The latin flavor gluten free from Venezuela to UK

Facebook Youtube Instagram Linkedin X-twitter Tiktok tiktok Whatsapp Tripadvisor

Privacy Policy (Arepas Station)

Last updated: 11/02/2026

Who we are

Arepas Station (“we”, “us”, “our”) operates this website: https://arepasstation.com (the “Site”).

Data controller: AREPA’S STATION LIMITED
Registered address: Unit 16 Cave Industrial Estate, Fen Road, Cambridge, England, CB4 1UN
Email: hello@arepasstation.com

If you have questions about this Privacy Policy or how we use your personal data, contact us using the details above.

What personal data we collect and why

1) Orders, checkout and customer accounts (WooCommerce)

When you place an order, create an account, or attempt a purchase, we may collect:

  • Identity & contact data: name, billing/shipping address, email, phone

  • Order data: items purchased, quantities, delivery method, delivery date/time slot selections, order notes

  • Payment data: payment status, transaction references (we do not store full card details)

  • Account data: username, password (stored securely/hashed), purchase history

  • Technical data: IP address, device/browser info (for fraud prevention, security and site performance)

Why we collect it / lawful basis

  • To process and deliver your order (Contract)

  • To manage accounts, customer service and refunds (Contract / Legitimate interests)

  • To keep records for accounting/tax/legal obligations (Legal obligation)

  • To prevent fraud and protect the Site (Legitimate interests)

2) Delivery scheduling / delivery slots (e.g., Iconic WooCommerce Delivery Slots)

If you select a delivery day or time slot, we store that selection with your order so we can fulfil delivery/collection.

Lawful basis: Contract (to provide the service you requested).

3) Contact forms, enquiries and support

If you contact us (contact form, email, phone), we may collect your name, email, phone number and message content.

Lawful basis:

  • Legitimate interests (responding to enquiries) or Contract (if relating to an order).

4) Comments

If visitors leave comments, we collect the data shown in the comment form, plus IP address and browser user agent to help spam detection. An anonymised hash of your email may be sent to Gravatar to check if you use it. After approval, your profile picture may be visible in the context of your comment.

Lawful basis: Legitimate interests (moderation/spam prevention).

5) Media uploads

If you upload images, avoid uploading images with embedded location data (EXIF GPS). Visitors may be able to download and extract such data.

6) Marketing (email, SMS, promotions)

If you subscribe to marketing, we may collect your email and preferences. You can opt out at any time using the unsubscribe link or by contacting us.

Lawful basis:

  • Consent (for marketing subscriptions), and you can withdraw at any time.

7) Analytics

We may use analytics tools (e.g., Google Analytics) to understand how the Site is used and improve performance. This can involve cookies and online identifiers.

Lawful basis: typically Consent (where required for non-essential cookies) or Legitimate interests for strictly necessary measurement, depending on your cookie setup.

Cookies

Cookies are small files stored on your device. We use cookies for:

  • Essential site functions (cart, checkout, login sessions)

  • Preferences (remembering choices)

  • Analytics (if enabled/consented)

  • Security (fraud prevention, bot protection)

Examples (common WordPress/WooCommerce behaviour):

  • Comment cookies (name/email) may last up to 1 year

  • Login cookies may last 2 days (or 2 weeks if “Remember Me” is selected)

  • If you edit/publish content (admin users), a cookie may store a post ID for 1 day

You can control cookies through your browser settings. If you use a cookie banner/consent tool, you can also manage preferences there.

Embedded content from other websites

Pages may include embedded content (videos, images, maps, etc.). Embedded content behaves as if you visited the third-party site directly. Those sites may collect data, use cookies, and track interactions.

Who we share your data with

We only share personal data when needed to run the store, provide services, or meet legal obligations. This may include:

  • Payment providers (to process payments — we do not receive/store full card details)

  • Delivery / fulfilment partners (to deliver orders)

  • Email/SMS providers (order notifications, and marketing if you opt in)

  • Hosting, security and spam prevention services

  • Analytics providers (if enabled)

If you use WooCommerce extensions, they may store or share personal data with external services — you should disclose the ones you use.

How long we retain your data

We keep personal data only as long as necessary for the purposes described.

Typical retention:

  • Orders and invoices: retained for as long as needed for accounting/tax/legal purposes (often several years)

  • Customer accounts: kept until you delete the account or request deletion (subject to legal retention needs)

  • Enquiries: kept for a reasonable period to manage support and record-keeping

  • Comments: retained indefinitely unless you request removal (where appropriate)

If we can’t state a fixed retention period, we’ll explain the criteria we use.

Your data protection rights

Depending on your location, you may have rights including:

  • Access to your personal data

  • Correction of inaccurate data

  • Erasure (in certain cases)

  • Restriction of processing

  • Objection to processing

  • Data portability (in certain cases)

  • Withdrawal of consent (where consent is used)

You also have the right to complain to the UK Information Commissioner’s Office (ICO).

Where your data is processed (international transfers)

Some of our service providers may process data outside the UK. Where this happens, we use appropriate safeguards required by UK GDPR (such as contractual protections).

Security: how we protect your data

We use appropriate technical and organisational measures to protect personal data, including access controls, secure hosting, and industry-standard security practices.

No method of transmission or storage is 100% secure, but we work to protect your information.

Automated decision-making

We do not make decisions about you using solely automated decision-making that produces legal or similarly significant effects. If we introduce this, we will update this policy.

Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page with the updated date.

Contact

For privacy requests or questions, contact: [PRIVACY EMAIL]

Quick list of placeholders you should fill

  • AREPA’S STATION LIMITED

  • Unit 16 Cave Industrial Estate, Fen Road, Cambridge, England, CB4 1UN

  • hello@arepasstation.com

  • Payment providers you use Stripe/PayPal and Square

  • Email marketing tool: MailPoet

  • Analytics tool: GA4

  • Delivery partners (if any)

X