This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
2. About Us
Cottom Foods are committed to protecting your privacy. We will only use the information that we collect about you lawfully (in accordance with the Data Protection Act 1998 and General Data Protection Regulation 2018) and according to the Web Trader Code of Practice.
Our commitment to you
We take the protection of your personal data seriously and will process your personal data fairly, lawfully and transparently.
We will only collect and use your personal data for the following purposes, to:
- keep you up to date with the latest offers and trends
- help us to make our marketing more relevant to you and your interests
- improve our services
- meet our legal responsibilities
3. Legal Framework
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters.
When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
In certain circumstances, we need your personal data to comply with our contractual obligations.
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity affecting Cottom Foods to law enforcement.
4. Personal Data We Collect
Personal data means any information about an individual from which that person can be identified. It does not include anonymised data, where the identity and identifying information has been removed.
While our website is designed for a general audience, we will not knowingly collect any data from children under the age of 13 or sell products to children. If you are under the age of 13, you are not permitted to use or submit your data to the website.
The following groups of personal data are collected:
Identity Data includes information such as: first name, last name, title and date of birth (optional).
Contact Data includes information such as: email address, billing address, delivery address, location, country, telephone number, and social media id (if you log in by social media).
Technical Data includes information such as: details of the device(s) you use to access our services, your internet protocol (IP) address, login data, your username and password, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
Usage Data includes information such as: how and when you use our website, how you moved around it, what you searched for; website performance statistics, traffic, location, weblogs and other communication data; and details of any other Cottom Foods products and services used by you.
Marketing and Communications Data includes information such as: your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
5. How We Collect Your Data
We may collect personal data about you in the following ways:
- Direct interactions – you may give us your Identity, Contact, Financial, Transaction, Profile, and Marketing and Communications data (as described above) by filling in forms, entering information online or by corresponding with us by post, phone, email, and telephone or otherwise. This includes the personal data you provide, for example, when you:
- Subscribe to our newsletter, social media sites or create wish lists;
- Enter a competition;
- Complete a voluntary market research survey;
- Contact us with an enquiry or to report a problem (by phone, email, social media, or messaging service);
- When you log in to our website via social media.
- Automated technologies or interactions – as you interact with our website, we may automatically collect the following types of data (all as described above): Technical Data about your equipment, Usage Data about your browsing actions and patterns, and Contact Data where tasks carried out via our website remain uncompleted, such as incomplete orders or abandoned baskets. We collect this data by using cookies, server logs and other similar technologies.
- Third parties – we may receive personal data about you from various third parties, including:
- Technical Data from third parties, including analytics providers such as Google. Please see further information in the section entitled ‘Marketing preferences, adverts and cookies’.
- Technical Data from affiliate networks through whom you have accessed our website;
- Identity and Contact Data from social media platforms when you log in to our website using such social media platforms;
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
6. How and Why We Use Your Data
We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you.
We then use this to offer you promotions, products and services that are most likely to interest you. In the case of gourmet club members, we’ll also offer you relevant rewards. For example, we ask for your birthday (optional) in the ‘members area’ so that we can provide you with a tailored birthday offer.
The data privacy law allows this as part of our legitimate interests in understanding our customers and providing the highest levels of service.
Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
The legal basis for processing your personal data
We will only collect and process your personal data where we have a legal basis to do so. As a data controller, the legal basis for our collection and use of your personal data varies depending on the manner and purpose for which we collected it.
We will only collect personal data from you when:
- we have your consent to do so, or
- we have a legal obligation to collect or disclose personal data from you.
Uses made of your personal data
Your personal data is used by Cottom Foods to support a range of different activities. These are listed in the table below together with the types of data used and the legal bases we rely on when processing them, including where appropriate, our legitimate interests. Please be aware that we may process your personal data using more than one lawful basis, depending on the specific activity involved.
7. How do we protect your personal data?
We know how much data security matters to all our customers. With this in mind, we will treat your data with the utmost care and take all appropriate steps to protect it.
We have appropriate organisational safeguards and security measures in place to protect your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
• We secure access to all transactional areas of our websites using ‘https’ technology.
• Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.
• We require any third party who is contracted to process your personal data on our behalf to have security measures in place to protect your data and to treat such data in accordance with the law.
In the unfortunate event of a personal data breach, we will notify you and any applicable regulator when we are legally required to do so.
8. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
9. How we share your data
We may disclose and share your personal data with the parties set out below:
- where you have consented for us to do so. For example, if you have consented to receive marketing materials from third parties, or in respect of third parties’ (including co-branded or jointly promoted) products and services, we may pass your data on to the relevant third parties for the purpose of sending you such marketing communications;
- to business partners, suppliers, sub-contractors and other third parties that we use in connection with the running of our business for the purposes set out in the table above in the section ‘How we use your data’, such as;
– third party service providers that we engage to provide IT systems and software, and to host our website;
– third party service providers that we engage to send emails and postal mail on our behalf including in relation to incomplete orders or abandoned baskets, or marketing communications, to provide data cleansing services and to provide marketing and advertising services;
– analytics and search engine providers that assist us in the improvement and optimisation of our website;
– affiliate networks through whom you have accessed our website;
- to any third party to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- to protect our customers and website from fraud and theft, we may share personal data that is required to make identity checks and personal data that we obtain from making identity checks (including data relating to your age, name and location), together with account information, with organisations (including law enforcement agencies), involved in fraud prevention and detection and credit risk reduction. Please note that these third parties may retain a record of the information that we provide to them for this purpose;
– if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or
– to our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
– If we intend to transfer your information outside the EEA (European Economic Area) we will always obtain your consent first.
10. Marketing preferences, Adverts and Cookies
Marketing – your preferences
We may send you marketing communications and promotional offers:
- if you have opened an account with us or registered for a promotion or event, and you have not opted out of receiving that marketing (in accordance with your preferences, as explained below);
- by email if you have signed up for email newsletters;
- if you have provided us with your details when you entered a competition and you have consented to receiving such marketing (in accordance with your preferences, as explained below).
We may use your Identity, Contact, Technical, Transactional, Usage, Profile Data and Marketing and Communications Data to form a view on what we think you may like, or what may be of interest to you, and to send you details of products and offers which may be relevant for you.
We will ask you for your preferences in relation to receiving marketing communications by email, post, SMS and other communication channels.
In respect of third party marketing communications, we will obtain your express opt-in consent before we share your personal data with any third party for marketing purposes.
You will always have full control of your marketing preferences. If you do not wish to continue receiving marketing information from us (or any third party, if applicable) at any time:
- you can unsubscribe or ‘opt-out’ by using the unsubscribe button and following the link included in the footer of any marketing email; or
- account holders may withdraw their consent by simply logging in to Members Area and editing your ‘Preferences’.
We will process all opt-out requests as soon as possible, but please note that due to the nature of our IT systems and servers it may take a few days for any opt-out request to be implemented.
What are Cookies?
Cookies are text files containing small amounts of information which allow our site to recognise your device and are downloaded to your device when you visit a website if you agree to the site doing so. Cookies are then sent back to the website on each subsequent visit, or to another website that recognises that cookie.
Cookies are useful because they allow a website to recognise a user’s device and are widely used in order to either make websites, work more efficiently, let you navigate between pages, remember your preferences, and generally improve your user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
Change Browser Settings
If you don’t change your browser settings and continue to use our site, we will assume that you consent to us continuing to download cookies onto your device.
Whether or not you allow us to download cookies is up to you, but if you choose to disable cookies by changing your Browser Settings, our Website and its features may not necessarily work in the same way or produce the same personalised experience. If you delete all of your cookies, you will have to update your preferences with us again. If you use a different device, computer profile or browser you will have to tell us your preferences again.
We use online advertising to keep you aware of what we’re up to and to help you find our products. Like many companies, we may target Cottom Foods banners and ads to you when you use other websites and apps, based on your Contact, Technical, Usage and Profile Data. We do this using a variety of digital marketing networks and ad exchanges, and a range of advertising technologies such as web beacons, pixels, ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience Service.
Our use of analytics and targeted advertising tools
We use a range of analytics and targeted advertising tools to display relevant website content on our website and online advertisements on other websites and apps (as described above) to you, deliver relevant content to you in marketing communications (where applicable), and to measure the effectiveness of the advertising provided. For example, we use tools such as Google Analytics to analyse Google’s interest-based advertising data and/or third-party audience data (such as age, marital status, life event, gender and interests) to target and improve our marketing campaigns, marketing strategies and website content. We may also use tools provided by other third parties, such as Facebook, Adroll, HotJar, Criteo and Bing to perform similar tasks, using your Contact, Technical, Usage and Profile Data.
In order to opt out of targeted advertising you need to disable your ‘cookies’ in your browser settings or opt-out of the relevant third-party Ad Settings.
If you would like any further information about the data collected by these third parties or the way in which the data is used, please contact us.
Links to other websites and third parties
Our website may include links to and from the websites of our partner networks, advertisers and affiliates, or to social media platforms. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to their websites.
11. Your Data Rights
You have several rights under the data privacy legislation. This includes, under certain circumstances, the right to:
- request access to your personal data
- request correction of your personal data
- request erasure of your personal data
- request restriction of processing of your personal data
- request the transfer of your personal data
- object to processing of your personal data
- object to automated decision making
Request access to your personal data
You have the right to obtain a copy of the personal data we hold about you and certain information relating to our processing of your personal data.
Request erasure of your personal data
This enables you to request that Cottom Foods delete your personal data, where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Request restriction of processing of your personal data
You have a right to ask Cottom Foods to suspend the processing of your personal data in certain scenarios, for example if you want us to establish the accuracy of the data, or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Where processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future.
Request the transfer of your personal data
You have the right to obtain a digital copy of your personal data or request the transfer of your personal data to another company. Please note though that this right only applies to automated data which you initially provided consent for us to use or where we used the data to perform a contract with you.
Object to processing of your personal data
You have the right to object to the processing of your personal data where we believe we have a legitimate interest in processing it (as explained above). You also have the right to object to our processing of your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms.
Object to automated decision making and profiling
You have the right to object to the automated processing of your personal data without human intervention. This form of processing is permitted where it is necessary as part of our contract with you, providing that appropriate safeguards are in place or your explicit consent has been obtained.
We will try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. We may need to request specific information from you to help us confirm your identity and ensure your right to exercise any of the above rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Right to lodge a complaint
If you have any concerns or complaints regarding the way in which we process your data, please contact us. You also have the right to make a complaint to the ICO (the data protection regulator in the UK). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance.