We use your data to ensure our shop is secure, fast, and seamless so that you can order with confidence and easily find what you need for birds and other garden animals.

• Operation & improvement: we process what is necessary for login, shopping cart, checkout, and delivery, and collect limited data to improve the site daily.
• Marketing on your terms: personalisation and (re)marketing are only performed with your consent. Without consent, the site remains fully functional.
• Your choice: through Cookie Settings, you can select by category and update your preferences at any time. We never sell your data, retain it only as needed, and respect all your GDPR rights.

We are CJ Wildbird Foods Europe B.V. (trading as “Vivara”). In this Privacy Statement, we act as the data controller for processing your personal data within the EU/EEA. Depending on your location and service, affiliated Vivara entities may also be involved.

For UK activities, CJ WildBird Foods Ltd is the controller. In this document, “Vivara,” “we,” “us,” or “our” refers collectively to CJ Wildbird Foods Europe B.V. and affiliated European entities.

This policy applies when you, as a (prospective) customer, supplier, or business partner:

• Use our websites/webshops,
• Conduct business with us, or
• Communicate with us in any other way.

Our online platforms include, but are not limited to, Vivara.ie and international variants (e.g., .de, .at, .fr, .be, .nl, .se, .dk, .no). The UK has a local site (birdfood.co.uk), where processing is under CJ WildBird Foods Ltd.

EU/EEA privacy inquiries: privacy@vivara.com or by post (contact details below).

Age: our services target adults. Users under 16 need parental/guardian consent for marketing permissions (e.g., newsletters, marketing cookies).

Personal data includes any information relating to an identified or identifiable individual, directly (e.g., name, email) or indirectly (e.g., customer number, online identifiers).

When visiting our website, ordering products, contacting customer service, or doing business with Vivara, we process personal data as necessary.

Examples: name, address, postcode, email, phone, order and account information. Technical and online identifiers (IP address, device/browser characteristics, user/session IDs, cookie IDs) may also be processed (see: Cookie Statement).

“Processing” includes collection, recording, organising, storage, updating, consultation, use, sharing, securing, and deletion.

Legal basis may include: contract performance, legal obligation, legitimate interest, or consent (which can be withdrawn at any time, without retroactive effect).

More on personal data: United Kingdom Data Protection law.

We process personal data only for clearly defined purposes. Non-essential processing via cookies, pixels, scripts, or tags is only performed with your consent. Other processing is based on contract performance, legal obligations, or legitimate interest (careful, secure, efficient operations).

Key processing purposes & legal basis:

3A. Security & fraud prevention

We process data to prevent abuse and fraud, reduce security risks, and ensure website, system, and payment reliability.

Examples: login/session security, IP/device signals, anti-bot measures, transaction/return anomalies.

Legal basis: legitimate interest; where applicable, legal obligation.

Sharing with authorities: only if legally required.

3B. Recruitment at Vivara

Processing applicant data to evaluate applications, communicate regarding the process, and, if applicable, make offers.

Data: ID/contact info, CV, motivation, qualifications, role/location preferences.

Legal basis: pre-contractual, legitimate interest, legal obligations where applicable.

Recruitment may occur via external ATS platforms, with separate notice.

3C. Communication & business inquiries

Processing data when you contact us (forms, email, phone, chat) or request a quote.

Legal basis: contract/pre-contract steps; legitimate interest.

3D. Account creation & management

Processing data to create/manage accounts.

Data: name, address, email, phone; business accounts: company/type.

Login credentials encrypted.

Legal basis: contract; legitimate interest (misuse prevention/management).

3E. Newsletters & email marketing

We use data to inform you of offers, actions, and news related to biodiversity, garden animals, and products.

Legal basis: consent (withdrawable at any time).

Existing customers (soft opt-in): email may be used for similar products, provided no opt-out.

3F. Website visits, cookies & (re)marketing

Cookies and similar technologies are used for technical/functional site management, performance improvement, and, with consent, analysis, personalisation, and marketing.

Data: IP, geolocation, customer/session/cookie IDs, OS, browser/device, site interactions.

Legal basis: strictly necessary/functional cookies – legitimate interest; analytical/marketing – consent only.

Certain cookies and similar techniques are always on. These are essential for correct functioning of the site and the service requested by you (such as logging in, shopping basket, checkout, security and consent logging). They can process limited personal data (e.g. session or device ID and a (shortened) IP address), but are not used for marketing.

We use analytical cookies to collect aggregated statistics about use and performance of our website, and for quality improvement and experiments (such as user research and A/B tests). Online identifiers (e.g. user/session ID, (shortened) IP address and cookie ID) are used for aggregated insights and not to build individual profiles for marketing. Personalisation based on behaviour (e.g. more specific offers) falls at Vivara under marketing/personalisation and happens only with your consent. For analytics we use, among others, Google Analytics 4 and, solely after your consent and with masking where possible, among others, Microsoft Clarity for session insights.

GA4 is configured privacy-friendly (among others no storage of raw IP addresses and no names/email addresses to GA4). The use of GA4 data by Google is limited by the terms of Google. Data are not combined with other Google services (such as Google Ads) for personalised advertisements, unless you give consent for that. With Google Consent Mode v2 our site respects your choice: without analytical/marketing consent no analytics/marketing cookies are placed and only, where technically possible, cookieless signals go out for limited, aggregated measurement.

With your consent we use marketing and social media cookies/pixels to show you more relevant advertisements and also to communicate with you outside our website. This includes first-party tags and third-party tags of advertisement and social media platforms. Our partners may, solely on the basis of your choice, process online identifiers (e.g. cookie ID, device/session ID) and, only if you explicitly allow that, hashed email addresses for the creation of audiences (e.g. Custom/Matched Audiences). Examples of providers that (depending on your choice and country/market) can be used on among others but not exclusively: Google (Ads/YouTube), Meta (Facebook/Instagram), Microsoft Advertising (Bing), AWIN (affiliate attribution), and, where relevant, other advertisement platforms such as e.g. Pinterest etc. and partners. The processing by these external parties falls under their own privacy and cookie policy.

• We never sell your data! And we share personal data only when that is necessary (e.g. for the purposes described above, with appropriate safeguards). Categories of recipients:
• Delivery and logistics partners;
• Payment service providers and fraud/risk partners;
• IT/hosting, analytics, A/B test and security service providers;
• Marketing and advertisement partners (incl. affiliate networks and social media platforms, only with consent for marketing);
• Customer service and communication platforms (e.g. email/ticketing);
• Professional advisers (legal, financial) and, where required, supervisors/authorities.
• With processors we conclude processing agreements that comply with the GDPR.

For concluding and executing a purchase agreement we need certain data (such as name, delivery address, contact and payment data). If you do not provide these, we cannot process or deliver your order. For marketing provision is voluntary; without consent you receive no personalised marketing and marketing cookies remain off.

We receive personal data in the first place from you. In addition, we can, depending on your settings and the channel, receive limited data via (i) affiliate/advertisement partners for attribution and reporting, (ii) delivery and payment service providers for the status of delivery/payment, and (iii) our customer service suppliers for contact handling. In all cases applies that we only receive what is necessary for the purpose.

We retain personal data only as long as that is necessary for the purposes for which we have obtained them or as long as this is legally required. Afterwards we delete or anonymise the data. Do you have a Vivara account, then we retain the data that are necessary to let you log in and use our services as long as your account is active. After cancellation or prolonged inactivity we retain a limited set of account data for up to 24 months for support, abuse prevention, administration and legal retention. Online data that are collected via cookies or similar techniques we retain according to the retention period per cookie/technique as visible in Cookie settings and explained in our Cookie Statement.

Depending on the service your personal data can be stored and/or processed on secured servers within the EU/EEA (and for UK activities under responsibility of CJ WildBird Foods Ltd in the Netherlands and the United Kingdom). We work only with reliable suppliers who offer contractual guarantees and apply appropriate security standards (e.g. ISO 27001). If data are processed outside the EEA, we apply appropriate safeguards (such as the EU-US Data Privacy Framework or EU standard contractual clauses with additional measures). Where possible we use geo-redundant storage within the EU and limit international transfers to what is necessary.

We process personal data in line with the GDPR and e-privacy rules and ensure the principles of article 5 GDPR (among others lawfulness, purpose limitation, data minimisation, accuracy, storage limitation and integrity and confidentiality). Within our web shop we use a secured TLS/SSL connection. We take appropriate technical and organisational measures, such as encryption (in transit and, where appropriate, at rest), access control on need-to-know basis (MFA/role-based access), logging & monitoring, patch and vulnerability management, backups & recovery plans, segmentation of systems, periodic training and DPIAs where necessary. Suppliers are assessed via processing agreements, transfer safeguards (such as SCCs/DPF) and requirements around information security (e.g. ISO 27001/SOC reports).

Despite our security measures, a security incident may occur. Vivara follows a data breach procedure: we immediately detect, investigate, and mitigate each incident, and document its nature, (potential) consequences, and corrective/preventive measures. We maintain a register of all (potential) personal data breaches, even if they do not ultimately require notification. If a notifiable breach occurs, we will report it without undue delay—and where possible within 72 hours—to the Dutch Data Protection Authority. If the incident is likely to result in a high risk to individuals, we will also inform the affected parties without undue delay.

• On the basis of the GDPR you have among others:
• Right to information and access;
• Right to rectification;
• Right to data erasure (“right to be forgotten”);
• Right to restriction of processing;
• Right to portability of data (data portability);
• Right of objection (art. 21 GDPR), you can at any time object to processing on the basis of legitimate interest AND to processing for direct marketing (including profiling for direct marketing);
• Right to withdraw previously given consent (e.g. cookie/marketing choices via Cookie settings and newsletters via the unsubscribe link in every email);
• Right not to be subjected to solely automated decision-making with legal effects or similar significant consequences.

We handle personal data carefully and improve our service provision continuously.

Do you have questions, remarks, or do you want to file a complaint? Then we are happy to help you. Did you know that via your account settings you can view, correct or delete everything? Are you not yet helped with this or do you have other privacy questions? Then feel free to ask your question via mail privacy@vivara.com (or by letter: see the contact details at the bottom of this policy).

Email: privacy@vivara.com

Post:

• CJ Wildbird Foods Europe B.V.,
• Energieweg 16,
• 5804 CE Venray,
• The Netherlands

Amended as laws, regulations, or processing practices change.

Last updated: 1 October 2025