Last update: 1 June 2020
Welcome to our UK website which includes our subscription service (https://thehealthysnackbox.co.uk/subscribe) and our online “shop” service (https://thehealthysnackbox.co.uk/), as may be amended from time to time (the “Site”). We refer to the Site, all features, functionality and content of the Site as the “Services”. The Services, including the Site are provided in the UK by Healthy Snack Box (“we”, “us”, “our”). For the purposes of UK data protection legislation, we are the data controller.
For your ease of reading we have set out the key sections of the Policy on the left.
Information we collect or receive
When you use the Site, we collect and retain information that you, as a customer or potential customer, provide to us through the Site, as well as information that is automatically or passively collected from you, your device or your browser (the “Information”).
Information that you may provide to us:
- Contact and profile information, including name, email address, postal address (including postcode) and telephone number.
- Account information, including your user name (which may be your email address), password, log-in details, transaction details and successful referrals.
- Credit card information, including the name on the card, card type, card number, expiry date and CV2 is collected and processed by our third-party payment processor. We retain limited credit card information for our records (e.g. the last four digits for validation purposes) but we do not store or retain complete credit card information.
- Your preferences, including ratings you provide in relation to products that are available on the Site and survey responses.
- Communications to us, for example, reporting a problem or submitting queries, concerns or comments regarding the Site, its content or your account.
- Any other content or information you choose to provide, including photos you may upload.
- Details of your visits to the Site, the resources you access and any data you download.
Some of the Information that you provide may include sensitive personal information, such as health-related information relating to your allergies. We need this information to ensure any products you receive meet your dietary preferences.
You are under no obligation to provide any such information. However, if you should choose to withhold requested information, we may not be able to provide you with certain services.
Information that may be automatically collected
We, along with third parties, also may collect information about you, your computer or device and your use of the Service via automated means (for more information about these technologies,. This Information may include:
- Information about your visits to the Site and use of the Services, the resources you access, any data you download and information related to the ways in which you interact with the Site and the Services.
- IP addresses (including the general information in such address, such as city, county and postcode), unique device identifiers, other information about your mobile phone or other mobile device(s), browser types and browser language.
- Referral pages and links (including promotional codes and rewards used), URLs, number of clicks, pages viewed, how long you’re on a page, your search queries and results.
- Information relating to the emails that you have received from us, including whether you have opened and engaged with the email.
- Information about your device, computer and/or browser you use as well as the device’s operating system. This may include your device hardware model, operating system version, or mobile network information.
We may also combine information that we collect from you with information we obtain about you from third parties and affiliates and information derived from any other subscription, product, or service we may provide.
Information from third parties
We may obtain additional information about you from third parties such as marketers, partners, researchers and others, but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
We use the information we receive from these third parties to maintain and improve the accuracy of the records we hold about you, and to offer you products that we believe you would be interested in.
Anonymous, pseudonymous or de-identified data
We may pseudonymise your data through a technique called “hashing”. We may use pseudonymised data with our partners (such as Facebook) to find additional potential customers for our products and services by finding people with similar preferences. These partners will keep the data secure and will only use such data for the purpose for which we provide it to them.
We use your information to better serve you, such as by letting you know about new snacks or other products we’ve added to the graze range that we think you’ll like. Some other examples of how we may use your information include to:
- Process your orders and provide you with the Services (such as sending you your order).
- Customise our Services to you, for instance by establishing your food preferences to facilitate better recommendations.
- Inform you about your scheduled delivery, rewards earned by you on our Site and ask you for feedback on your recent deliveries.
- Provide, operate and maintain, our Services, including, for instance (without limitation) to administer your account, provide you with order and billing information, monitor use of and downloads from the Site.
- Improve the Site and Services for customers, analyse Site usage, investigate complaints or Site operations and identify visitors to the Site.
- Analyse our users’ demographics and track sales data.
- Provide you with personalised offers, rewards, competitions, marketing materials and other promotional materials, both online (via email and through advertisements), offline (via post), and through other marketing channels, such as third party social networks, like Facebook
- To assist us in finding other potential customers similar to you including using social network platforms (but we would never disclose your data in doing so to any of those customers).
- Send you information or content you have requested and develop relevant advertising material for you which will be viewable when you visit the Site or other websites across the Internet.
- Communicate with you and investigate any complaints.
- Perform market research, data analytics and data appends. To accomplish some of these tasks, we may enhance or append other data collected from or about you to the Information we possess.
- Ensure that as an existing customer you are not included on proposed marketing campaigns aimed at attracting new customers.
- Protect against fraud, unauthorised transactions, security issues, claims and other liabilities and manage risk exposure and quality.
- Verify whether you have had a previous account with us to prevent fraudulent take-up of our offers .
- Provide customer support and diagnostic assistance, for instance, by analysing the Information, our Service’s integration with other platforms and the contact information and other materials you submit to us.
- Associate an email address that you have provided to us with previous browsing and purchase experiences. We may be able to make this connection whether you are logged on or not (through use of certain online identifiers, as described in our Cookie Statement), and we will know whether you receive email alerts and will be able to associate this with any other contact information you may have given us.
If you have elected to unsubscribe from marketing communications, we will keep a record of this and ensure that we include your email address on suppression lists to ensure that we do not contact you with marketing communications.
Information sharing and disclosure
We are committed to protecting the privacy and security of your personal information. We will only share it with third parties in accordance with this Policy, or as otherwise required by law.
We may share your personal information in the following ways:
- With trusted service providers, to perform or assist us in performing any of the functions listed in Section 2 (Information Uses), for instance (without limitation) to assist us with email delivery, customer and technology support, hosting services, fraud prevention and marketing, data enhancement, advertising and market research services.
- If you refer a new customer to us or you sign up as a result of a referral, we may share your first name and first initial of your surname with the referred person or person making the referral as set out in the referral program details.
- We also provide analysis of our customers in the aggregate to prospective partners, advertisers and other third parties. We do this so that we and our business partners can understand our customers better and so we can keep bringing you first-rate services. We may also disclose, on an anonymous basis, statements made by our customers such as comments or feedback we receive on our products or Services.
- As we continue to develop our business, we may sell, buy, merge or partner with other companies or businesses, or sell some or all of our assets. In such transactions, your Information may be among the transferred assets or may be shared with the other company or business for purposes of evaluating the transaction.
- We may share your information with third parties with whom we have a contractual relationship.
- We may share your feedback or comments. If you post anything to this Site or through the Services that can be viewed by the general public, we may share that with third parties.
- We may share your information in any other circumstances where we have your consent.
Sometimes, we may combine certain parts or portions of the Information with each other. For instance, when we provide you with customer support or other assistance, we may combine your account information and other personal information you’ve provided to us with information about your usage of the Services.
Cookies are small pieces of information that are issued to your computer when you visit a website and which store and sometimes track information about your use of that website.
Legal basis for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only (i) where we need the personal information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) with your consent. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be for us to operate our platform and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “contact us” heading below.
Email or other electronic marketing
We will only use your email address for marketing when permitted by law. You can opt-out of receiving future communications at any time. Please note, when opting out that you may continue to receive some information from us where this is already in the communication pipeline, typically for up to 48 hours after the date and time you update your account.
If you start to set up an account with us via the Site but do not complete the process or place any orders, then we will email you to find out if you need any help to complete the process. An unsubscribe link is given at the end of this email.
From time to time, we may also contact you by post (unless you have objected to us doing so) with information on special offers or events regarding our products or Services.
Security and retention
We have implemented appropriate technical and organisational measures and security features, as well as internal guidelines, designed to safeguard the privacy of your personal information from loss, alteration, unauthorised access or improper use. Our security and privacy policies are periodically reviewed and we will continue to enhance our security procedures as new technology becomes available. Whilst we cannot ensure or guarantee that loss, alteration, unauthorised access or improper use of information will never occur, we use all reasonable efforts to prevent it.
While we make every effort to ensure that your information is secure on our system, you should bear in mind that submission of information over the Internet is never entirely secure. As a result, we cannot guarantee the security of any information you transmit to us and you do so at your own risk.
Your account information is password-protected for your privacy and security. You can play an important role in keeping your personal information secure by maintaining the confidentiality of your password used on the Site. We recommend that you change your password from time to time for additional security. Please advise us immediately if there is any unauthorised use of your account by any other Internet user or any other breach of security.
Only key members of our personnel have access to personal information. Backups are run to prevent loss of information and our Internet servers are housed in secure facilities.
It is advisable to log out and close your browser when you have finished your user session to help ensure others do not access your personal information if you use a shared computer or a computer in a public place.
Some of the safeguards we rely on to transfer your personal information outside of the EEA include using the European Commission’s approved standard contractual clauses with our suppliers or ensuring that the supplier has approved “binding corporate rules” or (if in the United States) certified to the Privacy Shield.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Your choices and your rights
If you are a customer of ours, we will provide you access to account and usage information which you can access by logging on to your online account. Such information may include:
- Your Service and transaction history.
- Your delivery information (name, email, delivery addresses, first line and postcode of billing address), which you can change at any time.
- Your product ratings, which you can change at any time.
- Your payment information, which you can change at any time.
- Your dietary preferences, which you can change at any time.
- The ability to change your password.
- A list of your successful referrals.
You have the following data protection rights:
- If you wish to access, correct or update your personal information, you will be able to do so via updating your account details on the Site, however, if you are having trouble please write or email us at the details below.
- If you wish to request deletion of your personal information, you can exercise this right by contacting us using the contact details below.
- In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided below.
- You have the right to opt out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe here” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided below.
- Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact the Information Commissioner’s Office.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws
The Site may contain links to external websites. We assume no responsibility for the privacy practices or the content of those websites. Therefore, please read carefully any privacy policies on those websites before either agreeing to their terms or using those websites.
If you have questions or concerns regarding this Policy, please contact us at firstname.lastname@example.org or via post at:
- Data Privacy Team c/o Head of Customer Services
- Unit 24 New Broompark, Edinburgh, Scotland, EH5 1RS
Changes to our policy