Last updated: 12/01/2020
At Choccy Nut Pot, your privacy is important to us. This statement explains how we collect and use your personal information and how you can exercise your rights under applicable data protection law. It applies to individuals visiting our website (www.choccynutpot.com), placing an order with us for our products (“Products”), registering, attending or otherwise taking part in events/contests/promotions hosted by or in connection with us, or otherwise engaging with us both on and offline.
What type of information do we collect and how?
We collect and process the following information from you directly:
● When you create an account and/or place an order on our website, you provide us with your contact information, including name, email address, phone number, and shipping address.
● When you complete a “contact me” form or subscribe for marketing emails with news about our Products and events, you provide us with your email address.
● If you provide feedback on our Products, complete any survey we send, or contact us for customer support purposes, you may provide personal information in connection with such feedback/contacts, for example name or contact information.
● If you attend an event hosted by or in connection with us, you may provide us with your contact information such as name and email address.
● If you visit our website, we automatically collect site visit information using cookies and other similar technologies. See the “Cookies and Site Visit Data” section below for more detail.
● If you enter into a competition run by or in connection with us, you may provide us with your contact information such as name and email address.
● If you leave any comments on our blog, you may provide us with your information such as your name.
We also collect and process the following information about you from third parties to facilitate payment for our Products:
● If you make a purchase on our website we use a third party payment provider, PayPal, and the financial information you provide to make sure payment, such as payment card details, is governed by Paypal’s terms and privacy statement (https://www.paypal.com/uk/home). To facilitate purchases, we collect contact details directly from you, as explained above. We also receive transaction information from Paypal, including whether the payment was made via mobile or desktop, your name, email address, delivery address, time and date of payment, and purchase amount.
● If you make an offline card payment we use a third party payment provider, SumUp, and the financial information you provide to make such payment, such as payment card details, is governed by SumUp’s terms and privacy statement (https://sumup.co.uk/). To facilitate purchases, we collect contact details directly from you, as explained above. We also receive transaction information from Sumup, including your name, purchase amount, the last 4 digits of your payment card number, date, time and location of payment.
Cookies and Site Visit Data
A cookie is a small file of letters and numbers downloaded onto your computer when you visit a website. Cookies are used by websites for a number of purposes, e.g. to record what you have added to your shopping basket and to count the number of people visiting a website.
We use the following cookies on our website:
Purpose (Optimizing speed and performance of the website)
Duration (3 months)
Purpose (Confirmation cookie banner has been displayed and dismissed)
Duration (1 day)
Purpose (To obtain data on your use of website for statistical purposes)
Duration (1 year)
Purpose (To obtain data on your use of website for statistical purposes)
Purpose (To provide e-commerce facilities on the website)
You can disable or limit the types of cookies you permit, and also set your browser to provide an alert when cookies are being used. For more information on how to manage your cookie preferences, please see the guidance provided by your web browser. Please note that if you block cookies, functionality on our website may be limited.
● Site visit data
When you visit our website, we automatically collect site visit information, including IP address, browser type, operating system, page load times, date and time of visit, and your behaviour when using the website. We use this information to improve the website.
Legal basis for processing personal information
The basis for processing personal information will depend on the information and circumstances. Generally, the lawful bases we rely on for processing personal information under applicable data protection law are:
● Consent. Please note, you are able to revoke your consent at any time by contacting firstname.lastname@example.org.
● Where we have a contractual obligation to process information.
● Where we have a legal obligation to process information.
● Where we have a legitimate interest to process information which is not overridden by your data protection interests or fundamental rights and freedoms.
If you would like more information on the legal basis upon which we rely in a particular circumstance, please contact email@example.com.
How do we use your information?
We use your information to:
● Process, take payment for, and fulfil your orders and requests.
● Respond to your inquiries, consider your request or application.
● Contact you regarding your order, including providing confirmation of order, payment receipt, postage information, and for any other customer support purposes.
● Communicate with you to provide information about our Products, updates, promotions, incentives and/or rewards and any other information we think might interest you.
● Provide customer support, troubleshooting and technical support.
● Carry out research/feedback surveys.
● Administer competitions and events, including inviting you to enter competitions and/or to attend events.
● Track and analyse use of our website.
● Improve our Products, business operations and website.
● Develop new Products.
● Fulfil any legal obligation we are subject to, including to protect our rights, property or safety, or the rights, property or safety of others and to enforce our terms.
● Conduct general business operations, such as for record keeping and accounting purposes.
● Any other purposes disclosed to you in connection with our Products and website.
Who do we share your information with?
We take your privacy seriously and do not share personal information with third parties other than as explained in this privacy statement.
● Third party service providers: we use service providers to perform certain activities for us, such as website hosting and Product delivery. We have agreements in place with our service providers to ensure they only use your personal information on our behalf as described in this privacy statement.
● Third party payment providers: we use Sumup for offline purchases, as described above. You submit your information to Sumup directly by using the card reader. However, if you require a receipt, we will submit your email address to Sumup for this purpose only.
● Professional advisors: we may share your personal information with our professional advisors where required for general business purposes e.g. lawyers and accountants.
● Merger, sale, acquisition, divestiture, restructuring: we may share your personal information with a potential buyer (or their agents/representatives) in the event of a merger, sale, divestiture, acquisition or restructuring of all or any part of our business.
● Legal obligations and protection of rights: we may disclose your personal information to third parties where required by law, or to protect our rights, safety or property or the rights, safety or property of a third party, for example to comply with a court order, request from tax authorities, or in connection with any legal or regulatory proceedings.
● Deidentified or aggregate information: we may disclose de-identified or aggregate information (i.e. information that does not identify a person) to third parties for research, marketing, analytics and other purposes.
● Third party plugins: we may integrate third party plugins to our website and if you click on such plugins, those third parties may receive information about you which will be subject to their own terms and privacy statements.
● Partners: we may share your information with third parties we partner with for competitions, events, incentives, or other advertising campaigns in connection with our Products.
Where is your personal information processed?
Information may be processed outside of the United Kingdom in countries with different data protection laws, including the United States of America. Where personal information is transferred outside of the United Kingdom (whether by us or our third party service and payment providers), we ensure adequate safeguards are in place to protect such information, such as Standard Contractual Clauses.
How is my information protected?
We use appropriate technical and organisational measures to protect your personal information.
How long is personal information kept for?
We keep personal information for as long as is required for the purposes for which it was originally collected, in accordance with applicable law, after which we delete or anonymise such information. If information cannot be deleted or anonymised, we take steps to ensure it is not used for any other purpose until it can be deleted or anonymised.
Your data protection rights
Under data protection law, you have rights including:
● Right of access - you have the right to ask us for copies of your personal information.
● Right to rectification - you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
● Right to erasure - you have the right to ask us to erase your personal information in certain circumstances.
● Right to restriction of processing - you have the right to ask us to restrict the processing of your information in certain circumstances.
● Right to object to processing - you have the right to object to the processing of your personal data in certain circumstances.
● Right to data portability - you have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
If you make a request to exercise one of the above rights, we have one month to respond to you. Please contact us at firstname.lastname@example.org if you wish to make such a request.
How to contact us?
For purposes of the applicable data protection laws, the controller responsible for the means and purposes for which your personal information is processed is Choccy Nut Pot Limited.
If you have any questions about this statement or our privacy practices more generally, please contact us at email@example.com or by post (Choccynutpot, 6 Milton Close, Guildford, GU3 2DJ).
Your privacy is important to us and we will always seek to address any concerns you might have regarding our use of your personal information. However, you are entitled to complain to the UK regulator, the ICO, if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
Updates to this privacy statement
The date on which this statement was last updated is displayed at the top of the page. Please review this statement frequently as we may update it from time to time. When updating this statement we will provide notice and/or choice as required by applicable law.