Privacy Policy

Welcome to the Privacy Policy ("Privacy Policy") of the Sunoptic Website (the "Website").

The Website is operated and maintained by:

Sunoptic International Limited,
79 College Road, Harrow – Middlesex
HA1 1BD United Kingdom
(in the following: "Sunoptic", "We" or "Us"). 

This Privacy Policy explains how We collect, store, protect, and share information about our users ("You") as defined below ("Personal Data"), and with whom We share it. Sunoptic is the controller of Your Personal Data in the meaning of Art. 4(7) of the EU General Data Protection Regulation ("GDPR"). We suggest You read this Privacy Policy in conjunction with our Website General Terms and Conditions of Use available at

1. Collection and Processing of Personal Data

Below, We inform You about the Personal Data about You that We are processing. Personal Data means information concerning the personal or material circumstances of an identified or identifiable individual (i.e. data subject - You). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.1.  Log and Usage Data

Our servers automatically record information ("Log and Usage Data") created by Your use of the Website, which in turn helps Us improve our service. Log and Usage Data may include information such as Your IP address, browser type, the referring domain, pages visited, access times, Your mobile carrier, and search terms. An IP address is a number associated with the service through which You access the Internet, like Your ISP (Internet service provider), Your company or Your university.

The collection and processing of the Personal Data mentioned in the previous paragraph is based on Art. 6 para. 1 (f) GDPR. Our legitimate interest is to administer the Website, improve our services and to detect and avoid hacker attacks. We will delete log-files as soon as they are no longer needed for the purpose for which they have been collected, at the latest after 7 days.

1.2.  Registration Information

In order to be able to access the contents of the Website, You may need to register. For this purpose,

We collect the following Personal Data ("Registration Information") about You:

  • First Name;

  • Last Name;

  • E-Mail Address;

  • Telephone Number;

  • Fax;

  • Company Name;

  • Company Address

    You will also be required to create a username and password in connection with the registration of Your Account. Once You register, You will be able to review and change this information at any time. This information helps to enhance the Website and verify our users.

The collection and processing of the Personal Data mentioned in the previous paragraph is based on Art. 6 para. 1 (b) GDPR (necessary for the performance of a contract with You).

1.3.  Order Data

For the purposes of fulfillment of orders, We process information including item numbers, size, name, delivery address and phone number associated with Your order. Such data is required by Sunoptic to carry out the delivery of the order.

The collection and processing of the Personal Data mentioned in the previous paragraph is based on Art. 6 para. 1 (b) GDPR (necessary for the performance of a contract with You).

1.4.  Payments

For the purposes of payment processing, We process the personal data required for this purpose and pass them on to payment service providers commissioned by Us.

Depending on your selected payment method, the data required for payment processing will be transferred to the selected payment service provider. You will find more detailed information on the payment methods and providers offered below. Regardless of the payment method, all data is transmitted in encrypted form.

You have the possibility to choose any payment method We offer. The legal basis for the processing of your data for the purpose of payment processing, regardless of the payment method, is Art. 6 para. 1 (b) GDPR. In addition, we have a legitimate interest to offer an effective and secure payment method.

1.4.1. We offer You the following payment methods:

  • Credit Card;

  • Debit Card;

  • Bank Transfers;

  • PayPal (Europe) Sàrl et Cie S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg,; and

  • Collect on Delivery (in selected countries)

1.4.2. Data required for payment processing may be transferred to the following selected payment service provider:

• Telecash (First Data GmbH Marienbader Platz 1, 61348 Bad Homburg vd Hõhe,

1.4.3. If You choose to pay via Our offered payment methods, We process Personal Data required for this purpose and may pass the following data on to the payment service provider:

  • First and last name;

  • Date of birth;

  • Phone number;

  • E-mail address;

  • IP address;

  • Billing and delivery address;

  • Country;

  • Order date;

  • Amount paid;

  • Browser, device used

1.5. Email Communication

1.5.1. Newsletter

We may send You our Newsletter and other marketing emails for direct advertising subject to Your prior double opt-in consent. Once You have subscribed, You will receive a link by email which You can use to activate the newsletter service. In other words, We will send an email to the address given when You subscribed in which We ask for confirmation that you want to receive the newsletter. If You do not confirm Your subscription, Your data will not be saved in our email dispatch tool. You have the right to opt-out of receiving such emails at any time with future effect. Please click on the "unsubscribe" link in the email and follow the instructions.

1.5.2.  Direct marketing

Email addresses collected when registering for an Account are used for direct marketing of our own and similar products and services. If You no longer wish to receive direct marketing, You can refuse to allow the use of Your email address at any time. The unsubscribe link can be found in the footer of every email.

1.5.3.  Analysis of user behavior

When We send the newsletter or emails for direct marketing to You, We analyze Your user behavior, i.e. what You open and click on, Your most frequently visited page or duration of Website usage. Your user behavior is technically analyzed by Google Analytics and Mailchimp. For details on how theses service providers process Your Personal Data, please see Section 4.3. This allows us to draw conclusions regarding Your user behavior, in order to improve our email approach and ensure that You only receive emails that are of interest to You. If You want to prevent personalization and tracking, or You do not agree to processing for the purposes indicated, You can refuse to this by changing Your profile settings accordingly.

The collection and processing of the Personal Data mentioned in the previous paragraphs is based on Your consent in accordance with Art. 6 para. 1 (a), 7 GDPR (i.e. Your consent).

1.6.  Mobile Device Identifiers

If You access our Website on Your mobile telephone or other mobile device, including iPads and other tablets, We collect Your mobile device identifier and IP Address. We may create and assign to Your device an identifier that is similar to an account number. We may collect the name You have associated with Your device, device type, telephone number, country and any other information You choose to provide, such as user name, character name, geo-location or e-mail address.

If You turn these features on, We may collect Your device's geolocation data and save Your device's coordinates to offer certain features to You. We may also use Your device's geolocation information to personalize the Website. You can control Your location information settings in Your Account settings and switch them off if You really want to. Even if You have disabled location services, We may still determine Your city, state, and country location based on Your IP address (but not Your exact location).

The collection and processing of the Personal Data mentioned in the previous paragraph is based on Art. 6 para. 1 (f) GDPR. According to Art. 6 para. 1 (f) GDPR the processing of Personal Data is lawful if it is necessary for the purpose of the legitimate interests of the data controller (Sunoptic) except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (You). Our legitimate interest is to administer the Website, improve our services and to detect and avoid hacker attacks.

1.7.  Customer Support

If You contact our Support team, We will receive Your email address, and may track Your IP address as well as the information You send to Us to help resolve Your query. We will keep records of our communications with You, including any complaints that We receive from You about other Users (and from other Users about You).

The collection and processing of the Personal Data mentioned in the previous paragraph is based on Art. 6 para. 1 (b) GDPR (necessary for the performance of a contract with You).

1.8. Additional Use of Personal Data

As applicable, We may also use the Personal Data about You to:

  • identify how You use our Website and to improve its stability, user flow and graphical interface;

  • provide You with services or information You have requested or products You have ordered;

  • prevent or investigate fraud or potentially illegal activities and monitor and enforce our Website Terms and Conditions;

  • monitor or improve the use of the Website or solicit input and feedback;

  • contact You about the Website, technical support, Your account or other inquiries;

  • deliver, customize and target the advertising and content You see (see Section 4 on Cookies);

  • send promotional materials or special offers; and

  • disclosure of Your Personal Data in limited circumstances (see Section 2).

    The collection and processing of the Personal Data mentioned in the previous paragraph is based on Art. 6 para. 1 (f) GDPR (necessary for the purposes of our legitimate interests whereby our interests lie in the above purposes).

2. Disclosure of Your Personal Data

Our policy is to not disclose Your Personal Data except in the limited circumstances described in the following:

2.1.  Service Providers

We may transfer Your Personal Data to our service providers. Our service providers may be located in countries, other than the country in which data was originally collected, including destinations outside the European Economic Area ("EEA"). Those countries may not have the same data protection laws as the country in which You provided the data. When We transfer Your data to other countries, We will protect and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA.

We will only transfer Your Personal Data if the country to which the Personal Data will be transferred has been granted a European Commission adequacy decision; or We have put in place appropriate safeguards in respect of the transfer, for example We have entered into EU standard contractual clauses with the recipient, or the recipient is a party to binding corporate rules.

We may share Your Personal Data with these third parties, but only for the purposes of performing these functions and providing such services and subject to the required data processing contracts. We do not share for commercial and/or marketing related purposes. The transfer of the Personal Data mentioned in the previous paragraph is based on Art. 6 para. 1 (f) GDPR (necessary for the purposes of our legitimate interests whereby our interests lie in the efficient provision of our services).

2.2.  Law Enforcement

We will cooperate with law enforcement enquiries if and to the extent in compliance with applicable data protection laws. This may include preserving or disclosing any of Your Personal Data, if We believe in good faith that it is necessary to comply with a law or regulation, or when We believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal request; to address fraud, security or technical issues; or to protect our rights or property. As the case may be, the collection and processing of the Personal Data mentioned in this paragraph is based on Art. 6 para. 1 (f) GDPR - our legitimate interest is to enforce and protection our rights - or on Art. 6 para. 1 (c) (necessary in order to comply with a legal obligation of the data controller (Sunoptic).

2.3. Business Transfers

In the event that Sunoptic or any of our affiliates are involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, Your information may be transferred as part of that transaction if and to the extent in compliance with applicable data protection laws. The collection and processing of the Personal Data mentioned in this paragraph is based on Art. 6 para. 1 (f) GDPR. Our legitimate interest is to be able to meet our obligations in connection with any such transaction.

3. Data Storage and Retention

We use Microsoft Azure, a third party server to host our website. Your Personal Data will exclusively be stored on servers located inside the EEA and subject to the required data processing contract We concluded to ensure an adequate level of protection of Your Personal Data. Unless stated otherwise in this Privacy Policy, We will retain and use Your information as necessary to fulfill the purposes for which they have been collected, in order to comply with our legal obligations, resolve disputes and/or to enforce our agreements. We retain Your Personal Data for no longer than is necessary for the purposes stated in this Privacy Policy.

4. Cookies

Cookies are small data files that are transferred to Your computer's hard disk. Like many websites, We use "cookie" technology to collect additional website usage data and to improve Sunoptic.

The cookies We collect enable Us to learn how people interact with Sunoptic. Cookies store information about Your visits on the Website and can recognize You and Your preferences each time You visit the Website. They help Us to provide a better service to You.

If for any reason You decide that You do not want all of Your Sunoptic activities to be stored You may set Your browser and mobile settings to block cookies and local storage devices, but please remember that if You do so, You may not be able to access all of the features Sunoptic offers.

We may use the term "cookies" to refer to all technologies that We may use to store data in Your device or that collect information or help us identify You in the manner described above, such as web beacons or "pixel tags".

4.1.  Required and Functional Cookies

Some cookies are required for the Website to function and cannot be disabled. Without these Cookies, You will not be able to view our site properly. We also use functional cookies, which help us to improve our Website performance.

The collection and processing of the Personal Data mentioned in this section is based on Art. 6 para. 1 (f) GDPR. Our legitimate interest is to analyze the use of the Website and to improve our services. Required cookies are stored for the length of Your browser session.

4.2.  Performance Cookies and Advertising Cookies

These cookies allow us to analyze site usage so We can measure and improve performance. They are also used by advertising companies to serve ads that are relevant to Your interests. These Cookies contain a unique key to distinguish individual users’ browsing habits.

If you want to prevent performance cookies and advertising cookies from being saved, You can change Your cookie preferences at any time by changing Your cookie settings above.

The legal basis for performance cookies and advertising cookies is consent in accordance with Art. 6 para. 1 (a) GDPR. Obviously, You can withdraw Your declarations of consent for the future at any time. If You no longer agree to us providing Your data to the service providers mentioned in our privacy policy, You can opt-out in the cookie settings on the Website.

4.3.  How We Use Cookies
We use cookies and similar technologies for a number of reasons, as specified below.

The specific names and types of the cookies, web beacons, and other similar technologies We use may change from time to time. However, the cookies We use generally fall into one of the following categories:

Type of Cookie

Why We Use These Cookies


Domain Source


These cookies are necessary in order to allow the Website to work correctly. They enable You to access the Website, move around, and access different services, features, and tools. Examples include remembering previous actions (e.g. entered text). These cookies cannot be disabled.


These cookies remember Your settings and preferences and the choices you make
(such as language or regional preferences) in order to help us personalize
Your experience and offer You enhanced functionality and content.


These cookies can help us identify and prevent security risks.
They may be used to store Your session information to prevent others from
changing Your password without Your login information.


These cookies can help us collect information to help us understand how You use our Site, for example whether you have viewed messages or specific pages and how long You spent on each page. This helps us improve the performance of our Site.

Analytics and Research

The Website uses Google Analytics, a third-party web analysis service provided by Google Inc. ("Google"). Google Analytics uses "performance cookies" to analyze how You use the Website and Services. The information generated by the cookie about Your use of the Website and Services (including Your IP address) will be transmitted to and stored by Google on servers in the United States. This Website uses Google Analytics with the extension code "gat._anonymizeIp()"; therefore, only abbreviated IP addresses will be further processed, so that a direct connection to the individual user is eliminated. Your IP address will be shortened beforehand by Google (i.e. the last octet of the IP address will be anonymized) within member states of the European Union or in other signatory states of the Treaty on the European Economic Area. Only in exceptional cases, will the full IP address be transmitted to a Google Server in the USA and shortened there. Google will use this information on behalf of the Website operator for

the purpose of evaluating Your use of the Website and Services, compiling reports on Website activity, and providing other services to Website operators relating to Website activity and Internet usage. Google will not associate the IP address transmitted under Google Analytics by Your browser with other data held by Google. You may prevent the use of Google Analytics by disabling cookies in the browser's set up screen. You may prevent the storage of cookies by selecting the appropriate settings on Your browser software; however, We must advise You that in this case, You might not be able to use all functions of this Website to the full extent. You may prevent Google from recording the data generated by the cookie and pertaining to Your use of the Website and Services (including Your IP address), or processing these data by downloading and installing the following browser plug-in available through Google at the following link: The legal basis for the use of Google Analytics is Article 6 para. 1 (a) GDPR.

The recipient of the collected data is Google. The personal data is transferred on the basis of the EU standard contractual clauses. (Article 46 GDPR). For more information about Google analytic cookies, please see Google's help pages and privacy policy:

  • Google's Privacy Policy

  • Google Analytics Help pages

5. Children

Our Website is not intended for children under the age of 16 and We do not knowingly collect any Personal Data from children under the age of 16. Children that are at least 16 years old may use the Website subject to the prior opt-in to the collection and processing of their Personal Data as described in this Privacy Policy.

6. Security

Here at Sunoptic, We pride ourselves on taking commercially reasonable security measures to help protect Your Personal Data against loss, modification, misuse and unauthorized access, or disclosure. We use reasonable security measures to safeguard the confidentiality of Your Personal Data such as secured servers using firewalls. We use access control mechanisms to ensure that only authorized personnel can access Your Personal Data. Unfortunately, no website or internet transmission is ever completely 100% secure and even We cannot guarantee that unauthorized access, hacking, data loss or other breaches will never occur, but here are some handy tips to help keep Your data secure. Please make sure You log out of Your Account after use. Please don't share Your password with anyone else.

7. Links to Third Party Websites

The Website may from time to time contain links to and from third party websites. If You follow a link to one of these websites, please note that these websites are subject to their own privacy regulations and We cannot assume any responsibility or guarantee for third-party data protection conditions.

Please make sure that You are aware of the applicable privacy policy before sending Personal Data to these websites.

8. Changes to this Policy

We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of Your Personal Data and will always be at By continuing to access or use the Website after those changes become effective, You agree to be bound by the revised Privacy Policy.

9. Your Rights

You have certain rights over Your Personal Data and We as data controller are responsible for fulfilling these rights as follows:

  • You may access and review Your Personal Data held by Us as a data controller at any time free of charge.

  • You may request the correction and/or deletion and/or blocking of Your Personal Data as the case may be.

  • You may request the restriction of data processing.

  • Where Personal Data is processed based on Your consent, You may withdraw Your consent at any time by contacting Us.

  • You have the right to receive the Personal Data We retain about You in a structured, commonly used and machine-readable format. Upon Your request, we will transfer Your Personal Data to another data controller. In order to exercise any of the rights mentioned in this section or should You have any questions, comments or inquiries concerning our collection, processing and use of Your Personal Data, please contact Us at You also have the right to lodge a complaint with the competent data protection authority.

This Website Privacy Policy was last updated on March 15, 2022.