1. Introduction

1.1 This privacy notice (the “Privacy Notice”) explains our approach to our processing of your personal data which is any information relating to you (including by reference to identifiers associated with you or any device that you use to access our websites)  in connection with the provision of www.johnwhaite.com and www.johnwhaiteskitchen.com (“Websites”) and/or the provision of our products and/or services including those that we make available via those Websites (“Products and Services”).

1.2 Please take a moment to read this Privacy Notice as it provides you with important information about your personal data, including the rights you have in relation to it.

1.3 We will use reasonable endeavours to ensure that any changes we make to this Privacy Notice in the future will be posted on the Websites and, where we have collected the relevant contact details, notified to you by email. Please check this page frequently to see any updates or changes to our Privacy Notice.

2. About us

This Website and our Products and Services are made available by Flour & Eggs Ltd (“we”, “us”, “our”). We are an English company (No: 08099790) with its registered office at Tunley Hall, Tunley Lane, Wrightington, Wigan, Lancashire, WN6 9RJ.  We are registered as a controller with the Information Commissioner’s Office.

3. How we collect and receive personal data

1.1 We collect and receive personal data using different methods:

(a) Personal data you provide to us. You may give us your personal data directly, for example, when you purchase products on our Websites contact us with enquiries, complete forms on our Websites, subscribe to receive our marketing communications or provide feedback to us.

(b) Personal data we collect automatically, including through cookies and other similar technologies. When you access and use our Websites, we may collect personal data automatically, including through our use of cookies and other similar technologies.

(c) Personal data received from third parties. We may receive personal data from third parties. Such third parties may include analytics providers, data brokers, third party directories and third parties that provide technical services to us so that we can provide our Websites and our Products and Services.

(d) Publicly available personal data. From time to time, we may collect personal data that is available from public sources (including media publications) or that you or a third party may otherwise publish (for example on websites or posts on social media platforms).

4. Personal Data we hold about you

1.1 We may collect the following types of personal data about you::

(a) Identity Data: such as full name; username or password;

(b) Contact Data: such as address and post code; telephone number; e-mail address; social media handle;

(c) Financial Data: such as payment information (e.g. credit card number and billing address);

(d) Transaction Data: details about payments made between you and us; details of products purchased from us;

(e) Profile Data: such as dietary requirements, accessibility requirements, information provided by you in your communications with us; information provided by you in our surveys, marketing and communications preferences; and

(f) Behavioural Data: such as data relating to your browsing activity or interaction with our emails, obtained through the use of cookies, pixel tags and other similar technologies; information about the referring URL (the webpage or other source that you were previously on before you reached our  Website); information about your use of our Website, such as pageviews and events; information about when your current or previous sessions started; details about any products you viewed or purchased through the Website;

(g) Technical and Usage Data:  such as information about your device when you access our Website including: IP address; browser type; operating system; MAC address; device manufacturer and model; device UDID/Android ID number; device IMEI number.

5. Our processing activities

We process your personal data for the following purposes:

(a) to provide our Websites including improving the content on our Websites to customise the content and/or layout of our Website pages to suit your needs and protect against misuse of our Websites;

(b) to provide you with Products and Services including processing your order and dealing with refunds;

(c) to deal with customer services and enquiries, carry out surveys and obtain feedback and promotional material;

(d) to carry out our promotional and marketing activities (see further below);

(e) to carry out insight and analysis; and

(f) for business administration and legal compliance purposes.

For more information about these processing activities and our lawful basis for such processing, please see our Details of Processing Activities Section at the end of this Privacy Notice.

6. Marketing

6.1 We may from time to time use your personal data to send our marketing communications to you by email.  If you do not want to receive an email from us in the future, please let us know by sending us an email at the above address or writing to us at the above address.

6.2 If you supply us with your postal address on-line, we may, with your consent, send periodic mailing to you with information on our new products and services or upcoming events. If having given your consent, you change your mind and do not want to receive such mailings from us in the future, please let us know by sending us an email at the above address, calling us at the above telephone number or writing to us at the above address.

6.3 If you supply us with your telephone number, we may, with your consent, contact you by telephone to give you information on our new products and on our new products and services or upcoming events. If having given your consent, you change your mind and do not want to receive such telephone calls from us in the future, please let us know by sending us an email at the above address or writing to us at the above address.

6.4 From time to time and where you have given us permission to do so , we make your email address available to other reputable organisations whose products or services we think you might be interested in. If having given your consent, you change your mind and do not want to us to share your email address with other reputable organisations in the future, please let us know by sending us an email at the above address, calling us at the above telephone number or writing to us at the above address.

6.5 When contacting us to opt out of any marketing communication, please ensure that you provide us with accurate details of your name, address, e-mail and/or telephone number (as applicable) so that we can make an accurate record of your request and cease the applicable marketing communications.

7. Social Media Retargeting

7.1 Like many small businesses, we may from time to time wish to display advertising on social media platforms.  In order to do this, we  may share your email address (usually in an encrypted or ‘hashed’ form) with the relevant social media platform to enable them to “match” your data with the data of their registered users of the respective platform. Where there is a successful match, we will display our advertising to you when you use the relevant platform. This is known as “custom audience” advertising, because we “customise” the audience that we want to reach on the relevant service. We will only share your personal data with the third-party providers of the social media platforms, so that we can advertise our Products and Services to you when you use those Platforms, where you have provided your consent.

7.2 In some circumstances, we may ask the social media platform to serve our advertising on users who “look like” our matched users (in other words users who share similar interests and characteristics to our existing customers.  This “matching” be based on information that the social media platforms has on its registered users. This is known as “lookalike” audience advertising because we are trying to show our advertising to people who “look like” you.

7.3 It is in our legitimate interests to share your personal data with the relevant social media platforms so that we can advertise our Products and Services to other individuals that use those services and share similar interests and characteristics with you. You can opt-out of our sharing of your personal information with the third-party providers by exercising your rights as a data subject as set out below.

7.4 Please also note that the activities mentioned above are also subject to the privacy choices you have elected to make on such social media platforms.

8. Disclosure of your Personal Data

8.1 We only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.

8.2 When processing your personal data, we may need to share it with third parties (including other entities within our group of companies), as set out below. This list is non-exhaustive and there may be circumstances where we need to share personal data with other third parties.

(a) Third-party suppliers who provide applications/ functionality, data processing or IT services: We share personal data with third parties who support us in providing our Website and help provide, run and manage our internal IT systems.

(b) Payment providers and banks: We share personal data with third parties who assist us with the processing of payments and refunds.

(c) Delivery and courier companies. We share personal data with suppliers who assist us in the delivery of our Products and Services to our customers.

(d) Advertising partners. We share personal data with third party advertising partners, This data is used to provide you with, and measure the effectiveness of, online personalised advertising and for other advertising related activities.

(e) Third-party post/email marketing and CRM specialists. We share personal data with specialist suppliers who assist us in managing our marketing database and sending out our post and email marketing communications and account-related communications.

(f) Auditors, lawyers, accountants and other professional advisers. We share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in.

(g) Law enforcement or other government and regulatory agencies and bodies. We share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation.

(h) Other third parties. Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.Transfers outside the UK and the European Economic Area (“EEA”)[1]

8.3 Where necessary in order to provide our Website and our Products and Services, we may transfer personal data to countries outside the UK and the EEA.

8.4 Non-EEA countries do not have the same data protection laws as the UK and the EEA. In particular, non-EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the UK or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data. We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.

8.5 When transferring your personal data outside the UK or the EEA, we will, where required by applicable law, implement at least one of the safeguards set out below. Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside the UK or the EEA.

(a) Adequacy decisions: We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or the UK Government (as applicable).

(b) Standard contractual clauses: Where we use certain service providers, we may use specific standard contractual clauses approved by the European Commission and/or the UK Government which give personal data the same protection it has in Europe and/or the UK.

9. Transfers outside the UK and the European Economic Area (“EEA”)[1]

9.1 Where necessary in order to provide our Website and our Products and Services, we may transfer personal data to countries outside the UK and the EEA.

9.2 Non-EEA countries do not have the same data protection laws as the UK and the EEA. In particular, non-EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the UK or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data. We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.

9.3 When transferring your personal data outside the UK or the EEA, we will, where required by applicable law, implement at least one of the safeguards set out below. Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside the UK or the EEA.

(a) Adequacy decisions: We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or the UK Government (as applicable).

(b) Standard contractual clauses: Where we use certain service providers, we may use specific standard contractual clauses approved by the European Commission and/or the UK Government which give personal data the same protection it has in Europe and/or the UK.

10. Cookies

10.1 We use cookies on our Websites for identification, analysis and advertising purposes. By using the Websites you consent to the storing and accessing of cookies on your device. To find out more about the cookies we use and how to set your preferences please see our Cookies Policy [insert link].

11. Information security

11.1 We have appropriate security measures in place to protect against the loss, misuse or alteration of your Information that we have collected from you on our Websites.  However, as transmission of Information via the internet is not completely secure and we cannot guarantee the security of your Information.  Any transmission of your Information is at your own risk.

12. How Long do we keep your Personal data?

12.1 We will only keep your personal data for as long as necessary.  For example, in respect of personal data that we process in connection with the supply of our Products and Services, we may retain your personal data for up to six years from the date of supply of the relevant Products and Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.

12.2 If any personal data is only useful for a short period (e.g. for a specific activity, promotion or marketing campaign), we will not retain it for longer than the period for which it is used by us.

12.3 If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future. However, we will not use this personal data to send you further marketing unless you subsequently opt back in to receive such marketing.

13. Third-party links

This Privacy Notice only applies to personal data processed by us through your use of our Websites and/or in connection with our business operations. However, from time to time, our Websites may contain links to third-party websites and services. We have no control over these websites and services and this Privacy Notice does not apply to your interaction with the relevant third parties.

14. Personal data of minors

While our Websites, Products or Services are not intended for use by, or targeted at, minors (individuals under the age of 18), we may from time to time collect personal data of minors.  Accordingly, we will comply with all applicable laws and regulations relating to the processing of personal data of minors.

15. If you fail to provide your personal data

Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Products and Services you have requested from us or to process an application to register an account. In these circumstances, we may have to cancel the provision of the relevant Products and Services to you, in which case we will notify you

16. Your rights as a data subject

16.1 You have certain rights in relation to the personal data we hold about you. These rights include the right: (i) to obtain copies of your personal data; (ii) to have your personal data corrected or deleted; (iii) to limit the way in which your personal data is used; (iv) to object to our use of your personal data; (v) to transfer your personal data; (vi) not to be subject to decisions based on automated processing (including profiling); and (vii) to complain to a supervisory authority. If you would like to exercise any of these rights, please email us at hello@johnwhaiteskitchen.com.

16.2 If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please email us at hello@johnwhaiteskitchen.com.

16.3 You can also report any issues or concerns to a national supervisory authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

16.4 As we are incorporated in the United Kingdom, our regulatory authority is the Information Commissioner’s Office (“ICO”). Contact details for the ICO can be found on its website at https://ico.org.uk.