1) Who is responsible for your data
Depending on how you use our services and our websites, we might collect the following kinds of information about you:
|Your name and contact details(email address, telephone number, address)||When you place an order
When you enter a competition
When you fill in forms on our website
|The products in your order||When you place an order|
|Information about your membership of our Rewards Programme||When you join the Rewards Programme and earn and spend points|
|More sensitive information about you and about your health(see information below about ‘Sensitive personal data’)||If you explain to us in writing about certain allergies or health conditions|
|Communication we have with you(emails, letters, telephone calls, messages to our online chat service, messages sent to us through our social media platforms, feedback)||When you get in touch with usWhen you respond to our requests for feedback|
|Information about you, your location and how you use our websiteSee more information below under the heading ‘How we use your data to personalise the service we offer you’||When you accept our cookies placed on your deviceWhen you update your account information
When you open our marketing emails
When you click on our banner adverts
When you fill in forms on our website
When you get in touch with us
When you respond to our requests for feedback
When you opt in to receiving messages from us
|Payment card details||We use Bankart Payment to collect/process transaction information. Please visit Bankart’s terms and privacy website.|
If paying by telephone, your card details are never recorded or held by us and are processed by Bankart’s secure facility.
2) Sensitive personal data
Certain kinds of personal data, such as data about your racial or ethnic origin, your physical or mental health, or your religious beliefs, are special categories of personal data which by law require additional protection. We try to limit the circumstances in which we collect sensitive personal data of this kind, but we do collect it if you email us explaining specific concerns, for example:
- i) Allergies or other medical issues that may help us guide you to the best choice of products.
- ii) Religious beliefs that prohibit the use of any particular ingredients.
We will use this data solely to advise you on products that may be suitable for you. We will not use sensitive personal data for future marketing purposes.
3) How we use your personal data
We can only use your personal data if we have a proper reason for doing so. According to the law, we can only use your data for one or more of these reasons:
- i) To fulfil a contract we have with you, or
- ii) If we have a legal duty to use your data for a particular reason, or
- iii) When you consent to it, or
- iv) When it is in our legitimate interests.
Legitimate interests are our business or commercial reasons for using your data, but even so, we will not unfairly put our legitimate interests above what is best for you.
In the table below, we have set out the different ways in which we use your personal data and the reasons we rely on for using that data.
If we rely on our legitimate interests for using your personal data, we will explain that to you.
What we use your personal data for
Legal grounds for using it
Our legitimate interests
(See more detail below under the heading ‘How we use your data to personalise the service we offer you’)
4) How we use your data to personalise the service we offer you
- i) to help us communicate with you. We use information about where you are, for example, to provide content in the most appropriate language
- ii) to identify you when you access our websites from different devices
- iii) to identify your likes and dislike. We look at which of our website pages you visit most to understand what you are most interested in.
- iv) to help you complete a purchase. If you are in the process of placing an order but you leave the checkout path before your order is finalised, we may with your consent contact you to help you to finalise your order.
For more information about cookies and how you can manage cookies and remove them, please refer to our Cookies Policy.
5) Marketing: How to manage the marketing messages you receive
We may send you marketing communications by email if you have indicated that you are happy to receive such emails [or if you have placed an order with us and you have not told us that you no longer wish to receive marketing emails]. Our marketing communications include information about our new and existing products, special offers we think you might like and articles or news which we think might interest you.
You can opt out of receiving marketing emails at any time by clicking on the unsubscribe link which we include in all our marketing emails.
Please note that if you tell us that you do not wish to receive marketing emails, you will still receive service emails which are necessary for example to confirm your order or to update you on the status of your parcel delivery. We will use the contact details you give us when you place your order (either your mobile telephone number, your email address or both). This is so that we can perform the contract we have with you.
Please note that if you ask us to stop sending marketing emails, we will keep a note of your personal information and your request so that we can make sure you are excluded from the emails when they are sent out.
6) How long we keep your data
We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide your order to you, for our own legitimate interests (described above) or so that we can comply with the law.
We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.
7) How we protect your data
We protect your personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction.
We use technical measures such as encryption (SSL) to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to the databases in which information is held.
We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.
8) Sharing your data
We share some of your personal data with, or obtain personal data from, the following categories of third parties:
- Government authorities such as Trading Standards: We sometimes have to provide your personal data to trading standards to illustrate compliance with our legal and regulatory obligations.
- Suppliers who provide services to us: For example, we will share your data with the company which delivers your parcel. We will make sure that our suppliers respect your personal data and comply with data protection laws.
- Data analytics companies and advertisers: Depending on your cookies settings we may share a limited and pseudonymised (or partially anonymised) version of your data with other advertisers, or add to your data other information which we have received from third party advertisers. For more information about this process, please see our Cookies Policy.
- Your credit and debit card information: In order to process payments and prevent and detect fraud, we process payment card data through our payment card and fraud management services providers.
9) Sending data outside of the European Economic Area
We will only send data outside of the European Economic Area (‘EEA’) to work with our agents who we use to deliver services to you or to comply with a legal duty. If we do transfer data outside the EEA, we will make sure that it is protected in the same way as if it were being used in the EEA.
10) Your rights
You are entitled to see copies of all personal data held by us and to amend, correct or delete such data. You can also limit, restrict or object to the processing of your data.
If you gave us your consent to use your data, e.g. so that we can send you marketing emails, you can withdraw your consent. Information about how to stop receiving marketing communications is set out above under the heading ‘Marketing: How to manage the marketing messages you receive’. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your data before you withdrew your consent.
You can object to our use of your data where we rely on our legitimate interests to do so. We explained the legitimate interests we rely in the table above under the heading ‘How we use your personal data’.
When you get in touch, we will come back to you as soon as possible and where possible within one month. If your request is more complicated, it may take a little longer to come back to you but we will come back to you within two months of your request. There is no charge for most requests, but if you ask us to provide a significant about of data for example we may ask you to pay a reasonable admin fee. We may also ask you to verify your identity before we provide any information to you.
Please note that you have the right to lodge a complaint with the supervisory authority which is responsible for the protection of personal data in the country where you live or work, or in which you think a breach of data protection laws might have taken place.
12) Contact Us