This Privacy Notice explains when and why we collect personal information about you as well as the types of personal data we may collect when you interact with us online or over the phone. It also explains how we look after your data and keep it safe. The most important thing to know is that Chef on Board is a small family business - we will not share your information with any third party except for the specific purpose of fulfilling your order.
The GDPR law on data protection sets out a number of different reasons a company may collect and process your personal data, including:
-Consent In specific situations, we can collect and process your data with your consent - e.g. if you tick a box online to receive information from Chef on Board. When we collect this personal data, we will always make clear to you which data is necessary in connection with a particular service and give details of this in this policy.
-Contractual obligations In some instances, we need your personal data to comply with our contractual obligations. For example, if you place an order with us, we need your address details to deliver your order and we also need to pass your details to a courier.
-Legal compliance We may be legally bound to collect and process your data. For example, if someone is involved in any criminal activity or fraud affecting Chef on Board, we need to pass details to law enforcement.
-Legitimate interest We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your purchase history and shopping preferences to offer more personalised offers or products.
1. How we collect your personal data There are a number of ways in which we may collect information about you:
•When you visit our website, create an account with us and use your account to buy products
•When you purchase products over the phone
•When you order or redeem vouchers from Chef on Board on the phone or online
•When you engage with us on social media
2. The type of personal data we collect
The personal data we may collect includes your name, billing/delivery address, email address, telephone number, information from voucher redemptions, your IP address, which websites you came from when visiting ours, which of our web pages you visit, any search terms you entered on our website and information gathered by cookies in your web browsers. If you set up an account with us, your password to log in is encrypted and when you place an order, we do not hold your card details, it is collected by WorldPay, our third party payment processors who uses secure online capture and processing methods. If you choose to save your credit card details these will be securely held with WorldPay.
3. How and why we use your personal data
We use your data so we can fulfil our contractual obligations to you (i.e. deliver our products to you). We will hold your data in our systems for as long as is necessary for each relevant activity or as long as is set out in any contract we have with you. If you wish to change how we use your data, you can do so. Please refer to the 'Your rights over your personal data' section below. If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you have asked for.
Here are some ways in which we will use your personal data and why:
•To process any orders you make on our website or over the phone. If we don't collect your personal data during checkout, we won't be able to process and deliver your order and comply with our legal obligations e.g. your details are passed to a courier company so that your order can be delivered. We will keep your details for a reasonable period afterwards in order to fulfil any contractual obligation such as a refund or exchange.
•To process any refund/exchange or deal with any complaint. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with appropriate customer service.
•We keep your personal data to maintain, update and safeguard your account and to protect our business and your account from fraud or other illegal activities. We will also monitor your browsing activity in order to identify and resolve any problems and protect the integrity of our websites. We do all of this as part of our legitimate interest.
•When you place an order with us, your card details are collected by our third party payment processors WorldPay who use secure online capture and processing methods. This helps to protect you from fraud. We do this on the basis of our contractual and legitimate business interests.
•If we discover any criminal activity or alleged criminal activity through our use of fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts.
•To comply with our legal obligations, we will send you communications required by law or which are legally necessary e.g. significant updates to this Privacy Notice, product recall notices and legally required information relating to your orders. These messages are to inform you about changes to the service we provide you and will not include any promotional content and so do not require prior consent when sent by email or phone.
•To comply with our contractual or legal obligations to share data with law enforcement.
4. Protection of your personal data
The security of your personal data is very important to us and we take care to handle and store responsibly and in line with new legislation as we know it is important to you as well as us.
Here are some ways we secure your data:
•We do not store your card details ourselves, but instead use WorldPay, who are a PCI compliant payment processing provider for all orders placed online and over the phone.
•All personal data is stored securely on our website provider’s servers which are located in the Republic of Ireland Length of time we keep your personal data We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, details of your orders will be kept for as long as we need to retain that data to comply with our legal and regulatory requirements. This is generally 7 years unless the law prescribes a longer period. In some circumstances you can ask us to delete your data: see ‘Your Legal Rights’ below for further information. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Who we need to share your personal data with and why
At times we need to share your personal data with trusted third parties e.g. delivery couriers, IT companies, credit card processing services and so on. We only provide what they need and they cannot use your data for anything other than the purposes that they have your data for. Your data is deleted or rendered anonymous if we stop working with them. We use the following companies who will process your personal data as part of their contracts or terms and conditions with us:
•Google Analytics - for monitoring the volume, details and actions of visitors to our website
•Shopwired - we currently use the Shopwired to host our website, customer and order database
•APC - our courier for our national home delivery service
•Vodafone - to send text message confirmations about your order status, e.g. alert you that an order has been left safe.
Please note the above suppliers are non-exhaustive and may change from time to time, but we will endeavour to keep the list above accurate and as up-to-date as possible.
Sharing your data with third parties for their own purposes:
We will never sell or trade your contact details with any third parties. There are some instances where we may have to share your information based on our legal obligations, for instance:
•Fraudulent activity in our online systems
•If the police/government ask us to disclose information we may be required to share your personal data with them, however we would assess this sort of request very carefully
•For fraud management, we may share information about fraudulent or potentially fraudulent activity in our systems. This may include sharing data about individuals with law enforcement bodies.
For further information please contact us on firstname.lastname@example.org.
Your rights over your personal data
You have the right to access and rectify mistakes in the data we hold about you at any time. These requests will be handled on a case by case basis depending on our legitimate business interests, legal and contractual obligations. If we refuse your request we will explain to you the reason for our refusal. You can also make any changes to your personal information by updating your online account at www.chefonboard.com, or by contacting us on email@example.com In order to keep your information confidential, we will ask you to verify your identity before proceeding with any requests. If there is a third party acting on your behalf, we will check that they have your permission to act.
Legitimate Business Interests
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Contacting the Regulator
If you are at all unhappy about the handling of your data, you can send a complaint to the Information Commissioner’s Office by calling 0303 123 1113 or go online to www.chefonboard.com, If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that haven’t been covered, please contact our Data Protection Officer, Jonathan Parker, who will be pleased to help you:
•Email us at firstname.lastname@example.org
•Or write to us at Chef on Board Ltd, Unit 11, Webton Business Park, Kingstone, Herefordshire HR2 9NF
Cookies are small files which are placed on your computer's hard drive. Cookies help this website to analyse traffic and visitors and help our site respond to you as an individual. We use traffic log cookies to identify which pages are being used on our site and analyse visitor behaviour through statistics.
To get the most out of using our website, cookies should be enabled. Most web browsers are automatically set to accept cookies with the standard installation settings. If cookies are not set to work on your browser, the performance of this website will be affected and will also restrict your use of it, which may prevent you from buying anything from us.
Here is a list of cookies that we use. We have listed them here so you that you can choose whether you want to opt out of cookies or not.
AWSELB - Used to distribute traffic to the website on several servers in order to optimise response times.
JSESSIONID - Preserves users states across page requests
PHPSESSID - Preserves users states across page requests
_ga - Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
_gat - Used by Google Analytics to throttle request rate
_gid - Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
_stid - Registers a unique ID that identifies the user's device for return visits.
_unam – Saves the user’s navigation on the website including what pages have been viewed and how long the browser has been used to view each page.
Collect – Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.