Updated on 30 June 2020

This privacy notice (our “Policy“) describes how Foodient Ltd. (a UK company) (“Whisk” “we”, “our” or “us”) collects and processes your personal data. How we use your personal data will depend on the particular service we are providing and the nature of your relationship with us.

  • If you are a representative of a company (a “Business Representative“)who accesses our services via the website www.whisk.com or has a commercial relationship with us (a “Partner“), then we may collect your contact details (and limited other personal data about you). This data may be used by us in order to administer our relationship, provide you with access to our services and systems, and send you our regular newsletter. Any information provided in this Policy that is relevant for our Business Representatives is marked as such.
  • If you are an individual (a “Consumer“) who accesses our services via our website, my.whisk.com through any of our Partners’ websites or through our mobile application, “Whisk Shopping List & Recipes” (the “Application“), then we may collect personal data that fall within various categories (see our “Data we collect” section). The purposes for which we may use your data are described in the “How we use your data” section. All information provided in this Policy, unless otherwise specified, is relevant to our Consumers.

This Policy applies to all personal data we collect or process about you in the context of your use of our services. Whisk is the data controller for the processing of personal data.

Data we collect

We may collect the following personal data from you:

  • Contact details
  • Authentication data
  • Profile information, if you setup an account with us
  • Information you voluntarily provide about yourself, such as food, dietary, and nutritional preferences
  • Data relating to your use of our services
  • Your device’s geo-location when accessing our services
  • Grocery data
Further information
  • Contact Details: including your name, telephone number, email address and the content of any correspondence between you and us. This category is relevant for our Business Representatives and Consumers.
  • Authentication Data: including your username and password when you log in via the Application, and the equivalent details as well as an authentication token in respect of your accounts with any third party websites who have integrated our platform (for example, grocery retailers and social media sites). This category is relevant for our Business Representatives and Consumers.
  • Profile Data: information that you add to any profile that you create through our website or our Application, including any photos you upload and information about yourself.
  • Food Preference Data: including information relating to diets, foods you avoid, lifestyle choices, cuisine choices, nutritional goals, health metrics (such as your height and weight) and grocery shopping patterns and preferences.
  • Usage Data: including information relating to your visits to our website and Application and the websites of our Partners (such as shopping lists you create, recipe interactions and time spent on each page of the Application), IP address, domain name, URI address (uniform resource identifier) and grocery transactions that you may complete via our services.
  • Location Data: including device location data and the IP address of your device.
  • Grocery Data: information relating to any products that you select from a shopping list for purchase from a third party retail site.

How we collect your data

We collect some of the personal data described above directly from you for a number of different purposes, as detailed in the “How we use your data” section below. We also collect your personal data indirectly via the websites of our Partners who have integrated our platform (i.e., the shopping list function) in order to provide you with a seamless food shopping experience and from any social media sites through which you access our services.

In addition, we collect personal data about you via automated means, such as from cookies and similar tools as you use our services.

A cookie is simply a piece of text, which can be placed on the browser of your personal computer or mobile device and subsequently read as you visit a website. Some of the cookies we deploy are necessary to provide certain functions through our website and Application, whereas others (such as those which relate to targeted advertising) are not. You have a choice about whether or not to accept these non-essential cookies.

Further information on the types of cookies we use and the personal data we use them to collect can be found in our Cookie Policy.

How we use your data

We may use the data you provide to us for the following purposes:

  • Provide you with our services and maintain them
  • Perform data analytics to understand food trends, build a profile of your preferences and improve our services
  • To make suggestions about recipes and products that we think will match your preferences
  • Provide targeted advertising to you
  • To send you news, special offers and marketing
  • To send our Business Representatives our newsletter
  • Assist you in purchasing groceries from selected retailers
  • Review and improve our services
  • Provide Business Representatives with access to third party services provided to us
  • Defend ourselves against legal claims

For example, when you select a recipe from a website belonging to one of our Partners, you will be able to log into your account with us and create a shopping list via our integrated platform. If you decide to buy the items on your list, then we will transfer your selected grocery products for purchase to the third party grocery website of your choice, using Authentication Data to verify your identity and your Location Data to suggest appropriate grocery retailers.

Whisk processes personal data for the purposes described above. Whisk’s legal basis to process personal data includes processing that is: necessary for the performance of the contract between you and Whisk (for example, to provide you with the services and to identify and authenticate you so you may use certain services); necessary to comply with legal requirements (for example, to defend ourselves against legal claims or to make mandatory disclosures to law enforcement); necessary for Whisk’s legitimate interests (for example, perform data analytics to understand food trends, build a profile of your preferences and improve our services); and based on obtaining your separate consent (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time by contacting us as specified in the Contact Us section of this Privacy Policy without affecting the lawfulness of processing based on consent before its withdrawal.

Please see the table below for further detail on each of these purposes.

Further information
Purpose Categories Of Personal Data
Providing you with our services and maintaining them, including:

– Setting up an account with us when you download our Application

– Verify your identity when you login to use our services

– Managing your profile and preferences on the Application (e.g. to publicise your profile and save your favourite recipes)

– Facilitating your purchasing of groceries from third party retailers through our services

– Providing customer support (e.g. when you have issues logging into or using our services)

– Notifying you about changes to our services.
Contact Details

Authentication Data

Profile Data

Food Preference Data

Usage Data

Location Data
Data analytics, including:

– Creating reports to provide our Partners with aggregated and anonymous information about how users interact with their sites (e.g. popularity of certain recipes or food types by region)

– Providing you with product suggestions that are sometimes sponsored and sometimes just our recommendations based on your previous purchases, shopping lists and favourite recipes

– Providing aggregated and anonymised trend reports to third parties

– Improving your experience of our services by using your data to enhance our technologies (e.g. through machine learning algorithms)
Contact Details

Profile Data

Food Preference Data

Usage Data

Location Data
Providing targeted online advertising, including:

– Offering you recipe, product or retailer suggestions that reflect your preferences and suit your location
Contact Details

Authentication Data

Food Preference Data

Usage Data

Location Data
Sending you news, special offers and marketing, including:

– Providing you with details of special offers and general information about other goods via email
Contact Details

Profile Data

Food Preference Data

Usage Data

Location Data
Sending our Business Representatives our newsletter Contact Details
Usage Data
Assisting you in purchasing groceries from selected retailers

– Transferring your shopping list to your preferred supermarkets at your request
Contact Details

Authentication Data

Profile Data

Grocery Data
Reviewing and improving our services, including:

– Monitoring and tracking the usage of our services

– Gathering valuable information so that we can improve our services

– Detecting, preventing and addressing technical issues
Contact Details

Profile Data

Usage Data

Food Preference Data

Usage Data

Location Data
Defending ourselves against legal claims that we may receive Contact Details

Authentication Data

Profile Data

Food Preference Data

Usage Data

Location Data

We sometimes process your personal data using a combination of machine learning and other AI techniques to evaluate information about you that we receive from the sources described under our “How we collect your data” section above. This is known as profiling and it helps us to build our understanding of your preferences in order to provide you with the best service we can. For example, we may analyse information relating to your purchases of a particular product to suggest similar products that you may be interested in buying via targeted advertising.

Depending on the purpose for which we are using your data, we may rely on various legal grounds for processing. In some cases, we will seek your explicit consent, in others we may rely on our legitimate interests or it may be necessary in order to perform our contract with you.

How long we keep your data for

We will retain your personal data for as long as required to fulfil the purpose for which the data were collected, having regard to a range of applicable criteria, including the on-going relationship we have with you, the completion of the purpose for which the data was originally given, our own legal obligations and requirements, the type and size of the data held or our accounting requirements in relation to the data. For example, we will retain the Contact Details that you provide when you open an account via our Application until you choose to delete your account. We may then in any event need to retain those Contact Details for a period in order to defend ourselves against legal claims.

We use session and long-lived cookies on our websites and Application. Personal data that are collected by session cookies that are strictly necessary for purposes relating to fundamental website or Application functionality will be retained for a matter of minutes. Personal data that are collected by long-lived cookies may be retained for up to two years, depending on the purpose.

We will delete personal data once the relevant retention period expires. After such date, you will not be able to exercise some of your rights over your personal data that are described below. In general, we keep the length of time that we hold your personal data for under review. These reviews take place annually.

Who we share your data with

We may share your personal data with third parties under the following circumstances:

  • Service providers: we may share your personal data with service providers who perform services on our behalf, including assisting us with data analytics, IT management, hosting and improving our services. For a full and maintained list of our service providers, please click here. You can find more detail on the types of services these third parties provide to us by clicking “Further Information” at the end of this section.
  • Partner companies: this includes grocery retailers, recipe publishers, digital health applications, social media sites, providers of ‘internet of things’ technologies and third party advertising networks who advertise on our website. For a full and maintained list of our Partners, please click here.
  • Restructuring: we may share your personal data during the course of business negotiations and transactions (for example, an acquisition, merger or financing) to the extent necessary to facilitate the restructuring.
  • Where required by law: we may share your personal data with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
Further information

We use third party service providers to assist us with the following:

  • Analytics: to monitor and analyse web traffic, to assess the popularity of specific pages and to keep track of your behaviour when using our services.
  • Infrastructure monitoring: to monitor the use and behaviour of our services’ components so that performance, maintenance and troubleshooting can be improved.
  • Traffic optimisation and distribution: to allow the services to distribute their content using servers located across different countries and optimise their performance.
  • Content performance and features testing: to track and analyse your responses in relation to web traffic or behaviour regarding changes to the structure, text or any other component of the services.
  • Hosting and backend infrastructure: to host data and files that enable the services to run and be distributed, as well as to provide a ready-made infrastructure to run specific features or parts of the services.
  • Managing contacts and sending messages: to manage our database of contact information to communicate with you, and also to collect information relating to your interaction with such communications.
  • User database management: to build user profiles using personal data you provide to us, as well as to track your activities through analytics features. In the case of Business Representatives: we may also match the personal data you provide with publicly available information about you to build private profiles that we use for user support operations and for improving our services.

Where we might send your data

Your personal data may be transferred to and processed in a country that is not regarded as providing the same level of protection for personal data as the laws of your home country, including, for example and without limitation to the United Kingdom and the United States.

Where possible, we have sought to put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to provide adequate protections for your personal data. For more information on the appropriate safeguards in place and to obtain a copy of such safeguards, please contact us at the contact information set out below.

How we keep your data secure

We engage Google Cloud to store your personal data within the European Economic Area (“EEA“). We have also implemented appropriate technical and organisational controls to ensure that your personal data are processed securely, such as encryption and authentication during transfer. However, no method of transmission over the internet or of electronic storage is fully secure, and as such, we cannot guarantee its absolute security.

Further information on how we keep your personal data secure can be found in our security policy.

Your rights over your personal data

You can withdraw any consent you have given us at any time and we will stop using your data for the purpose that consent was granted. You can also contact us at any time to request :

  • Access to any personal data we hold about you.
  • That personal data we hold about you be updated, rectified or blocked.
  • That we delete personal data we hold about you.
  • That we restrict our processing of your personal data.
  • That we provide you or a third party with a copy of certain personal data about you (referred to as the right of “data portability”).
  • That you object to the processing of personal data we hold about you.

There may be situations where it is not possible for us to grant you these rights or we are not required by law to do so. For example, where restricting the processing of your personal data would impede a criminal investigation. As such, the rights described in the bullet points above are not absolute.

Contact Us

If you have questions or concerns regarding the way in which your personal data has been used, please contact our data protection officer, Nick Holzherr, at [email protected] You can also contact us by post at:

Foodient Ltd. (company number: 08001091)

Attn: Nick Holzherr – Data Protection Officer

483 Green Lanes, London, N13 4BS

We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection regulator of your country of residence.

Changes to the Policy

We may modify or update this privacy notice from time to time. If we make any revisions that materially change the ways in which we process your personal data, we will notify you of these changes by email.

ADDITIONAL CALIFORNIA CONSUMER PRIVACY DISCLOSURES

Effective: January 1, 2020

This California Consumer Privacy Statement (the “Statement”) supplements the Whisk Privacy Policy. It applies solely to California consumers and addresses personal information we collect online and offline.

This Statement uses certain terms that have the meaning given to them in the California Consumer Privacy Act of 2018 and its implementing regulations (the “CCPA”).

Notice to California Residents

Notice of Collection and Use of Personal Information

We may collect the following categories of personal information about you:

  1. Identifiers: identifiers such as a real name, alias, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number, unique pseudonym, or user alias; telephone number and other forms of persistent or probabilistic identifiers), online identifier, internet protocol address, email address, account name, and other similar identifiers
  2. Protected Classifications: such as characteristics of protected classifications under California or federal law, such as age and sex
  3. Commercial Information: commercial information, including records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies
  4. Biometric Information: such as such as keystroke patterns or rhythms, voice recordings, an individual’s behavioral characteristics, or other data used to establish individual identity
  5. Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements
  6. Geolocation Data: such as precise physical location or movements and travel patterns
  7. Sensory Information: audio, electronic, visual, and similar information
  8. Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

How we use your data is described in the Whisk Privacy Policy. We may also use the categories of personal information listed above for certain business or commercial purposes, as described in this list:

  1. performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, providing advertising or marketing services, providing analytics services, or providing similar services;
  2. auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;
  3. short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction;
  4. detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
  5. debugging to identify and repair errors that impair existing intended functionality;
  6. undertaking internal research for technological development and demonstration; and
  7. undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

Prior Collection, Use and Disclosure of Personal Information

We may have collected and used your personal information, as described in Section 1 above, during the 12-month period prior to the effective date of this Statement. For the personal information collected during that timeframe, we describe below: (a) the categories of sources from which we may have obtained the personal information, (b) the categories of personal information we may have sold, and (c) the categories of personal information we may have disclosed for a business purpose.

Sources of Personal Information

Where we may have obtained your data is described in the Whisk Privacy Policy. We may have also obtained personal information about you from various other sources, including:

  1. from you or your devices, for example, through your use of our services (both via our website and applications and via the websites of our Partners who have integrated our platform;
  2. our affiliates and subsidiaries;
  3. internet service providers;
  4. data analytics providers;
  5. government entities and other public sources; 
  6. operating systems and platforms;
  7. data brokers and other data providers;
  8. credit agencies or bureaus;
  9. vendors who provide services on our behalf;
  10. social media networks; and
  11. online advertising companies.

Sale of Personal Information

We may allow certain third parties (such as advertising partners) to collect your personal information. You have the right to opt out of this disclosure of your information, as detailed below.

Under the CCPA, a “sale” means providing personal information to a third party for valuable consideration, which may include several forms of common sharing practices. It does not necessarily mean money was exchanged for the transfer of such personal information. The following table lists the categories of personal information we may have “sold” during the 12-month period prior to the effective date of this Statement and the categories recipients: 

Category of Personal Information SoldCategories of Recipients
Identifiers
Customer Records
Internet Usage Information
Inferences derived from Personal Information
our affiliates and subsidiaries;
vendors who provide services on our behalf;
professional services organizations, such as auditors and law firms;
our joint marketing partners;
our business partners;
advertising networks;
internet service providers;
data analytics providers;
government entities;
operating systems and platforms;
social networks;
and consumer data resellers.

Disclosure of Personal Information for a Business Purpose

The following table lists the categories of personal information we may have disclosed for a business purpose in the past 12 months and the categories of recipients:

Category of Personal Information Disclosed for a Business PurposeCategories of Recipients
Identifiers
Customer Records
Personal Characteristics or Traits
Customer Account Details / Commercial Information
Internet Usage Information
Geolocation Data
Inferences derived from Personal Information
our affiliates and subsidiaries;
vendors who provide services on our behalf;
professional services organizations, such as auditors and law firms;
our joint marketing partners;
our business partners;
advertising networks;
internet service providers;
data analytics providers;
government entities;
operating systems and platforms;
social networks;
and consumer data resellers.

California Consumer Privacy Rights

Effective as of January 1, 2020, California consumers have certain choices regarding our use and disclosure of personal information, as described below.

Access: You have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed and sold about you during the past 12 months.

Deletion: You have the right to request that we delete certain personal information we have collected from you.  Note that we are not required to delete personal information that is needed for a number of purposes.

Opt-Out of Sale: You have the right to opt-out of the sale of your personal information.

Non-discrimination: You have the right to non-discrimination based on the exercise of your privacy rights.

Shine the Light Request: You also may have the right to request that we provide you with (1) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year and (2) the identity of those third parties.  Whisk does not share personal information with third parties for their own direct marketing purposes without your consent or without giving you an opportunity to opt out of such sharing. 

How to Submit a Request: To submit an access or deletion request, a Shine the Light request, or to opt-out of the sale of your personal information, email us at [email protected]  In your email please let us know if you have a Whisk account as well as any email accounts that may be associated with your personal information.

Verifying Requests: To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. If you have a Whisk account, we may verify your identity by requiring you to sign in to your account. If you do not have a Whisk account, or an email address or phone number on file with us, or if the information you provide does not match what is in our records, then we may not be able to process your request, as there is no reasonable method by which we can verify your identity to the level of certainty required by the CCPA. Accordingly, if you do not have an account with us, or an email address on file, and you request access to or deletion of your personal information, we may not be able to process your request at this time.  If you are an authorized agent or parent/guardian making a request on behalf of a consumer or your child, we may require and request additional information to verify that you are authorized to make that request.

Additional Information: To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request. We reserve the right to deny your request if we cannot verify your identity or an exemption applies.  In addition, depending on the nature of your request and the risk of fraud, we may not be able to fulfill it.  Where we deny your request in whole or in part, we will inform you of the denial, provide an explanation of our actions, and the reason(s) for the denial.  In the event your request is incomplete or deficient, we will endeavor to inform you how it may be corrected.

Do Not Track: California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Do Not Track (“DNT”) features that allow you to tell a website not to track you.  Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.