Privacy Notice

Summary: We process limited personal data about your personnel (e.g., contact and billing details) to operate trade accounts, fulfil orders, provide support, and send service and (with consent or legitimate interests) marketing communications.

This Privacy Notice summarises our approach for wholesale customers. It complements, and should be read with, our full Privacy Policy available on the Website.

Who We Are

Sugar Plum Sweetery Limited (details above) is the data controller for personal data it processes about your personnel in connection with trade accounts and orders. Contact us via the Contact Us page or hello@sugarplumsweetery.ie for any privacy request.

Data We Collect

  • Identity & Contact: names, job titles, business emails, phone numbers, delivery addresses, delivery instructions.

  • Account & Transaction: login identifiers, order history, invoices, payment status, support interactions.

  • Payment: limited card details processed by our payment providers; we do not store full PANs.

  • Technical/Usage: IP, device/browser info, cookies (see Cookie section on the Website).

We generally do not collect special category data. Please do not send such data to us.

How & Why We Use Data (Legal Bases)

  • Account setup & contract performance: to take and fulfil orders, deliver products, manage returns/RMAs, and provide support.

  • Legitimate interests: account administration, fraud prevention, Website security, and B2B marketing about similar products (you can opt out anytime).

  • Legal obligations: tax/audit, product safety, lawful requests.

  • Consent: where we rely on it (e.g., certain marketing channels). You can withdraw consent at any time.

Sharing & International Transfers

We share data with service providers (hosting, payments, logistics, support tools), professional advisers, regulators and, if applicable, a buyer of our business.
Where data is transferred outside the EEA/UK, we use appropriate safeguards (e.g., EU Standard Contractual Clauses and, where applicable, transfers to organisations certified under the EU-U.S. Data Privacy Framework), plus additional measures where required.

Security & Retention

We use administrative, technical and physical controls (including SSL/TLS) and restrict access on a need-to-know basis.
We retain business records for as long as necessary for contract performance and legal compliance (typically up to 5 years post-contract), and longer where required by law or to establish/exercise/defend legal claims.

Your Rights

Your personnel may have rights to access, rectify, erase, restrict or object to processing, and data portability (subject to legal limits). To exercise rights or make a complaint, contact us. You may also complain to the Data Protection Commission (www.dataprotection.ie).

Cookies & Marketing

See our Cookie section for details of cookies used and how to manage preferences.
We may send B2B marketing about similar products to existing customers based on legitimate interests; you can opt out at any time (unsubscribe link or contact us).