Effective Date: 09/08/2018 (Version 2.2)
Who are we?
- We are SCA Investments Limited trading as "Gousto". We own and operate this website/app. Please contact us if you have any questions or feedback about this Privacy Statement : click here.
What’s the point of this Privacy Statement?
- This Privacy Statement tells you how we deal with your "personal data" (i.e. technical term for information about any identified or identifiable living person). Please read on to find out what kinds of personal data we collect, how we use and protect it, who we share it with, how long we keep it for and how you can access and rectify it.
- Please do not use our website or apps unless you are completely happy with this Privacy Statement.
Might the Privacy Statement change?
- It may well do. Whenever we have updated our Privacy Statement, we willl alert you via email. Please take that opportunity to re-read it. We will assume you agree to the revised Privacy Statement if you use the website or apps after the effective date shown at the top of the Privacy Statement.
What personal or other data do we collect?
- We collect and store the information which you give us via forms on our website or apps - such as your name, address, email address, phone number (“contact data”) - or when communicating with us by email, or in some other way.
- We also collect and store your IP address (“customer behaviour data”) to improve your shopping experience by suggesting suitable products for you, based on previous purchases, or recipes looked at.
- We collect your bank card details (payment information) in order to process payments and refunds.
- We collect survey data (biannual survey, NPS, etc.) which can include household makeup (number or kids and age bracket), age (bracket not birthday), gender and food preferences/allergies in order to understand how we are serving different types of customers and what we need to do to improve their experience.
- Under GDPR, we will use the lawful basis of “contractual”, where we use contact and payment data to fulfil orders. When we use contact, survey, or customer behaviour data for marketing reasons, the lawful basis will be “consent”, or “legitimate interest”. If you would like further information, please contact us using the details within this privacy statement.
How do we use your personal data?
- We use “contact data” to provide our services : e.g. send service messages, communicate to you about your account/orders and to fulfil orders.
- If you have given permission, we may use your “contact data” to send you marketing emails, mails, calls or SMS with details of our, or third party goods or services which may be of interest to you, including information about special offers or promotions.
- We use “payment information” to process payments and refunds.
- If you supply us with a friend’s email address for the "Refer A Friend" programme, we will use that email address only to send a special offer to your friend. We will provide your name in the offer email to your friend, so that they know where we dot their contact details from.
- We may use information we collect on you to recommend you recipes and to improve our service for you and other customers.
- We retain your data during a period of 36 months months after the last order. We do that in order to comply with legal obligations, enforce our terms and conditions, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations and take other actions as permitted by law.
How do we protect personal data?
- Security is a high priority for us. We take appropriate precautions to protect personal data. We will make every effort to look after your data and treat it with the respect it deserves.
- Your data will be transferred, stored and/or processed outside the EEA as our suppliers sometimes operate from outside of the EEA. We will only transfer your data outside of the EEA in compliance with data protection laws and provided appropriate or suitable safeguards are in place to protect your data, these being either Standard Contractual Clauses, Binding Corporate Rules (including the Mastercard Binding Corporate Rules) or, in the case of transfers to the US, a Privacy Shield certification. Please contact us if you would like details of the appropriate safeguards.
To whom do we disclose personal data?
- We may allow access to your personal data by third parties who supply us with a service. Examples include e-commerce platform providers, couriers (to enable delivery of goods), website hosts, content delivery networks and businesses which assist us in undertaking communications, monitoring, testing or improving our website
- We may share your payment information (including your email address) with SagePay, checkout.com and First Data (our payment gateway and providers) in order to process the payments of your orders and any potential refund.
- Your personal data may be supplied by our payment partners to relevant third parties including credit reference and fraud prevention agencies, who may keep a record of that information.
- If you choose to opt-in to receive third party communications from selected partners, your personal data will be shared to relevant third parties to allow you to receive tailored communications about products that may be of interest to you.
- We share the data with our partner Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
- We may disclose your contact details to Trustpilot to enable it to email you inviting you to leave a review on our site.
- We may disclose personal data so far as reasonably necessary if we have reason to believe that it breaches our terms and conditions, or that such steps are necessary to protect us or others, or that a criminal act has been committed, or if there has been a complaint about content posted by you, or if we are required to do so by law or appropriate authority.
How to access and control your information?
- You have the right to request a copy of your information, to rectify your information, to opt out from marketing communications and to request the deletion of your information. Below, we describe the processes for making these requests.
- Update/rectify your information: You can easily correct/change the following personal information on “My Details” page by logging in to your account on our website or apps:
Alternatively you can contact us : click here.
- first name and last name
- phone number
- email address
- delivery address
- billing address
- payment details
- Opt out of marketing communications: You can easily change your change your marketing permissions on "My Details" page, under "My communication preferences" section by logging in to your account on our website or apps.
- Access your information: You have the right to request personal data that we hold about you, subject to us reserving the right to withhold such data to the extent permitted by law. Contact our Customer Care team for this request : click here
- Delete your information: You have the right to request to delete all the personal data that we hold about you. Contact our Customer Care team for this request : click here
- If you wish to contact us about anything to do with your data and Gousto, please contact us : click here
- For information about your rights under UK data protection laws, see the website of the UK Information Commissioner.
- You can report any concern to the ICO by cliking here.
- We are registered with the Information Commissioner’s Register of Data Controllers under number ZA029698.