-shop.com.

8Data Retention

We keep your personal data only for as long as necessary for the purposes for which it was collected:

• Order & invoice records: 6 years after the end of the relevant financial year (UK tax law).
• Customer accounts: for as long as your account remains active, plus a reasonable period after closure.
• Marketing data: until you withdraw consent or unsubscribe.
• Customer service correspondence: typically 3 years.
• Web analytics & cookies: see our Cookie Policy.

9Your Rights

Under UK GDPR, you have the following rights in respect of your personal data:

• Right of access — to obtain a copy of your personal data.
• Right to rectification — to correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — in certain circumstances.
• Right to restriction of processing — in certain circumstances.
• Right to data portability — to receive your data in a structured format.
• Right to object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, please contact us at info@okapi-shop.com. We will respond within one month, or inform you if we need an extension.

9.1 Australian customers

You also have the rights set out in the Australian Privacy Principles. You may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

9.2 California customers

You have the right to know what categories of personal information we collect and how we use them; the right to delete your personal information; the right to correct inaccurate information; the right to opt out of any "sale" or "sharing" of personal information (we do not sell your data); and the right not to be discriminated against for exercising these rights. To submit a request, please contact us at info@okapi-shop.com.

10Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (HTTPS/TLS), restricted access controls, secure hosting, and regular security reviews. Payment data is processed by PCI-DSS-compliant providers and is never stored on our own servers.

While we take all reasonable steps to protect your data, no transmission over the internet is 100% secure. If we become aware of a personal data breach affecting your data, we will notify you and the ICO in accordance with UK GDPR.

11Children's Privacy

Our Site is intended for adults. We do not knowingly collect personal data from children under 13 years of age. If you believe a child has provided us with personal data, please contact us so we can delete it.

12Changes to This Policy

We may update this Privacy Policy from time to time, for example to reflect changes in law, technology, or our business. The latest version will always be available on this page, with the "Last updated" date shown at the top. Material changes will be communicated to registered customers by email.

13Contact Us

If you have any questions about this Privacy Policy or about how we use your personal data, please contact us: