Privacy policy
Last Updated: May 2026
This Privacy Policy describes how nuwe solutions (trading as Finally.) (referred to as "we", "us", or "our") collects, uses, shares, and protects your personal data when you visit our website, purchase our food products, or otherwise interact with us.
We act as the Data Controller in respect of your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. INFORMATION WE COLLECT
We collect and process different types of personal data depending on how you interact with us:
- Identity & Contact Data: Name, billing address, delivery address, email address, and telephone number.
- Transaction Data: Details about payments to and from you, and details of food products you have purchased from Finally. (Note: We do not store your raw credit/debit card details; these are handled by our secure, PCI-DSS compliant payment processors).
- Technical & Usage Data: IP address, login data, browser type, time zone setting, location data, operating system, and how you use our website.
- Health & Dietary Data (Special Category Data): If you contact our customer support team or provide feedback regarding food allergies, intolerances, or specific medical dietary requirements, you may choose to provide us with health data.
- Marketing & Communications Data: Your preferences in receiving marketing from us and your communication preferences.
2. HOW WE USE YOUR PERSONAL DATA & OUR LAWFUL BASIS
Under the UK GDPR, we must have a specific "lawful basis" to process your data. We use your personal data for the following specific purposes:
To register you as a new customer * Data used: Identity & Contact Data
- Lawful Basis: Performance of a contract with you.
To process and deliver your food orders, manage your payments, and collect money owed to us * Data used: Identity, Contact, Financial, and Transaction Data
- Lawful Basis: Performance of a contract with you.
To comply with Food Safety Laws (such as executing a product batch recall, managing allergy incidents, or maintaining mandatory supply-chain traceability)
- Data used: Identity, Contact, Transaction, and Health Data (if applicable)
- Lawful Basis: Legal Obligation under the Food Safety Act 1990 and General Food Regulations 2004.
To notify you about changes to our terms, conditions, or privacy policy * Data used: Identity, Contact, and Profile Data
- Lawful Basis: Performance of a contract or a Legal obligation.
To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, and fraud prevention)
- Data used: Technical, Identity, and Contact Data
- Lawful Basis: Legitimate Interests (for running our business and securing our network).
To send you marketing and promotional updates * Data used: Identity, Contact, and Marketing Data
- Lawful Basis: Consent (if opting-in via our website) or Legitimate Interests (soft opt-in for existing customers who have bought from us before).
A Note on Allergy and Health Data (Special Category Data)
If you voluntarily share details of food allergies or medical conditions with nuwe solutions, this is classified as Special Category Data. Our legal basis for processing this data is your Explicit Consent or for reasons of Public Interest in the Area of Public Health (to ensure the safety of our food products and comply with allergen labeling laws under UK Food Information Regulations).
3. WHO WE SHARE YOUR PERSONAL DATA WITH
We do not sell your data. We may share your personal data with selected third parties strictly for the operational reasons outlined below:
- Third-Party Service Providers: eCommerce platforms (e.g., Shopify), payment gateways, and IT/system administration services.
- Delivery & Logistics Companies: Couriers and postal services handles your name and delivery address to fulfill your food orders.
- Professional Advisers: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
- UK Food Safety & Regulatory Authorities: We may be legally compelled to share batch transaction data, contact details, or incident reports with the Food Standards Agency (FSA), Trading Standards, or local Environmental Health Officers (EHO) in the event of a food safety investigation or mandatory product recall.
- Law Enforcement / Tax Authorities: HM Revenue & Customs (HMRC) and UK law enforcement agencies where legally required.
4. INTERNATIONAL DATA TRANSFERS
Some of our third-party service providers (such as website hosts or email marketing tools) may be based outside the United Kingdom (UK). Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We transfer your data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government.
- We use specific UK International Data Transfer Agreements (IDTA) or Standard Contractual Clauses (SCCs) approved for use in the UK, which give personal data the same protection it has in the UK.
5. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.
We have established procedures to deal with any suspected personal data breach and will notify you and the Information Commissioner’s Office (ICO) of a breach where we are legally required to do so.
6. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or regulatory reporting requirements.
- Order & Tax Data: By UK tax law, we must keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers.
- Food Safety & Traceability Records: We retain transaction and batch distribution records in alignment with UK statutory periods for food traceability and product liability claims.
7. YOUR LEGAL RIGHTS
Under the UK GDPR, you have the following rights in relation to your personal data:
Request access to your personal data (commonly known as a "data subject access request").
- Request correction of any incomplete or inaccurate data we hold about you.
- Request erasure of your personal data (subject to exceptions where we have a legal obligation to retain it, such as tax or food safety law).
- Object to processing of your personal data where we are relying on a legitimate interest.
- Request restriction of processing of your personal data.
- Request the transfer of your personal data to you or a third party (data portability).
- Withdraw consent at any time where we are relying on consent to process your personal data (e.g., direct marketing).
If you wish to exercise any of these rights, please contact nuwe solutions using the details below. We do not charge a fee to respond to these requests and aim to reply within one month.
8. COOKIES
Our website uses cookies to distinguish you from other users of Finally. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.
9. CONTACT US AND COMPLAINTS
If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
Legal Entity Name: nuwe solutions
Trading As: Finally.
Email Address: hello@finallyketo.com
Postal Address: Unit 30 Bryggen Road, North Lynn Industrial Estate, King’s Lynn, PE30 2HZ
Telephone Number: 01446501195
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.