Updated on 13 Dec 2019

This privacy notice (our “Policy“) describes how Foodient Ltd. (a UK company) (“Whisk” “we”, “our” or “us”) collects and processes your personal data. How we use your personal data will depend on the particular service we are providing and the nature of your relationship with us.

  • If you are a representative of a company (a “Business Representative“)who accesses our services via the website www.whisk.com or has a commercial relationship with us (a “Partner“), then we may collect your contact details (and limited other personal data about you). This data may be used by us in order to administer our relationship, provide you with access to our services and systems, and send you our regular newsletter. Any information provided in this Policy that is relevant for our Business Representatives is marked as such.
  • If you are an individual (a “Consumer“) who accesses our services via our website, my.whisk.com through any of our Partners’ websites or through our mobile application, “Whisk Shopping List & Recipes” (the “Application“), then we may collect personal data that fall within various categories (see our “Data we collect” section). The purposes for which we may use your data are described in the “How we use your data” section. All information provided in this Policy, unless otherwise specified, is relevant to our Consumers.

This Policy applies to all personal data we collect or process about you in the context of your use of our services. Whisk is the data controller for the processing of personal data.

Data we collect

We may collect the following personal data from you:

  • Contact details
  • Authentication data
  • Profile information, if you setup an account with us
  • Information you voluntarily provide about yourself, such as food, dietary, and nutritional preferences
  • Data relating to your use of our services
  • Your device’s geo-location when accessing our services
  • Grocery data
Further information
  • Contact Details: including your name, telephone number, email address and the content of any correspondence between you and us. This category is relevant for our Business Representatives and Consumers.
  • Authentication Data: including your username and password when you log in via the Application, and the equivalent details as well as an authentication token in respect of your accounts with any third party websites who have integrated our platform (for example, grocery retailers and social media sites). This category is relevant for our Business Representatives and Consumers.
  • Profile Data: information that you add to any profile that you create through our website or our Application, including any photos you upload and information about yourself.
  • Food Preference Data: including information relating to diets, foods you avoid, lifestyle choices, cuisine choices, nutritional goals, health metrics (such as your height and weight) and grocery shopping patterns and preferences.
  • Usage Data: including information relating to your visits to our website and Application and the websites of our Partners (such as shopping lists you create, recipe interactions and time spent on each page of the Application), IP address, domain name, URI address (uniform resource identifier) and grocery transactions that you may complete via our services.
  • Location Data: including device location data and the IP address of your device.
  • Grocery Data: information relating to any products that you select from a shopping list for purchase from a third party retail site.

How we collect your data

We collect some of the personal data described above directly from you for a number of different purposes, as detailed in the “How we use your data” section below. We also collect your personal data indirectly via the websites of our Partners who have integrated our platform (i.e., the shopping list function) in order to provide you with a seamless food shopping experience and from any social media sites through which you access our services.

In addition, we collect personal data about you via automated means, such as from cookies and similar tools as you use our services.

A cookie is simply a piece of text, which can be placed on the browser of your personal computer or mobile device and subsequently read as you visit a website. Some of the cookies we deploy are necessary to provide certain functions through our website and Application, whereas others (such as those which relate to targeted advertising) are not. You have a choice about whether or not to accept these non-essential cookies.

Further information on the types of cookies we use and the personal data we use them to collect can be found in our Cookie Policy.

How we use your data

We may use the data you provide to us for the following purposes:

  • Provide you with our services and maintain them
  • Perform data analytics to understand food trends, build a profile of your preferences and improve our services
  • To make suggestions about recipes and products that we think will match your preferences
  • Provide targeted advertising to you
  • To send you news, special offers and marketing
  • To send our Business Representatives our newsletter
  • Assist you in purchasing groceries from selected retailers
  • Review and improve our services
  • Provide Business Representatives with access to third party services provided to us
  • Defend ourselves against legal claims

For example, when you select a recipe from a website belonging to one of our Partners, you will be able to log into your account with us and create a shopping list via our integrated platform. If you decide to buy the items on your list, then we will transfer your selected grocery products for purchase to the third party grocery website of your choice, using Authentication Data to verify your identity and your Location Data to suggest appropriate grocery retailers.

Whisk processes personal data for the purposes described above. Whisk’s legal basis to process personal data includes processing that is: necessary for the performance of the contract between you and Whisk (for example, to provide you with the services and to identify and authenticate you so you may use certain services); necessary to comply with legal requirements (for example, to defend ourselves against legal claims or to make mandatory disclosures to law enforcement); necessary for Whisk’s legitimate interests (for example, perform data analytics to understand food trends, build a profile of your preferences and improve our services); and based on obtaining your separate consent (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time by contacting us as specified in the Contact Us section of this Privacy Policy without affecting the lawfulness of processing based on consent before its withdrawal.

Please see the table below for further detail on each of these purposes.

Further information
Purpose Categories Of Personal Data
Providing you with our services and maintaining them, including:

– Setting up an account with us when you download our Application

– Verify your identity when you login to use our services

– Managing your profile and preferences on the Application (e.g. to publicise your profile and save your favourite recipes)

– Facilitating your purchasing of groceries from third party retailers through our services

– Providing customer support (e.g. when you have issues logging into or using our services)

– Notifying you about changes to our services.
Contact Details

Authentication Data

Profile Data

Food Preference Data

Usage Data

Location Data
Data analytics, including:

– Creating reports to provide our Partners with aggregated and anonymous information about how users interact with their sites (e.g. popularity of certain recipes or food types by region)

– Providing you with product suggestions that are sometimes sponsored and sometimes just our recommendations based on your previous purchases, shopping lists and favourite recipes

– Providing aggregated and anonymised trend reports to third parties

– Improving your experience of our services by using your data to enhance our technologies (e.g. through machine learning algorithms)
Contact Details

Profile Data

Food Preference Data

Usage Data

Location Data
Providing targeted online advertising, including:

– Offering you recipe, product or retailer suggestions that reflect your preferences and suit your location
Contact Details

Authentication Data

Food Preference Data

Usage Data

Location Data
Sending you news, special offers and marketing, including:

– Providing you with details of special offers and general information about other goods via email
Contact Details

Profile Data

Food Preference Data

Usage Data

Location Data
Sending our Business Representatives our newsletter Contact Details
Usage Data
Assisting you in purchasing groceries from selected retailers

– Transferring your shopping list to your preferred supermarkets at your request
Contact Details

Authentication Data

Profile Data

Grocery Data
Reviewing and improving our services, including:

– Monitoring and tracking the usage of our services

– Gathering valuable information so that we can improve our services

– Detecting, preventing and addressing technical issues
Contact Details

Profile Data

Usage Data

Food Preference Data

Usage Data

Location Data
Defending ourselves against legal claims that we may receive Contact Details

Authentication Data

Profile Data

Food Preference Data

Usage Data

Location Data

We sometimes process your personal data using a combination of machine learning and other AI techniques to evaluate information about you that we receive from the sources described under our “How we collect your data” section above. This is known as profiling and it helps us to build our understanding of your preferences in order to provide you with the best service we can. For example, we may analyse information relating to your purchases of a particular product to suggest similar products that you may be interested in buying via targeted advertising.

Depending on the purpose for which we are using your data, we may rely on various legal grounds for processing. In some cases, we will seek your explicit consent, in others we may rely on our legitimate interests or it may be necessary in order to perform our contract with you.

How long we keep your data for

We will retain your personal data for as long as required to fulfil the purpose for which the data were collected, having regard to a range of applicable criteria, including the on-going relationship we have with you, the completion of the purpose for which the data was originally given, our own legal obligations and requirements, the type and size of the data held or our accounting requirements in relation to the data. For example, we will retain the Contact Details that you provide when you open an account via our Application until you choose to delete your account. We may then in any event need to retain those Contact Details for a period in order to defend ourselves against legal claims.

We use session and long-lived cookies on our websites and Application. Personal data that are collected by session cookies that are strictly necessary for purposes relating to fundamental website or Application functionality will be retained for a matter of minutes. Personal data that are collected by long-lived cookies may be retained for up to two years, depending on the purpose.

We will delete personal data once the relevant retention period expires. After such date, you will not be able to exercise some of your rights over your personal data that are described below. In general, we keep the length of time that we hold your personal data for under review. These reviews take place annually.

Who we share your data with

We may share your personal data with third parties under the following circumstances:

  • Service providers: we may share your personal data with service providers who perform services on our behalf, including assisting us with data analytics, IT management, hosting and improving our services. For a full and maintained list of our service providers, please click here. You can find more detail on the types of services these third parties provide to us [by clicking] “Further Information” at the end of this section.
  • Partner companies: this includes grocery retailers, recipe publishers, digital health applications, social media sites, providers of ‘internet of things’ technologies and third party advertising networks who advertise on our website. For a full and maintained list of our Partners, please click here.
  • Restructuring: we may share your personal data during the course of business negotiations and transactions (for example, an acquisition, merger or financing) to the extent necessary to facilitate the restructuring.
  • Where required by law: we may share your personal data with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
Further information

We use third party service providers to assist us with the following:

  • Analytics: to monitor and analyse web traffic, to assess the popularity of specific pages and to keep track of your behaviour when using our services.
  • Infrastructure monitoring: to monitor the use and behaviour of our services’ components so that performance, maintenance and troubleshooting can be improved.
  • Traffic optimisation and distribution: to allow the services to distribute their content using servers located across different countries and optimise their performance.
  • Content performance and features testing: to track and analyse your responses in relation to web traffic or behaviour regarding changes to the structure, text or any other component of the services.
  • Hosting and backend infrastructure: to host data and files that enable the services to run and be distributed, as well as to provide a ready-made infrastructure to run specific features or parts of the services.
  • Managing contacts and sending messages: to manage our database of contact information to communicate with you, and also to collect information relating to your interaction with such communications.
  • User database management: to build user profiles using personal data you provide to us, as well as to track your activities through analytics features. In the case of Business Representatives: we may also match the personal data you provide with publicly available information about you to build private profiles that we use for user support operations and for improving our services.

Where we might send your data

Your personal data may be transferred to and processed in a country that is not regarded as providing the same level of protection for personal data as the laws of your home country, including, for example and without limitation to the United Kingdom and the United States.

Where possible, we have sought to put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to provide adequate protections for your personal data. For more information on the appropriate safeguards in place and to obtain a copy of such safeguards, please contact us at the contact information set out below.

How we keep your data secure

We engage Google Cloud to store your personal data within the European Economic Area (“EEA“). We have also implemented appropriate technical and organisational controls to ensure that your personal data are processed securely, such as encryption and authentication during transfer. However, no method of transmission over the internet or of electronic storage is fully secure, and as such, we cannot guarantee its absolute security.

Further information on how we keep your personal data secure can be found in our security policy.

Your rights over your personal data

You can withdraw any consent you have given us at any time and we will stop using your data for the purpose that consent was granted. You can also contact us at any time to request :

  • Access to any personal data we hold about you.
  • That personal data we hold about you be updated, rectified or blocked.
  • That we delete personal data we hold about you.
  • That we restrict our processing of your personal data.
  • That we provide you or a third party with a copy of certain personal data about you (referred to as the right of “data portability”).
  • That you object to the processing of personal data we hold about you.

There may be situations where it is not possible for us to grant you these rights or we are not required by law to do so. For example, where restricting the processing of your personal data would impede a criminal investigation. As such, the rights described in the bullet points above are not absolute.

Contact Us

If you have questions or concerns regarding the way in which your personal data has been used, please contact our data protection officer, Nick Holzherr, at hi@whisk.com. You can also contact us by post at:

Foodient Ltd. (company number: 08001091)

Attn: Nick Holzherr – Data Protection Officer

55, Colmore Row

Birmingham

B3 2AA. UK

We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection regulator of your country of residence.

Changes to the Policy

We may modify or update this privacy notice from time to time. If we make any revisions that materially change the ways in which we process your personal data, we will notify you of these changes by email.

Updated on 5 February 2019