We use your data to ensure the shop operates safely, quickly, and smoothly, so you can order with confidence and easily find what you are looking for for the birds and other garden wildlife.

• Operation & improvement: we process what is necessary for logging in, shopping basket, checkout, and delivery, and we carry out limited measurement to make the site better every day.
• Marketing on your terms: we only carry out personalisation and (re)marketing with your consent. Without consent, the site remains fully usable.
• You are always in control: through Cookie Settings you choose per category and can change your choice at any time. We never sell your data, never keep it longer than necessary, and always respect your GDPR rights.

We are CJ WildBird Foods Ltd, the data controller responsible for processing your personal data in the United Kingdom. We operate the website birdfood.co.uk, which serves customers throughout the UK.

This privacy policy applies when you, as a (potential) customer, supplier or other business partner, interact or do business with us, use our website or online shop, or otherwise communicate with us (“you” / “your”).

For activities within the European Union/EEA, data processing is carried out under the responsibility of CJ Wildbird Foods Europe B.V., trading as “Vivara”, headquartered in the Netherlands. Depending on your location and the relevant service, other affiliated Vivara companies within Europe may also be involved. In this document, CJ WildBird Foods Ltd, CJ Wildbird Foods Europe B.V. and their affiliated entities are collectively referred to as “CJ, “Vivara”, “we”, “us”, or “our”.

Our online platforms include, birdfood.co.uk for the United Kingdom. And international our online platforms include among others Vivara.* domains (e.g. .ie, .de, .at, .fr, .nl, .be, .se, .dk, .no).

For privacy questions:

• In the United Kingdom, please contact privacy@vivara.com (or by post – see the contact details at the end of this policy).
• For EU/EEA enquiries, the same contact address applies; your question will be directed internally to the appropriate regional representative.

Age: our services are intended for adults. If you are under 16 years old, you will need the consent of a parent or guardian for marketing purposes (such as newsletters and marketing cookies).

Under the UK GDPR and the Data Protection Act 2018, personal data means any information relating to an identified or identifiable living individual. This can be direct (for example, your name or email address) or indirect (for example, through a customer number or online identifiers).

When you visit our website, place an order, contact our customer service, or do business with Vivara, we process your personal data where necessary to provide our services.

Examples include: your name, address and postcode, email address, telephone number, order and account details. When you visit our websites, technical and online identification data may also be processed, such as your IP address, device and browser information, user or session IDs, and cookie IDs (see our Cookie Notice).

“Processing” means any operation performed on personal data, such as collection, recording, organisation, storage, updating, consultation, use, sharing, protection, or erasure. Depending on the purpose, we rely on one of the following lawful bases under the UK GDPR: performance of a contract, legal obligation, legitimate interest, or, where required, your consent. You may withdraw your consent at any time; this does not affect any processing carried out prior to withdrawal.

For customers within the European Union/EEA, Vivara processes personal data in accordance with the EU General Data Protection Regulation (GDPR) under the same principles and lawful bases described above.

If you would like to learn more about what constitutes personal data under data protection law, please visit the UK Information Commissioner’s Office (ICO) at ico.org.uk. For EU reference, you can also consult the Dutch Data Protection Authority at autoriteitpersoonsgegevens.nl.

We store and use personal data only for clearly defined purposes. Non-essential processing that occurs through cookies, pixels, scripts, or tags is carried out only if you have given consent (see Cookie Notice). Other processing is based on contract performance, legal obligations, or our legitimate interest (safe, careful and efficient business operations). Below we explain the main purposes and legal bases.

3A. Security and fraud prevention

To offer our services safely, we process data to prevent abuse and fraud, to limit security risks and to ensure the reliability of our website, systems, and payments.

Examples: login/session protection, IP/device signals, anti-bot measures, and transaction/return anomaly detection.

Legal basis: legitimate interest; where applicable, legal obligation.

Sharing with authorities: only if we are legally obliged to do so (e.g. as part of an investigation or court order).

3B. Applying for a job at Vivara

When you apply for a position at Vivara, we process personal data to assess your application, communicate with you about the process and, if appropriate, make an offer.

Data processed (where provided by you or legally permitted): identification and contact details; education, work experience and skills (CV/cover letter); optional documents to verify identity/qualifications; preferences regarding role/location/availability; data necessary to prepare a conditional offer. Any background checks are performed only if and to the extent permitted by law and after you have been informed.

Legal basis: steps prior to entering an employment contract (pre-contractual), legitimate interest (selection/organisation), and, where required, legal obligation.

Note: recruitment may partly take place through an external ATS or recruitment platform; in such cases you will receive additional information there.

3C. Communication and business enquiries

We process your data when you contact us (for example via contact forms, email, telephone or chat) or request a quotation. This allows us to answer your question, handle your request or manage our (pre-)contractual relationship.

Examples: product or delivery questions, complaints handling, quotations, B2B requests.

Data: name, (business) contact details, content of your message and relevant order or account information.

Legal basis: contract performance or pre-contractual steps; legitimate interest (customer communication and quality assurance).

3D. Creating and managing an account

If you create a Vivara account, we process the data necessary to set up and manage your account.

Data: name, address, email, telephone; for business accounts additionally company name/type of organisation. Login credentials are stored in encrypted form.

Legal basis: contract performance; legitimate interest (preventing misuse and account management).

Choice: having an account is optional; you may also order as a guest.

3E. Newsletters and email marketing

If you subscribe to our newsletter, we use your data to inform you about offers, promotions, and news relating to biodiversity, (garden) wildlife and the products we offer. We measure, on an aggregated level, whether emails are opened and which links are clicked, so that we can improve our communication. If you consent, we may use your (hashed) email address to create audience lists with advertising platforms.

Data: name (optional), email address, preferences, interactions (open/click), and, if allowed, hashed email for audiences.

Legal basis: consent (you may unsubscribe at any time via the link in each email or via customer service).

Existing customers (soft opt-in): if we have obtained your email address in connection with a purchase, we may email you about similar own products without a separate opt-in, provided you have not opted out (Telecommunications Act). You can unsubscribe at any time.

3F. Website visits, cookies and (re)marketing

When you visit our website we use cookies and similar technologies for technical and functional management of the site, to improve performance and, only with your consent, for analytics, personalisation and (re)marketing (e.g. Google Ads/Meta and affiliate measurement via AWIN).

Data: IP address, (approximate) geolocation, customer/session/cookie IDs, operating system, browser and device type, on-site interactions.

Legal basis: strictly necessary/functional cookies under legitimate interest; analytical and marketing/personalisation cookies only with consent.

For more information, see the Cookie Notice for categories, vendors, retention periods and how to change your preferences.

Certain cookies and similar technologies are always active. These are essential for the proper functioning of the website and the service you have requested (such as login, shopping basket, checkout, security, and consent logging). They may process limited personal data (for example, session or device ID and a shortened IP address) but are not used for marketing purposes.

We use analytical cookies to collect aggregated statistics about the use and performance of our website, and for quality improvement and experiments (such as user research and A/B testing). Online identifiers (such as user/session ID, shortened IP address, and cookie ID) are used for aggregated insights and not for building individual marketing profiles. Behaviour-based personalisation (for instance, a more specific product offering) is considered marketing/personalisation at Vivara and takes place only with your consent.

For analytics we use, among others, Google Analytics 4 and, only after your consent and with masking where possible, Microsoft Clarity for session insights.

GA4 is configured in a privacy-friendly way (for example, no storage of raw IP addresses and no transmission of names or email addresses to GA4). Google’s use of GA4 data is restricted by Google’s terms of service. Data are not combined with other Google services (such as Google Ads) for personalised advertising unless you have given explicit consent.

With Google Consent Mode v2, our website respects your choice: without analytical or marketing consent, no analytics or marketing cookies are placed, and only, where technically possible, cookieless pings are sent for limited, aggregated measurement.

With your consent, we use marketing and social media cookies/pixels to show you more relevant advertisements and to communicate with you beyond our own website. This includes first-party tags and third-party tags from advertising and social media platforms.

Our partners may, based solely on your choice, process online identifiers (such as cookie ID, device or session ID) and, only where explicitly allowed by you, hashed email addresses for creating audiences (for instance, Custom/Matched Audiences).

Examples of providers that may be used depending on your choice and country/market include (but are not limited to): Google (Ads/YouTube), Meta (Facebook/Instagram), Microsoft Advertising (Bing), AWIN (affiliate attribution), and, where relevant, other advertising platforms such as Pinterest and similar partners. Processing by these external parties is subject to their own privacy and cookie policies.

We never sell your data! We share personal data only when necessary (for example, for the purposes described above and with appropriate safeguards). Categories of recipients include:

• Delivery and logistics partners
• Payment service providers and fraud/risk partners
• IT, hosting, analytics, A/B testing and security service providers
• Marketing and advertising partners (including affiliate networks and social media platforms, only with consent for marketing)
• Customer service and communication platforms (such as email or ticketing systems)
• Professional advisers (legal, financial) and, where required, regulators or authorities

We conclude data processing agreements with all processors in compliance with the GDPR.

To conclude and perform a purchase agreement, we require certain data (such as your name, delivery address, contact and payment details). If you do not provide these, we cannot process or deliver your order. Providing data for marketing purposes is voluntary; without consent, you will not receive personalised marketing and marketing cookies will remain disabled.

We primarily receive personal data from you. In addition, depending on your settings and the channel, we may receive limited data via

(i) affiliate or advertising partners for attribution and reporting,

(ii) delivery and payment service providers for delivery or payment status, and

(iii) our customer service providers for contact handling.

In all cases, we only receive what is necessary for the relevant purpose.

We retain personal data only as long as necessary for the purposes for which we obtained them, or as long as legally required. After that, we delete or anonymise the data.

If you have a Vivara account, we keep the data needed for login and to provide our services for as long as your account is active. After termination or prolonged inactivity, we retain a limited set of account data for up to 24 months for support, abuse prevention, administration, and legal retention.

Online data collected through cookies or similar technologies are stored according to the retention period per cookie/technology, as visible in Cookie Settings and explained in our Cookie Notice.

Depending on the service, your personal data may be stored and/or processed on secure servers within the UK (and, for EU/EEA activities, under the responsibility of CJ WildBird Foods B.v. in the Netherlands).

We work only with reliable providers that offer contractual guarantees and maintain appropriate security standards (e.g. ISO 27001). If data are processed outside the EEA, we apply suitable safeguards (such as the EU–US Data Privacy Framework or EU Standard Contractual Clauses with additional measures).

Where possible, we use geo-redundant storage within the EU and limit international data transfers to what is strictly necessary.

We process personal data in accordance with the GDPR and ePrivacy rules and ensure compliance with the principles of Article 5 GDPR (including lawfulness, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality).

Our webshop uses a secure TLS/SSL connection. We take appropriate technical and organisational measures, such as encryption (in transit and, where appropriate, at rest), need-to-know access control (MFA/role-based access), logging and monitoring, patch and vulnerability management, backups and recovery plans, system segmentation, regular staff training and DPIAs where necessary.

Suppliers are assessed via data processing agreements, transfer safeguards (such as SCCs or DPF), and information security requirements (e.g. ISO 27001 or SOC reports).

Despite our security measures, a security incident may still occur. Vivara follows a data breach procedure: we detect, investigate, and contain every incident immediately and document the nature, (potential) consequences, and corrective or preventive actions taken.

We maintain a register of all (possible) personal data breaches, even if they ultimately do not require notification. Where a breach is notifiable, we report it without undue delay and, where possible, within 72 hours to the relevant Data Protection Authority. If the incident is likely to result in a high risk to individuals, we will also inform the affected data subjects without undue delay.

Under the GDPR, you have the following rights, among others:

• Right to information and access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restriction of processing
• Right to data portability
• Right to object (Article 21 GDPR): you may object at any time to processing based on legitimate interest, and to processing for direct marketing (including profiling for direct marketing)
• Right to withdraw consent previously given (for example, cookie/marketing preferences via Cookie Settings or newsletters via the unsubscribe link in each email)
• Right not to be subject to automated decision-making producing legal effects or similarly significant consequences

We handle personal data with care and continuously strive to improve our services.

Do you have questions, comments, or wish to file a complaint? We are happy to help.

Did you know you can view, correct or delete your data through your account settings?

If this does not resolve your concern, or if you have other privacy-related questions, please contact us via email at privacy@vivara.com (or by post, see contact details below).

If you are not satisfied with our handling of your request, you may also file a complaint with your national Data Protection Authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

You can contact us by post at:

• CJ Wildbird Foods Europe B.V.
• Energieweg 16
• 5804 CE Venray
• The Netherlands
• Email: privacy@vivara.com

This privacy notice may be updated to reflect changes in legislation and/or in the way we process personal data.

Last updated: 1 October 2025.