Updated on 13 Dec 2019
This privacy notice (our "Policy") describes how Foodient Ltd. (a UK company) ("Whisk" “we”, “our” or “us”) collects and processes your personal data. How we use your personal data will depend on the particular service we are providing and the nature of your relationship with us.
If you are a representative of a company (a "Business Representative") who accesses our services via the website www.whisk.com or has a commercial relationship with us (a "Partner"), then we may collect your contact details (and limited other personal data about you). This data may be used by us in order to administer our relationship, provide you with access to our services and systems, and send you our regular newsletter. Any information provided in this Policy that is relevant for our Business Representatives is marked as such.
If you are an individual (a "Consumer") who accesses our services via our website, my.whisk.com through any of our Partners' websites or through our mobile application, "Whisk Shopping List & Recipes" (the "Application"), then we may collect personal data that fall within various categories (see our "Data we collect" section). The purposes for which we may use your data are described in the "How we use your data" section. All information provided in this Policy, unless otherwise specified, is relevant to our Consumers.
This Policy applies to all personal data we collect or process about you in the context of your use of our services. Whisk is the data controller for the processing of personal data.
Data we collect
We may collect the following personal data from you:
- Contact details
- Authentication data
- Profile information, if you setup an account with us
- Information you voluntarily provide about yourself, such as food, dietary, and nutritional preferences
- Data relating to your use of our services
- Your device's geo-location when accessing our services
- Grocery data
How we collect your data
We collect some of the personal data described above directly from you for a number of different purposes, as detailed in the "How we use your data" section below. We also collect your personal data indirectly via the websites of our Partners who have integrated our platform (i.e., the shopping list function) in order to provide you with a seamless food shopping experience and from any social media sites through which you access our services.
In addition, we collect personal data about you via automated means, such as from cookies and similar tools as you use our services.
A cookie is simply a piece of text, which can be placed on the browser of your personal computer or mobile device and subsequently read as you visit a website. Some of the cookies we deploy are necessary to provide certain functions through our website and Application, whereas others (such as those which relate to targeted advertising) are not. You have a choice about whether or not to accept these non-essential cookies.
How we use your data
We may use the data you provide to us for the following purposes:
- Provide you with our services and maintain them
- Perform data analytics to understand food trends, build a profile of your preferences and improve our services
- To make suggestions about recipes and products that we think will match your preferences
- Provide targeted advertising to you
- To send you news, special offers and marketing
- To send our Business Representatives our newsletter
- Assist you in purchasing groceries from selected retailers
- Review and improve our services
- Provide Business Representatives with access to third party services provided to us
- Defend ourselves against legal claims
For example, when you select a recipe from a website belonging to one of our Partners, you will be able to log into your account with us and create a shopping list via our integrated platform. If you decide to buy the items on your list, then we will transfer your selected grocery products for purchase to the third party grocery website of your choice, using Authentication Data to verify your identity and your Location Data to suggest appropriate grocery retailers.
Please see the table below for further detail on each of these purposes.
We sometimes process your personal data using a combination of machine learning and other AI techniques to evaluate information about you that we receive from the sources described under our "How we collect your data" section above. This is known as profiling and it helps us to build our understanding of your preferences in order to provide you with the best service we can. For example, we may analyse information relating to your purchases of a particular product to suggest similar products that you may be interested in buying via targeted advertising.
Depending on the purpose for which we are using your data, we may rely on various legal grounds for processing. In some cases, we will seek your explicit consent, in others we may rely on our legitimate interests or it may be necessary in order to perform our contract with you.
How long we keep your data for
We will retain your personal data for as long as required to fulfil the purpose for which the data were collected, having regard to a range of applicable criteria, including the on-going relationship we have with you, the completion of the purpose for which the data was originally given, our own legal obligations and requirements, the type and size of the data held or our accounting requirements in relation to the data. For example, we will retain the Contact Details that you provide when you open an account via our Application until you choose to delete your account. We may then in any event need to retain those Contact Details for a period in order to defend ourselves against legal claims.
We use session and long-lived cookies on our websites and Application. Personal data that are collected by session cookies that are strictly necessary for purposes relating to fundamental website or Application functionality will be retained for a matter of minutes. Personal data that are collected by long-lived cookies may be retained for up to two years, depending on the purpose.
We will delete personal data once the relevant retention period expires. After such date, you will not be able to exercise some of your rights over your personal data that are described below. In general, we keep the length of time that we hold your personal data for under review. These reviews take place annually.
Who we share your data with
We may share your personal data with third parties under the following circumstances:
- Service providers: we may share your personal data with service providers who perform services on our behalf, including assisting us with data analytics, IT management, hosting and improving our services. For a full and maintained list of our service providers, please click here. You can find more detail on the types of services these third parties provide to us [by clicking] "Further Information" at the end of this section.
- Partner companies: this includes grocery retailers, recipe publishers, digital health applications, social media sites, providers of 'internet of things' technologies and third party advertising networks who advertise on our website. For a full and maintained list of our Partners, please click here.
- Restructuring: we may share your personal data during the course of business negotiations and transactions (for example, an acquisition, merger or financing) to the extent necessary to facilitate the restructuring.
- Where required by law: we may share your personal data with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
Where we might send your data
Your personal data may be transferred to and processed in a country that is not regarded as providing the same level of protection for personal data as the laws of your home country, including, for example and without limitation to the United Kingdom and the United States.
Where possible, we have sought to put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to provide adequate protections for your personal data. For more information on the appropriate safeguards in place and to obtain a copy of such safeguards, please contact us at the contact information set out below.
How we keep your data secure
We engage Google Cloud to store your personal data within the European Economic Area ("EEA"). We have also implemented appropriate technical and organisational controls to ensure that your personal data are processed securely, such as encryption and authentication during transfer. However, no method of transmission over the internet or of electronic storage is fully secure, and as such, we cannot guarantee its absolute security.
Further information on how we keep your personal data secure can be found in our security policy.
Your rights over your personal data
You can withdraw any consent you have given us at any time and we will stop using your data for the purpose that consent was granted. You can also contact us at any time to request :
- Access to any personal data we hold about you.
- That personal data we hold about you be updated, rectified or blocked.
- That we delete personal data we hold about you.
- That we restrict our processing of your personal data.
- That we provide you or a third party with a copy of certain personal data about you (referred to as the right of “data portability”).
- That you object to the processing of personal data we hold about you.
There may be situations where it is not possible for us to grant you these rights or we are not required by law to do so. For example, where restricting the processing of your personal data would impede a criminal investigation. As such, the rights described in the bullet points above are not absolute.
If you have questions or concerns regarding the way in which your personal data has been used, please contact our data protection officer, Nick Holzherr, at [email protected] You can also contact us by post at:
Foodient Ltd. (company number: 08001091)
Attn: Nick Holzherr - Data Protection Officer
55, Colmore Row
B3 2AA. UK
We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection regulator of your country of residence.
Changes to the Policy
We may modify or update this privacy notice from time to time. If we make any revisions that materially change the ways in which we process your personal data, we will notify you of these changes by email.
Updated on 5 February 2019