Why and on what legal basis do we process personal data?If you are a HelloFresh customer, create an account with us, participate in competitions or promotions or otherwise contact us, we will receive your personal data.
We collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data may include first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data may include billing address, delivery address, email address and telephone numbers.
Financial Data may include bank account and payment card details.
Transaction Data may include details about payments to and from you and other details of products and services you have purchased from us.
Technical Data may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile Data may include your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data may include information about how you use our website, products and services.
Marketing and Communications Data may include your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We generally process data on the following legal bases:
6.1a GDPR, if you give us your explicit consent for data processing, e.g. if you are a prospective customer we may need your consent to send you marketing emails;
6.1b GDPR, if we are acting to fulfil our contractual obligations, e.g. if we use your email address to confirm the delivery date for your next cooking box;
6.1c GDPR, if we are acting to fulfil legal obligations, e.g. if we check your age and your identity before the conclusion of a contract or to prevent fraud;
6.1f GDPR, if we process your data due to a legitimate interest of ours or a third party’s, e.g. if we use your email address to send you our newsletter for direct advertising purposes, where we provide your data to third parties (as outlined below) or for optimising our website’s advertising design.
You have the right to object to use of your personal data for our legitimate business interests. If you do object, we will have an opportunity to demonstrate that there are compelling legitimate grounds which override your rights and freedoms or that processing is necessary for the establishment, exercise or defence of legal claims.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Data processing by HelloFresh