1. Who are we?
1.1 At Munch Fit Limited ("we", "us", "our") we are committed to protecting and respecting your privacy, whilst striving to provide the very best user experience. We work very hard to keep your information safe and we want our meal planning services to be safe and enjoyable for everyone. We also recognise that it is important for you to understand how we use your personal information.
1.3 We have a legal duty to protect personal information that we collect under the Data Protection Act 2018 (the “DPA”) and the General Data Protection Regulation (EU) 2016/679, (the “GDPR”). For the purpose of the DPA and GDPR, we (Munch Fit Limited) are the data controller (in other words, the organisation that determines how your personal information is used) and are located at 26 Chase Road, London, NW10 6BB. Our contact details are set out in part 9 below.
2. Personal information we collect, how we use it and our lawful basis for processing
2.1 We may collect and use various types of personal information about you when you use our websites to access our services. Details of this information, together with an overview of the way that we use it and our lawful bases for the processing in each case are set out below:
a) We will collect personal information from you when you make an enquiry about our business on our websites. This includes your name and contact information, details about the particular products that you are most interested in, and any additional information which you voluntarily give to us. We may also collect details about the best time to contact you, your dietary requirements, your postal address, as well as what prompted you to contact us and any other requests or comments that you may make.
We will use this information so that we can provide you with information that you have requested or contact you if you have indicated you want to hear from us. We use your personal information to help us better understand, direct and respond to your enquiries and requests.
- We have a legitimate interest to use your information in this way to make sure that we are able to help provide you with the right services, and to enable us to contact you in the most appropriate and business-efficient manner. Where we rely on our legitimate interests, we'll always ensure that your rights are protected.
Creating an account on our websites and making a purchase
b) If you create an account on our websites we will ask you to provide certain details as part of your account setup. This is likely to include your name and contact details. If you create an account we won't get in touch with you unless you have asked us to. We will use this information to provide you with an account so that you can place orders, manage your subscriptions and contribute to any online discussions or forums that we may provide to you.
- We have a legitimate interest to use your information in this way to make sure that we are able to help you find the right meal plan for you, and to enable us to contact you in the most appropriate and business-efficient manner. Where we rely on our legitimate interests, we'll always ensure that your rights are protected.
c) If you use your account to either set your anticipated subscription preferences (without actually entering into a subscription) or to subscribe to one of our meal plans (including any trial period), we will ask you to provide certain details to enable us to fulfil your order. In addition to the information provided to create your account, this will include your postal address (or the address for which you wish your meals to be sent to), dietary requirements (including relevant allergies), details of any relevant health conditions and (when you make your subscription) your payment details.
If you have subscribed to receive a meal plan from us, we will use this information to help us ensure that you receive the meal plan that you have subscribed to and that it is appropriately tailored to your dietary requirements. If you haven't subscribed for a meal plan, we will retain this information for a reasonable period of time (in accordance with our retention practices as discussed in more detail in part 6 below).
- We collect this information so we can fulfil our contract with you and provide you with the quality of service we strive to provide, where we anticipate entering into a contract with you or where we have a legitimate interest to do so where we believe that you may enter into a contract with us in the future.
We also use this information to analyse and find out more about our general customer base as a whole (and not to find out more about you as an individual) to ensure that the promotions, products and services that we offer are most likely to interest our customers.
- We have a legitimate interest to use your information in this way to make sure that we are providing you with the information that we think is most relevant to you. Where we rely on our legitimate interests, we'll always ensure that your rights are protected.
Websites, marketing and advertising
d) We will collect certain technical information about you when you visit our websites. When using our websites, this is likely to include: the internet domain you use, your IP address or other device identifier, your browser type and version (e.g. Chrome or Internet Explorer), the screen resolution of your device, the dates and times when you access our websites, the full URLs of the pages you visit and the websites or links that you use to access our websites, login information, details of products or services that are viewed, how you interact with our websites (including how you move your mouse) and the length of visits to certain pages of our websites.
We use this information for site management and security purposes (such as troubleshooting and testing) as well as to help us improve our websites. We do not try to identify individual users or their usage habits from this data.
- We collect this information so we can fulfil our legitimate interests as a business to ensure that our websites are fit for purpose and promotes our services appropriately for our customers, including by displaying information that our customers are interested in. We also rely on our legitimate interest in measuring customer satisfaction and troubleshooting any website issues. Where required by law, we may also seek and rely on your consent.
e) We shall use the personal data that you have provided to us to contact you with certain marketing messages (e.g. marketing e-mails) where you have told us you are happy to receive them. We may also use data we collect from you (either directly or via our websites or advertising) to help us to measure the effectiveness of our advertising and to establish what interests you and what doesn't.
- We rely on your consent or our legitimate interests to contact you directly about our offering. In other scenarios in carrying out efficient and appropriate marketing and advertising for our services, we will rely on our legitimate interests, whilst always ensuring that your rights are protected. You can withdraw your consent or opt out of our direct marketing at any time through the 'unsubscribe' option in any marketing email or, if you have an account, via your account settings.
f) We may collect your contact details (and any other information you provide us) when you enter into competitions or promotions, or complete surveys.
- We will rely on your consent or on our legitimate interests (depending on whether we are marketing or carrying out market research), whilst always ensuring that your rights are protected.
g) We may collect details about you, such as your user name, when you engage with us on social media (by mentioning or tagging us in a post or contacting us directly) this is so that we can respond to any comments and queries you have.
- We rely on our legitimate interests to do this as we want to ensure our customers have the best possible experience, whilst always ensuring your rights are protected.
h) Some of our websites will permit website visitors that have an account with us to take part in forum discussions, post on message boards and interact with other users of our website. Where you engage with this functionality, we will process the personal data that you provide us for the purposes of sharing it with other users on our website. Once posted we reserve the right to use the information and comments made on the forum four our own business purposes, including as part of marketing communications.
- We rely on our legitimate interests to provide this functionality as we want to ensure our website users can share their experiences with other users or our website, whilst always ensuring your rights are protected.
Administrative or other business purposes
i) We may collect certain other information that you give us, for example, when you contact us for a particular reason other than those set out above such as to report problems with our websites.
- It is in our legitimate interests as a business to use your data in this way, for example, we have a clear interest in ensuring that our websites work properly and in ensuring that we operate our business efficiently. We will always ensure that your rights are protected.
2.2 As well as collecting personal information directly from you, we also collect some from certain third parties such as Google Analytics.
2.3 As mentioned in part 2.1 above, we may also collect and use certain sensitive personal information about you, namely specific details of any relevant health conditions and special dietary requirements that you may have. We collect this information directly from you to try to ensure that we only provide you with meals that are appropriate for your needs.
3. How we share personal information
3.1 In order to make sure that we run our business efficiently, and to make sure that you get the service that you expect, we will need to share your personal information, from time to time, as necessary, with the following third parties:
b) Prospective buyers of our business or assets, which may include your personal information.
c) Any other third parties if necessary to comply with legal obligations or enforce agreements, such as with law enforcement agencies, regulatory bodies or public authorities in order to prevent or detect crime. We will only ever disclose your personal data to these third parties to the extent we are required to do so by law.
d) Any other third parties if this is necessary to protect our or your rights, property, or safety and/or those of others.
3.2 We do not share your personal information with third parties for them to use for the purposes of sending you marketing information or for those third parties to use your information for their own purposes, unless you have given us permission to do so. You can withdraw your consent or opt out of receiving marketing communications from third parties at any time through the 'unsubscribe' option in any marketing email.
4. Where we transfer and store personal information
4.1 From time to time we may process (or ask or permit a third party to process) your personal information outside of the UK and the European Economic Area (EEA) where local laws may not provide legal protection for your information in the same way as is applicable in the UK or the EEA.
4.2 Whenever we send (or permit a third party to send) your personal data outside of the UK and the EEA, we will make sure that we take steps necessary to protect your data as required by applicable laws. For example, we may require the overseas recipient to enter into particular contract terms, or we will make sure that the information that we give to them will be limited to what is needed to perform our contract with you.
4.3 If you wish to learn more about the safeguards in place to protect your personal information when we transfer it outside of the UK and the EEA, please contact us using the details in part 9 below.
5. Security of your personal information
We take the security of your information very seriously and have put physical, technical, operational and administrative strategies, controls and measures in place to help protect your personal information from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. We will always keep these under review to make sure that the measures we have implemented remain appropriate.
6. Retention of personal information
We will keep your personal information for limited and appropriate periods of time only and the applicable retention periods will always be linked to our purposes for processing your personal information. This means that the retention periods will vary according to the type of personal information. If you need more information on this, please contact: firstname.lastname@example.org
7. Your rights in your personal information
7.2 You have the right:
- to ask us not to use your personal data for direct marketing purposes;
- to ask to see what personal data we hold about you and to find out about the way that we process the data (and in some circumstances, you can ask us to provide a copy to a third party);
- to ask us to correct or update any personal data which is inaccurate;
- to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to use it;
- to ask us to temporarily stop using your data if you don't believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it; and
- not to be subject to decisions made solely on the basis of 'automated processing' (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.
8. Changes to our policy
9. Contact and complaints