This includes when you use our websites (such as http://www.kafoodle.com and any other websites registered under this domain), mobile applications and/or subscribe to any of our platforms (such as Kafoodle Kitchen, Kafoodle Communications, Kafoodle Electronic Personalised Meal Ordering, Kafoodle Meal Planning and/or Kafoodle Essentials) and/or engage with us on any of our services – as we are obtaining personal information about you in this process.
2. Who is Kafoodle?
Kafoodle Limited (the “company”, “we”, “our”, “us”) is registered in the UK and our registered address is at 2a The Quadrant, Epsom, England, KT17 4RH.
Kafoodle is a “data controller” in certain situations, such as when you use its website and/or its customers subscribe to certain platforms. Being a “data controller” means that we are responsible for deciding how we collect, process, use and store personal information about anyone who expressly consented and willingly provide their personal information to us.
Kafoodle is also considered to be a “data processor” in other situations, such as when its customers subscribe to certain platforms; in such situations, Kafoodle ensures to put in place the appropriate measures between it and its customers in order to comply with GDPR.
3. Our obligations - data protection principles
- used lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- relevant to the purposes we have told you about and limited only to those purposes;
- accurate and kept up to date;
- kept only as long as necessary for the purposes we have told you about; and
- kept securely.
4. Information we collect
We may collect certain user information, including personal information about you in the following ways:
Information you provide to us
To provide you with the required services, we may collect personal information that you provide voluntarily to us including; over the telephone, by e-mail, face-to-face, when you visit our website, for example, when you fill out the contact form, consent form, data subject access request form, participate in any interactive features on our website, participate in a survey, promotion, activity or event, apply for a job, request support, or communicate with us via third-party social media sites or direct marketing.
The types of information you are likely to provide to us include your name, email address, phone number, industry, company name as well as financial and bank account/debit/credit card information and any other information that you feel necessary in order for us to assist you.
Information we collect automatically when you use our website
When you access or use the Kafoodle website or services, we may automatically collect information about you, including:
- technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse away from the page and any phone number used to call our customer service number.
Information we collect from other sources
We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third-parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies) and may receive information about you from them.
5. How we use your personal information
We may use the personal information collected for the limited purpose of providing the required services and related functionality for which Kafoodle has been engaged. Most commonly, we will use your personal information where we have the following lawful bases:
We need to perform a contract that we are about to enter into or have entered into with you or in order to take steps at your request prior to entering into a contract for the relevant service, including:
- to engage with you to send and agree initial terms;
- to enter into a contract and manage that contract;
- to update our records on you;
- for the performance of a contract with a third-party client.
It is necessary for our legitimate interests (or those of a third-party), and your interests and fundamental rights do not override those interests, including for the following purposes to:
- provide, operate, maintain and improve the Kafoodle websites;
- provide and deliver the services and features you request, process and complete transactions, and send you related information;
- respond to your comments, questions, and requests and provide customer service and support;
- communicate with you about services, features, surveys, newsletters, offers, promotions, contests and events, and provide other news or information about Kafoodle and its services;
- send you technical notices, updates, security alerts, support and administrative messages;
- monitor and analyse trends, usage, and activities in connection with the website and for marketing or advertising purposes;
- personalise and improve the websites, and provide content, features, and/or functionality that match your interests and preferences or otherwise customize your experience on our websites; or
- for other purposes about which we notify you.
- We need to comply with a legal or regulatory obligation.
6. Special categories of personal information
We may need to use more sensitive personal information (known as "special categories of personal data" under GDPR) about you or others associated with you, for example your family and/or carers. We will only use this kind of information where:
- we have your explicit consent;
- it is necessary for employment law matters;
- it is necessary for us to use this information to protect your vital interests or those of another person where it is not possible to obtain consent;
- it is necessary for us to do so in connection with the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; or
- in exceptional circumstances, another of the grounds for processing special categories of personal data are met (such as the processing is necessary for us to assist our customers in providing you with healthcare).
Where you have provided us with explicit consent to use special categories of personal information about you, you may withdraw your consent for us to use this information at any time. Please see right to withdraw your consent for further details. Please note that if you choose to withdraw your consent for us to use special categories of personal data about you, this may impact our ability to provide services to you.
7. Automated decision making
We do not undertake any fully automated decision-making processes.
8. How long will you use my information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any marketing, sales, legal, contractual, accounting, or reporting requirements.
9. Data security and data retention
While no service is completely secure, we take reasonable measures to help protect your information from loss, theft, unauthorised access, disclosure, alteration and destruction. We also take reasonable measures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
10. Where we store your data and when your data is transferred outside of the EEA
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.
Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we transfer data to a member of the Kafoodle Group or use third-party providers in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov.
If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org.
11. Change of purpose
We will only use your personal information supplied for the purposes for which we collected it, unless we reasonably consider that we need to use it for any other reasons and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
12. Sharing and disclosure of information
Compliance with laws or our legitimate interest: We may disclose your information to a third-party if:
- we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request;
- to enforce our agreements, policies and Terms of Service;
- to protect the security or integrity of our services;
- to protect Kafoodle, our customers or the public from harm or illegal activities;
- to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person;
- where it is necessary to administer the working relationship with you, such as for the fulfilment of your order, the processing of your payment details and the provision of support services;
- where we have another legitimate interest in doing so e.g. for marketing or performance of contract; or
- to any other third-party with your prior consent.
Here is a list of our third-party suppliers with whom we share your data who enable us to provide our services to you:
- AWS – cloud hosting
- Google Suite - Cloud storage, e-mail, documents, calendar, reporting
- Preoday - Pre-ordering and mobile payments partner
- Zendesk - customer support software
- Zoho – CRM
- Business transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Aggregated or anonymised data: We may also share aggregated or anonymised information with third-parties that does not identify you.
13. Third-party services
We will not sell, distribute or lease your personal information to third-parties unless we have your permission or are required by law to do so. We ensure that appropriate technical and organisational measures are adopted by us to ensure safekeeping against unauthorised or unlawful processing of personal information and against accidental loss or destruction or damage to the personal data. We will retain information you provide on our website for as long as we need it to provide you or your organization with the services, unless we may need to retain this information as necessary to comply with any legal obligations. If you have submitted information to us and wish to see a copy of the information we hold about you or have it removed from our internal records, please email us at email@example.com.
14. Your choices
You may update, correct or delete information about you at any time by emailing firstname.lastname@example.org.
In particular, you can also request for the following
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third-party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes that you don’t want.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
Upon request, Kafoodle will provide you with information about whether we hold, or process (including on behalf of a third-party), any of your personal information that we are aware of. To request this information, contact us at email@example.com. We will endeavour to respond to your access request within 30 days.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly excessive, repetitive, you have requested for multiple copies or your request is unfounded. Alternatively, we may refuse to comply with the request if the circumstances appear unusual or strange; in any situation where we refuse to comply with a request we will write to you and inform you of the reasons.
15. What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
16. Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please send us email at firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
17. Our policy toward children
Our website and services are not directed to individuals under 13. We do not directly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us at email@example.com. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.
As we have explained above, there are certain situations in which Kafoodle is a “data processor”, such as when Kafoodle’s customers subscribe to Kafoodle’s products and subsequently provide their customers with access to these products. When Kafoodle is a “data processor” it may have obtained personal information on children from Kafoodle’s customers. Kafoodle’s customers are responsible for ensuring that they have obtained such information and provided it to Kafoodle lawfully. Kafoodle has put in place appropriate measures between it and its customers to protect any personal data that Kafoodle processes.
18. Promotional and newsletter communications.
You may opt out of receiving promotional and newsletter emails from Kafoodle by following the opt-out instructions provided in those emails. You may also opt-out of receiving promotional emails and other promotional communications from us at any time by emailing firstname.lastname@example.org with your specific request. If you opt out, we may still send you non-promotional communications, such as security alerts and notices related to your access to or use of the Kafoodle services or on our ongoing business relations.
We display personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent we may post your testimonial along with your name.
20. Data Protection / Compliance Team
21. How to make a complaint
Data privacy laws are constantly evolving and we endeavour to maintain best practice. However, we recognise that we may not always get it right and where you are not satisfied in the way we handle data or you wish to discuss our processes then we would be grateful to hear from you.
If there is something which we have not done correctly with your personal information then we would appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance at email@example.com.
However, you have the right to make a complaint at any time to the Information Commissioner’s Office (which is the UK supervisory authority for data protection issues; more information here: www.ico.org.uk)).
If we are involved in a reorganisation, merger, acquisition or sale of our assets, your information may be transferred as part of the deal. We will notify you of any such deal and outline your choices in that event.
- A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third-parties for this purpose.
- You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.