Who we are
Our website address is: https://myfresh.delivery.
Introduction
This privacy notice describes how myfresh.delivery (“We”) collect and use the personal information of our customers and prospective customers in accordance with the General Data Protection Regulation (GDPR) and other relevant legislation.
To give you the best possible organic experience we need to gather data. We want to be transparent about why we need the personal details we request when you engage with us and how we will use them.
We will protect the privacy and security of your personal information and will always take all reasonable steps within our power to keep your information safe.
Please read this policy carefully, along with our Terms and Conditions and any other documents referred to within this notice to understand how we collect, why we use, and how we store your personal information.
By providing us with your personal information, you consent to the collection and use of any information you provide in accordance with this privacy policy.
Data protection principles
We comply with the principles of data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
For the purpose of the General Data Protection Regulations (GDPR) the data controller is myfresh.delivery contactable on 07437 311497.
What personal data we collect and why we collect it
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection.
We collect information every time you interact with us. The information we may collect from these interactions may include, but is not limited to:
- Information you give to us
- By corresponding with us by phone, email, in person or otherwise
- By subscribing to our service
- By placing orders on our site
- By entering competitions, promotions or surveys
- By responding to one of our mailings
The information we collect may include: Your name, address, email address, telephone number, payment information, login information (customers), shopping preferences including products, dietary (vegetarian, vegan) and Veg Alerts.
- Information we collect when you interact with our site or app
- By filling in forms on our site or sites we control including our restaurants
- By filling in forms at shows, events or one of our restaurants
- By corresponding with us by phone, email, in person or otherwise
- By subscribing to our service
- By placing orders on our site
- By entering competitions, promotions or surveys
- By responding to one of our mailings
- When you participate in social media functions (e.g. comment, share or review stories, products or blogs)
- When you report a problem with our site or app
The information we collect may include: Your internet protocol (IP) address, browser type and version details, time zone settings, browser plug-in types and version, your operating system and platform, the pages you visit, for how long and the actions you perform, page response times, your browser cookies, your shopping preferences and other areas of interest to you.
- Information we receive from other sources
- If you consent to hear from us on other sites
- If you subscribe to our service via one of our franchisees
- If we require information to execute a contract
- When you visit one of our sites or restaurants we may collect CCTV footage for security purposes only
The information we collect may include: Your name, address, email address, telephone number, payment information, login information (customers), Payment card verification and CCTV footage.
Legal basis we rely on to collect information
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
- To fulfil a service: We use your information to execute contracts or services that you have entered into. This includes communications relating to your order, deliveries and payments via phone, email and SMS (for example to let you know if a delivery is delayed or payment has failed). In order to process and fulfil your order, we may need to share your information with our payment processors (eg to collect payment).
- When you consent: We may use your personal information and order history to tell you about relevant products, events, competitions and news. For example, when you sign up to a newsletter or tell us you want to hear from us by completing your preferences. You can ask us to stop sending you marketing messages by contacting us at any time. If you change your mind you can update your choices at any time by logging into your account or contacting us.
- If we have legitimate interest: The GDPR defines legitimate interest as a reasonable business or commercial interest for processing your personal information. For example, sending a direct mail when a product you previously ordered is back in season, improving the service we provide or to follow our ethical and environmental ethos.
What we use your data for and the legal basis which applies
-
Service
- To process your orders and services requested from us
- To respond to your queries, complaints or refund requests
- To keep a record of your relationship with us and your information up to date
- To process payments
- To remind you of your order cut-off deadline to enable you to place, amend or cancel an order
- To let you know when you have an unconfirmed order in your basket.
- To let you know about changes to your order or deliveries
- To let you know about changes to our service (eg delisting products)
- To check if you’d like to keep your account open after a period of no orders.
- To contact you by phone if we notice unusual activity in your account such as a significantly larger order than your regular order
-
Consent
- To invite you to events and cookery classes and process your bookings
- To tell you the contents of next week’s boxes so that you can plan your weekly grocery shop
- To tell you about relevant new products and services you may be interested in based on your buying history
- To tell you when a product you have purchased in the past is back in season
- To administer competitions and promotions
- To keep you informed about the ethical and environmental work you are supporting (eg being fair to farmers)
-
Legitimate interest
- To protect our website and our customers (eg to investigate phishing or fraudulent activity)
- To exclude you from online advertising and avoid unnecessary spend on marketing
- To develop and improve our systems (eg pages you visit to investigate any problems you encounter with our site)
- To send you requests for feedback via surveys to help improve our service
- To build a picture of who are current customers are and what they like, to inform our business decisions (eg to identify food trends or locate potential new customers in different areas of the UK)
- To ensure the content on our site or app is presented effectively for your device and is secure
- To measure and understand advertising effectiveness through research and analysis
- To automatically customise the contents of our website, emails or other channels based on the data we hold about you (for example showing you strawberries if you previously purchased them)
- To contact you by phone if we notice unusual activity in your account such as a significantly larger order than your regular order
- To contact you by phone if you cancel all orders to understand your reasons for leaving myfresh.delivery
- To contact you by phone periodically if you choose to keep your account open but without placing an order, for up to 36 months. All calls are screened against the TPS (Telephone Preference Service)
Who we share your information with
Sometimes we may share your data with trusted third parties for the legal bases defined above (service, legitimate interest and consent).
An additional basis of ‘legal compliance’ applies here. We have a duty to pass on information to law enforcement agencies, if we become aware of people involved in fraud, non-payment or other criminal activity.
Who we share your data with, how we protect it and your rights.
- We use an external email platform provided by mailchimp to fulfil our marketing communication needs. Mailchimp adheres to the GDPR when processing data for customers operating within the EU.
- We use Trustpilot and Facebook to gather independent online reviews. Your name and email address may be sent to Trustpilot . This method ensures that Trustpilot delete your information after 30 days.In accordance with the GDPR, Trustpilot automatically delete your personal details after 30 days. If you leave a review, Trustpilot becomes the controller of that information under the terms of their own privacy policy.
- Online advertisers and platforms such as (Google, Twitter, LinkedIn and Facebook) to show you relevant information about our products. The processing is completed using pseudonymised (subjected to a technical process which replaces your data with codes, so it is unidentifiable to anyone without additional information) email addresses to protect your privacy.As a customer you can consent or opt out from online marketing by updating your communication preferences in your account (this may take up to 30 days to process). Read more about how ads are displayed on each platform and how to control your data:
- We use Facebook’s services to identify people similar to our current customers. This is the most cost-effective way for us to show Facebook users matching that profile messages and gain new customers. The processing is completed using pseudonymised (subjected to a technical process which replaces your data with codes, so it is unidentifiable to anyone without additional information) email addresses to protect your privacy.As an ethical business that uses profits to invest back into protecting the environment, it is our legitimate interest to take all reasonable steps to acquire new customers whilst avoiding unnecessary cost.
- Selected business partners you consent to hear from (for example when we run joint competitions with companies matching our ethics). If you enter a joint competition and tick a box agreeing that our partner can send you promotional information directly, we will share your information via the legal basis of consent which will be gained each time you enter a competition.The third party will have their own Privacy Policy
We only provide third parties with the information they need to perform the exact services we specify in our contract with them and we never sell your data to third parties. We work closely with them to ensure that your privacy is respected and protected at all times. If at any time we stop using third party services, any information held by them will either be deleted or rendered anonymous.
Where we keep your information
The data that we collect from you is stored within the European Economic Area (“EEA”). We take all reasonable steps necessary to ensure that your data is treated securely and in accordance with this privacy policy. Where we share your data with third parties, that information may be held outside of the EU but remains under the jurisdiction and strict principles of the GDPR.
All information you provide to us is stored on our secure servers, except payment card information. To maintain the highest level of security, we never store or have visibility of your card details. We use a method called client-side encryption to take your card details. This means that your card details are encrypted on your device before they are sent to us. This encrypted format is sent to our payment provider (Stripe) ensuring that we are never able to see your card details.
Our payment provider gives us a ‘token’ which can only be used to take payment from your card to a bank account. If this token were stolen, it would be of no value to anyone else; it can only be used by us to take a payment from your card.
All transactions and communication between your browser and our website are encrypted using TLS (Transport Layer Security protocol). Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. Do not share your password with anyone and change it regularly. We recommend changing your password at least every three months.
From time to time, our website may contain links to third party websites. If you follow a link to any of these websites, please note that they will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
How long we keep your data for
We will hold your personal information on our system for as long as is necessary for the processing of our contractual obligations with you or when you give consent for us to keep your account open.
We keep your account open for a period of 37 months after your last order or last delivery. During this time, we will continue communicating with you as outlined by this policy unless you actively close your account or update your preferences.
At 36 months after your last order, we will email you to check if you’d like to keep your account open and continue hearing from us. If you do not respond, we will remove your details from our active database and you will no longer receive any communication from us. If your account is closed either as part of our retention or as a request under Article 17 of the General Data Protection Regulation your personal information will be held securely on a deactivated basis for the remainder of our legal obligations to meet government financial and audit regulations for a maximum of 7 years unless there is an extended legal basis to retain for longer.
Your rights and how to activate your rights
- To ask us not to process your data for marketing purposes
- Update your preferences online (requires login). Changes may take 24 hours to come into effect.
- Email: admin@myfresh.delivery
- Call us on: 07437 311497
- The GDPR requires us to act upon the request within one month of receipt.
Changes to this policy
This policy was last updated on 23rd April 2020.
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
Got a question?
If you have any questions that haven’t been covered, please contact our Data Protection and Compliance Officer who will be pleased to help you:
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]