This Privacy Policy describes how your Personal Information is collected, used, and shared when you visit or make a purchase from http://www.boxofprotein.co.uk (the “Site”).

  1. Our privacy principles
  2. Personal information we collect
  3. How we use your Personal Information
  4. Sharing your Personal Information
  5. Where we store and process your data
  6. Retention periods
  7. Your rights
  8. Children’s Privacy
  9. Amendments
  10. More information
  11. Our Legal Organisation Details
  12. User Experience Tracking
  13. Cookie Policy

 

Our Privacy Principles

Personal Information you provide is processed fairly, lawfully and in a transparent manner

Personal Information you provide is collected for a specific purpose and is not processed in a way which is incompatible with the purpose which Box of Protein collected it

Your Personal Information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed

Your Personal Information is kept accurate and, where necessary kept up to date

Your Personal Information is kept no longer than is necessary for the purposes for which the Personal Information is processed

We will take appropriate steps to keep your Personal Information secure

Your Personal Information is processed in accordance with your rights

We will only transfer your Personal Information to another country or an international organisation outside the European Economic Area where we have taken the required steps to ensure that your Personal Information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards

We do not and will not sell your Personal Information

Personal Information we Collect

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”

We collect Device Information using the following technologies:

“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, see Cookie Policy

“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

“Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.

Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, email address, and phone number. We refer to this information as “Order Information.”

This does not include your credit card number or billing information. Transactions on the Box of Protein Site are processed by Shopify Payments, Amazon Payments and PayPal on their servers and are subject to their privacy policies;

  • Shopify Payments see here https://www.shopify.com/legal/privacy
  • Amazon Payments see here https://pay.amazon.co.uk/help/201751600
  • Paypal see here https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

We do not store any of the credit card or banking information that you provide to these payment processors.

When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.

How we use your Personal Information

We use the Order Information that we collect to fulfil orders placed through the Site (including processing your payment information, arranging for shipping, providing you with invoices and/or order confirmations, and sending follow-up emails). Additionally, we use this Order Information to:

Communicate with you;

Screen our orders for potential risk of fraud;

Provide customer support and assistance; and

When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.

We use the Device Information that we collect to

Improve and optimize our Site by generating analytics about how our customers browse and interact with the Site;

Assess the performance of our marketing campaigns;

Improve the accuracy of search results;

Provide personalised product recommendations on the website and, if you have consented to this, via email

Gather feedback about the performance of the website and our products and services

Provide tailored advertising on other websites based on your activity on our website

Sharing your Personal Information

We may share your Personal Information with third parties as follows:

1) To perform our contract with you

We share some Personal Information with third parties in order to perform our contract with you, including your name, address, email address and telephone number. This will be shared with the payment processor who processes your payment, currently either Shopify Payments, Amazon Payments or Paypal, and the logistics partners who fulfil your order (currently Royal Mail, Parcel Force, EVRi, DPD). If you wish to shop from our store, it is not possible to opt out of providing this information as it is required to fulfil your order.

2) To pursue our legitimate commercial interests

We may also share your Personal Information with third parties when this processing enables us to pursue our legitimate commercial interests in understanding and improving our website and services and where these interests are not outweighed by risks to your data rights.

We use Google Analytics to help us understand how our customers use our Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

To guard against fake reviews and give you confidence that reviews shown on our site are genuine we use two independent third parties - Loox and Google - to collect and publish product and service reviews on our behalf. You can choose whether or not you would like to receive Google review requests on an order-by-order basis using the dialog box at the conclusion of our checkout process.

We share your name, email address and the products you purchased with Loox, who will send you an email on our behalf asking you to complete a review. Please see Loox’s privacy policy for more information on how Loox uses the reviews you submit https://loox.app/legal/privacy-policy-merchants. If you do not wish to receive these feedback requests, you can opt out of Loox reviews using the opt-out link at the bottom of their emails.

We use a third party search provider to improve the quality of search results on our website search feature. In order to do this, search queries and the resulting pages clicked are shared with the provider. Users IP addresses may also be shared in order to improve search accuracy.

We may share your personal data in the form of hashed mobile numbers and email addresses with certain social media and search engines. We do this to show you advertising and products that might interest you when browsing the internet. These platforms include but are not limited to: Facebook, Instagram, TikTok, Twitter, Youtube, Pinterest, Google.

3) When we have your consent to do so

If you have given us permission to send you marketing emails, by ticking the box at checkout, signing up to our newsletter or entering a competition which included a newsletter opt-in, then we may also share your email address with our email service providers Klaviyo, JudgeMe and Loox who send marketing emails on our behalf.

4) To comply with legal obligations

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive. This includes age verification services for purchases that require you to be over the age of 18.

Where we store and process your data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“) for our own administration purposes. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. Whenever we transfer your data outside the EEA, we ensure that a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

We will only transfer your Personal Information to countries that have been deemed to provide an adequate level of protection for Personal Information by the European Commission.

Where we use providers based in the USA, we ensure that they are part of the US-EU Privacy Shield (for which see https://www.privacyshield.gov/welcome); and

Where we use other providers we will ensure that the data transfers are subject to the EU Model Contract Clauses for the transfer of Personal Information to third countries (for which see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en)

Retention periods

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

Your rights

You have certain rights with respect to your Personal Information, including those set out below. For more information about these rights, or to submit a request, please email hello@boxofprotein.co.uk. Please note there are certain circumstances in which we cannot fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Information, if necessary to verify your identity and the nature of your request.

Access: You can request more information about the Personal Information we hold about you and request a copy of such Personal Information;

Rectification: If you believe that any Personal Information we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly in the ‘My Account’ section of our website;

Erasure: You can request that we erase some or all of your Personal Information from our systems;

Withdrawal of Consent: If we are processing your Personal Information based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time;

Portability: You can ask for a copy of your Personal Information in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible;

Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Information for certain purposes, such as for direct marketing purposes;

Restriction of Processing: You can ask us to restrict further processing of your Personal Information.

Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Information with the supervisory authority of your country or EU Member State. The supervisory authority in the UK is the ICO.

Children’s Privacy

We do not knowingly collect or solicit Personal Information from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Information, please contact us at hello@boxofprotein.co.uk

Amendments

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

More information

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at hello@boxofprotein.co.uk or by using the details provided below:

Box of Protein Ltd, 10 Merthen Grove, Milton Keynes, MK4 3AX

Our Legal Organisation Details

Box of Protein Ltd, 10 Merthen Grove, Milton Keynes, MK4 3AX with Company Registration Number 14387365

User Experience Tracking

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

Cookie Policy

We use your IP address to help diagnose problems with our server, to analyse traffic patterns on the website. We also use cookies and similar technologies such as pixel tags, web beacons and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser and tell us how and when you visit and use our Site, to analyse trends, learn about our user base and operate and improve our website and product range. For example, we use Cookies to deliver content specific to your browsing history, to personalise product recommendations, and to track whether emails we send you have been viewed. Cookies are small files – usually consisting of letters and numbers – placed on your computer, tablet, phone, or similar device when you use that device to visit our Site. We sometimes combine information collected through Cookies that is not Personal Information with Personal Information that we have about you, for example, to tell us who you are or whether you have an account with us. We may also supplement the information we collect from you with information received from third parties.

Cookies can either be “session Cookies” or “persistent Cookies”. Session Cookies are temporary Cookies that are stored on your device while you are visiting our Site or using our Services, whereas “persistent Cookies” are stored on your device for a period of time after you leave our Site or Services. The length of time a persistent Cookie stays on your device varies from Cookie to Cookie. We use persistent Cookies to store your preferences so that they are available for the next visit, and to keep a more accurate account of how often you visit our Services, how often you return, how your use of the Services may vary over time. We also use persistent Cookies to measure the effectiveness of advertising efforts. Through these Cookies, we may collect information about your online activity after you leave our Services. Your browser may offer you a “Do Not Track” or “DNT” option, which allows you to signal to operators of websites, and web applications, and services that you do not wish such operators to track certain of your online activities over time and across different websites. Because we collect browsing and persistent identifier data, the Services do not support Do Not Track requests at this time, which means that we may collect information about your online activity both while you are using the Services and after you leave our properties.

Some Cookies are placed by a third party on your device and may provide information to us and third parties about your browsing habits (such as your visits to our Site or Services, the pages you have visited and the links and advertisements you have clicked). These Cookies can be used to determine whether certain third party services are being used, to identify your interests, to retarget advertisements to you and to serve advertisements to you that we or others believe are relevant to you. We do not control third party Cookies.

We use the following types of Cookies:

  • Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Site or Services. Disabling these Cookies may make certain features and services unavailable.
  • Functionality Cookies. Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
  • Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors use our Site and Services such as by collecting information about the daily number of visitors to the Services, the daily requests we receive for particular files on the Services, and what geographical areas those requests come from. These aggregated statistics are used internally to better provide services to the public and may also be provided to others. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google, Inc. (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt out of Google's use of cookies by visiting the Google advertising opt-out page at https://www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.
  • Retargeting/Advertising Cookies. Retargeting/Advertising Cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you. For more information about this, please see the section below titled “Third Party Advertising”. Box of Protein also uses cookies to help keep track of items you put into your shopping cart including when you have abandoned your cart and this information is used to determine when to send cart reminder messages via SMS.

You can decide whether or not to accept Cookies. One way you can do this is through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your computer. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some Services and functionalities may not work.

To explore what Cookie setting are available to you, look in the “preferences” or “options” section of your browser’s menu. To find our more information about Cookies, including information about how to manage and delete Cookies, please visit https://ico.org.uk/for-the-public/online/cookies/ or http://www.allaboutcookies.org/.

You can also opt out of targeted advertising from all advertisers here:

Facebook - https://www.facebook.com/settings/?tab=ads

Google - https://www.google.com/settings/ads/anonymous

Bing - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/