Fish Meat & MoreFish Meat & More
Sign in

Legal & Policies

Last updated: 1 June 2026. Fish Meat & More operates in Portsmouth & Southampton, United Kingdom.

Privacy Policy

This Privacy Policy explains how Fish Meat & More collects, uses and protects your personal data in accordance with the UK GDPR and the Data Protection Act 2018.

Data we collect

  • Account: name, email, phone, password hash.
  • Orders: delivery address, postcode, order history, notes.
  • Payments: card payments are processed entirely by Stripe (a PCI-DSS Level 1 certified payment provider). We never see, store or transmit your full card number, CVC or bank account details — only a Stripe transaction reference and, where Stripe returns it, the card brand and last 4 digits for your receipt.
  • Technical: IP address, device, browser, cookies (see Cookie Policy).

How we use your data

  • To process orders and deliveries (contract).
  • To send service notifications by email, SMS or push (contract / consent).
  • To comply with tax, food-safety and legal obligations (legal obligation).
  • To improve and secure the Service (legitimate interests).

Sharing

We share order details with the relevant Seller to fulfil your order, and with our processors: Stripe (payments), Supabase / Cloudflare (hosting & database), and email/SMS providers. We never sell your personal data.

Payments & bank security

  • All card payments are handled on Stripe's own PCI-DSS Level 1 certified infrastructure. Card details are entered directly into Stripe's hosted checkout — they do not pass through Fish Meat & More's servers.
  • Payments travel over TLS 1.2+ encrypted connections, and Stripe applies 3-D Secure (Strong Customer Authentication) where required by UK/EU regulations.
  • Stripe runs continuous fraud monitoring (Stripe Radar) on every transaction.
  • Customer bank details used for refunds are held only by Stripe; Fish Meat & More cannot view or export them.
  • Seller payout bank details are held by Stripe under their FCA-authorised payment-institution permissions and are never shown to customers or other sellers.
  • You can request a copy of your Stripe payment history at any time by emailing support@freshvanman.co.uk.

Retention

Order and tax records are retained for 6 years as required by HMRC. Marketing preferences are kept until you withdraw consent. Account data is deleted on request unless retention is legally required.

Your rights

  • Access, rectification, erasure, restriction, portability, objection.
  • Withdraw consent at any time.
  • Complain to the ICO (ico.org.uk).

To exercise any right, email support@freshvanman.co.uk.

Security

Data is encrypted in transit (TLS) and at rest. Access is controlled by row-level security policies, role-based access, and authentication tokens. Passwords are hashed and checked against breached-password databases. Card and bank data are never stored on our servers — they are held by Stripe under PCI-DSS Level 1 certification.