Our Cookies Policy is set out below, at the end of this Privacy Policy.
PURPOSE OF THIS PRIVACY POLICY
This Privacy Policy aims to give you information on how Chocolate & Co collects and processes your personal data through your use of this website, including any data you may provide through the website when you sign up to receive our marketing material, purchase a product or service or take part in a competition. We do not knowingly collect data relating to children as our website is not intended to be used by children.
It is important that you read this Privacy Policy together with any other privacy notice on our website from time to time so that you are fully aware of how and why we are using your data.
CONTACT DETAILS
Our full details are:
Chocolate & Co is a registered charity in England & Wales - registration number 1209385.
Postal address: Chocolate & Co, 4 Mansfield House, Lowther Street, York, YO31 7NB. You can also contact us through our website
CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES
We may need to update this Policy at any time and without notice and where we do this we will notify you by including pop up boxes on the website and/or emailing our customers. This Policy was last updated on 2nd December 2021.
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us and periodically review your account settings on our website.
THIRD-PARTY LINKS
On occasion we include links to third parties on this website. Where we provide a link it does not mean that we endorse or approve that site’s policy towards visitor privacy. You should review their privacy policy before sending them any personal data.
In order to fulfil your online orders, we do work with third parties and these are listed here with links to their own privacy policies. Royal Mail, DPD, TNT, World Options, Parcel Hero.
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
Identity Data includes first name and last name.
Contact Data means the data we use to contact you including your billing address, delivery address, email address and telephone number.
Financial Data means the data we use to process your payments for your orders including your payment card details. We do not store or process your card details ourselves, they are processed and stored via one of our contracted third party service providers World Pay. We encrypt your payment card details in your browser and securely transfer this data to our relevant third party payment provider to process a payment.
Transaction Data means details about transactions you have made on our website including the payments to and from you along with other details of products and services you have purchased from us.
Technical Data means details about the device(s) you use to access our website including your internet protocol (IP) address, browser type and version, location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile Data includes your username (email address) and password, your login data, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, products and services. This includes your browsing patterns and information such as how long you might spend on one of our webpages and what you look at and for on our website, and page interaction information such as scrolling, clicks and mouseovers.
Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, where you do not provide suitable delivery instructions to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity Data, Contact Data, Transaction Data, Profile Data, Financial Data and Marketing and Communications Data by using our website, filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you;
purchase a product or service (including gift cards) through our website;
create an account on our website;
request marketing to be sent to you;
enter a competition;
give us some feedback.
Automated technologies or interactions. As you interact with our website, we may automatically collect Usage Data and Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.
DISCLOSING YOUR INFORMATION
We will not disclose your personal information to any other party other than in accordance with this Privacy Policy and in the circumstances detailed below:
In the event that we sell any or all of our business to the buyer.
Where we are legally required by law to disclose your personal information.
To further fraud protection and reduce the risk of fraud.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. We use the information that we collect from you to provide our products to you. In addition to this we may use the information for one or more of the following purposes: –
To provide information to you that you request from us relating to our products.
To provide information to you relating to other products that may be of interest to you. Such additional information will only be provided where you have consented to receive such information for example via our competition page.
To inform you of any changes to our website, services or goods and products. -If you have previously purchased goods from us we may provide to you details of similar goods or services, or other goods and services, that you may be interested in. Where consent has been provided it can be withdrawn by you at any time.
UPDATING YOUR PREFERENCES
You can ask us to stop sending you marketing messages at any time by logging into your account and adjusting your marketing preferences, by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, or related correspondence, and we will continue to process such data in accordance with this Privacy Policy and only ever as permitted by law.
COOKIES
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our <a href=”https://www.choc-affair.com/help/cookie-policy/”>Cookies policy</a>.
DISCLOSURES OF YOUR PERSONAL DATA
We require all third parties to respect the security of your personal data and to treat it in accordance with the legal requirements.
DATA SECURITY
You acknowledge that the Internet is not a completely secure medium for communication and, accordingly, we cannot guarantee the security of any information you send to us (or we send to you) via the Internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, details of your orders will be kept for as long as we need to retain that data to comply with our legal and regulatory requirements. This is generally 7 years unless the law prescribes a longer period.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
YOUR LEGAL RIGHTS
In accordance with the GDPR December 2021 you have the right to access any information that we hold relating to you. We are obliged to disclose all personal information we hold on you within 30 days of your request.
EXTERNAL THIRD PARTIES
Cloud storage providers – we use cloud computing platforms that securely store all of our data, including customer details.
Email service providers – in order to send you marketing content and transactional emails, we share your details with our email service providers.
Social Media Platforms – We may make your name and email address available to companies in order to advertise and market our services to you through other platforms on the internet (e.g. Facebook). See the ‘Marketing’ section of this Privacy Policy above.
Analytics tools – we use analytics tools to track the way that users interact with our website.
Payment providers – to facilitate any payments made on our site, we facilitate the sharing of your Financial Data with payment providers.
Delivery providers – to package and mail your orders to you, it is necessary to share your information with delivery providers.
Customer service platforms – when you interact with our customer service team, your details are shared with our customer service platform providers.
Feedback forms – when you make a purchase, we engage a third party to send out feedback forms on our behalf.
Last amended November 2023