Our Privacy Policy

Introduction

This privacy policy sets out the types of personal data we may collect about you when you interact with us. It also explains how THE PROTEIN WORKS™ stores, uses and importantly, keeps safe, any information that you give us when you use this website.

THE PROTEIN WORKS™ is committed to ensuring that your privacy is protected at all times and though you may find that there is a lot of detail in the following policy, we want you to be properly informed of your rights and how we use your data to best serve you. For example, this policy will explain where we store your data and how we combine certain touch points you have with us to build a better idea of what you may want to hear about in the future.

It's likely that we’ll need to update this privacy policy from time to time. Privacy is a really sensitive area and as with everything we do, we obsess over the details. Should you need to know about something significant in the way we use your data, we’ll contact you straight away, otherwise please just check back here to keep up to date.

When you’re using THE PROTEIN WORKS™ website, we are the data controller and we don’t sell on any of the data you share with us, or that we collect.

Explaining The Legal Basis That We Rely On

The laws on data protection set out a number of different reasons for which a company may collect and process your personal data. We’ll outline below what those reasons are and how we stack up with them:

Consent

In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service. Normally where you see a * that means the data is mandatory. For example, we collect date of birth to verify you are over the age of 18 in order to recieve a newsletter or other marketing communications should you express you wish to hear from us. Anywhere else there is a field without * denoted, it’s entirely up to you whether you share that information. Sharing it usually gives us a more accurate picture of you, so we can tailor things in the future and cut the ‘noise’ out of messages, offers, or updates that aren’t relevant to you. A great example of this is around dietaries. A lot of our customers are vegan, so choosing to share that with us helps us talk to you about just vegan products as often as we can.

Contractual Obligations

In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier. We review the contracts of our hand selected couriers on a regular basis to ensure they look after your data like its family too – and we’re confident they all comply with the very latest regulations.

Legal Compliance

If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting the company to law enforcement.

Legitimate Interest

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running THE PROTEIN WORKS™ and which does not materially impact your rights, freedom or interests. For example, we will use your history of what you’ve bought from us to send you personalised offers or content around a product or collection of products and how they can be best used. We also collate the shopping history of collections of customers to identify patterns which help us keep up with growing demand or emerging trends. Using this data also helps us to identify new areas we can develop our product offering and/or service we provide in order to remain committed to our mission to innovate. We will also use your email address, mobile number to send you direct marketing telling you about products, offers and services that you might find interesting. From time to time we may also use your phone number to call you as part of our WOW customer service programme where we like to gain feedback from customers who are willing to provide it.

When Do We Collect Your Data

When you visit our website and checkout using your account to buy products or call us to place an order.

When you make an online purchase and check out as a guest (in which case we just collect transaction-based data) and process your email address on the basis of whether you opt in to our marketing communication or not

When you create an account with us.

When you purchase a product by phone but don’t have (or don’t use) an account.

When you engage with us on social media.

When you sign up to an account with us (i.e. Set up a password when you checkout) you will be given access an area called MY ACCOUNT. This will collect and store all of your past orders & your reward points.

When you contact us by any means with queries, complaints etc.

When you enter prize draws or competitions.

When you choose to complete any surveys we send you.

When you comment on or review our products and services.

When you fill in any forms. For example, if you want to become a trade partner of ours then you’ll be asked to complete a form that will collect the data you share with us.

When you’ve given a third-party permission to share with us the information they hold about you.

We collect data from publicly-available sources where the information is made public as a matter of law for example, postcode look-up services.

What Data Do We Collect?

If you have a web account with us: your name, gender (if you share it), date of birth, billing/delivery address, past orders, email and telephone number are all stored. For your security, we’ll also keep an encrypted record of your login password. If you choose to save a method of payment with us, such as a credit or debit card we will store a ‘token’ of this which is the last 4 digits of the 16 digit number in order for our credit card payment processing software (Sage Pay) to work.

Some relevant details of your interactions with us through your talks with our customer service team on the phone or via online chat, or via your interactions with us online. For example, in the unfortunate case that you need to complain to us or ask us for nutritional advice we may collect notes from those conversations. We collect details of purchases you made, items viewed or added to your basket, voucher codes you used, wish list choices, points collected, products you show interest in, web pages you visit and how and when you contact us and if you left your email to be notified when a product comes back in stock.

Details of your shopping preferences for example what categories you like to browse, like vegan, or gluten free, and what categories you shop from, for example you may only ever have bought protein snacks and never a protein powder.

Details of your visits to our websites and which channel you came from, for example Google, or an affiliate of ours like a voucher code site or a bloggers site.

Information gathered by the use of cookies in your web browser. Learn more about how we use cookies here.

Personal details which help us to recommend stuff you might be interested in over things you may want to pass on. For example, if you love a good sale we’ll make sure you’re always on the early access list. Or if you really like protein brownies we may tell you about a launch of a new bakery product first, or when your favourite Protein Brownies come back in stock.

We’ll only ask for and use your personal data collected for recommending items of interest and to tailor your shopping experience with us. Of course, it’s always your choice whether you share such details with us.

We collect your payment card information when you pass it to us to complete your purchase. We don’t store your card details unless you save your card with us but we will always need verification in order for you to purchase with that card. As standard we only e-store the last 4 digits of your card as this is the functionality required for our payment providers technology to work.

Your product reviews.

To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered. Lots of this info is stored already in your browsers’ cookies, if you want more details on that take a read of our cookie policy here.

Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.

How We Use Your Data

One of the ways to ensure we give you the best, fastest and most relevant experience with us is to use different data points in order to create a picture of you. This is hypothetical based on the information we have, and we do our best with it in order to personalise your experience now and in the future.

Once we have relevant enough data we will use that from time to time to personalise things, like the offers and content you see to ensure they are most likely of interest to you. Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.

Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for. For example, if you’ve asked us to let you know when an item comes back into stock, we can’t do that if you’ve withdrawn your general consent to hear from us.

Here’s how we’ll use your personal data and why:

To process any orders that you make by using our website. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations. For example, your details may need to be passed to a third party to supply or deliver the product that you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, guarantees and so on.

To respond to your queries, refund requests and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.

To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our website. We’ll do all of this as part of our legitimate interest. For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent logins from unexpected locations.

To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.

From May 18th 2018 with your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text, telephone about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. Before this date we’ll continue to contact you should you be subscribed to our direct marketing communications based on our legitimate business interests to do so. Of course, you can change these preferences at any time and we have built new functionality in the My Account section of our website to enable you to manage your preferences in much more detail. In addition to that, we’ve also built a brand new Preference Centre so when you hit ‘unsubscribe’ at the bottom of any of our emails at any time, you can manage the frequency, type and content of emails should you want to tailor things.

Of course, you are free to opt out of hearing from us by any of these channels at any time.

To send you relevant, personalised communications by post in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest. You are free to opt out of hearing from us by post at any time.

To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Policy, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.

To display the most interesting content to you on our websites, we’ll use data we hold about your favourite products and so on. We do so on the basis of your consent for our website to place cookies or similar technology on your device. For example, we might display a list of items you’ve recently looked at, or offer you recommendations based on your purchase history and any other data you’ve shared with us.

To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.

To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests. For example, we’ll record your browser’s Session ID to help us understand more when you leave us online feedback about any problems you’re having

To comply with our contractual or legal obligations to share data with law enforcement. For example, when a court order is submitted to share data with law enforcement agencies or a court of law

To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you. As usual, you are free to opt out of receiving these requests from us at any time by updating your preferences in your online account.

To build a simple picture of who you are and what you like, and to inform our business decisions, we’ll combine data captured from third parties as we have described in the section 'What Sort of Personal Data do we collect?' We’ll do this on the basis of our legitimate business interest. For example, by combining this data, this will help us personalise your experience and decide which inspiration or content to share with you.

Combining Your Data

We want to bring you offers and promotions that are most relevant to your interests at particular times. To help us form a better, overall understanding of you as a customer, we combine your personal data, for example your shopping history and data that we obtain from third parties to whom you have given your consent to pass that data onto us. A good example of this would be your recently viewed products and the information you’ve made available with your social media account to serve you adverts that are tailored to what you like or what we think you’ll like based on trends we’re seeing across our customer base and in the market.

Security

We know how much data security matters to all our customers. Everyone at THE PROTEIN WORKS™ is an online shopper too – so we feel strongly about the protection of your data and treat it like its family.

We secure access to all transactional areas of our websites and apps using ‘https’ technology which is the most secure way. Access to your personal data is password protected, and sensitive data such as payment card information is secured and tokenized to ensure it is protected. We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How Long Will We Keep Your Data?

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. An example of customer data retention periods:

Orders

When you place an order, we’ll keep the personal data you give us forever unless you ask us to remove it, this is done so in order to uphold our industry-first and only Lifetime Guarantee. We also hold it for this period of time so we can comply with our legal and contractual obligations around product recalls and so on.

Marketing

When you opt in to receive marketing communications from us we’ll keep you on our database for a minimum of 6 years and remove your data should you not have interacted with us for that period of time or longer - this is to make sure that we only contact the customers who show a ‘current’ interest in keeping in touch with us.

Who Do We Share Your Data With?

We don’t share your data with anyone for any purposes other than to fulfil our obligations to you. For example, delivery couriers, fraud management, to handle complaints, to help us personalise our offers to you and so on.

Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:

We provide only the information they need to perform their specific services.

They may only use your data for the exact purposes we specify in our contract with them.

We work closely with them to ensure that your privacy is respected and protected at all times.

If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Examples of the kind of third parties we work with are:

IT companies who support our website and other business systems such as Postcode Anywhere who look up your post code in our checkout to make finding your full address faster.

Operational companies such as delivery couriers.

Direct marketing companies who help us manage our electronic communications with you. For example, our email marketing service provider who are called dotdigital.

Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Policy for details.

Sharing your data with third parties for their own purposes:

We will only do this in very specific circumstances, for example:

With your consent, given at the time you supply your personal data, we may pass that data to a third party for their direct marketing purposes. For example, if you enter a gym membership competition and tick a box agreeing that the gym company can send you promotional information directly.

For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.

We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.

If THE PROTEIN WORKS™ transfers to new ownership this would involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Policy.

To help personalise your journey through our website we currently use the following companies, who will process your personal data as part of their contracts with us:

Postcode Anywhere (PCA)

Google Tag Management

dotdigital

Amazon Web Services

WMS

Sage

Google Analytics

Google

Twitter

Instagram

YouTube

AWIN (Affiliate Window)

Pinterest

Facebook

Snapchat

Where Is Your Data Processed?

The majority of our data is processed inside the UK. The only exception to this are for international orders. If you are based outside the UK and place an order with us, we will transfer the personal data that we collect from you to the courier in your country in order for your parcel to be delivered to you.

When we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the UK.

Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Policy.

What Are Your Rights Over Your Data?

At the end of the day, the data you share with and that we collect as per the detail described in this policy, is your data. As such you have rights over what we hold and how we use it. For example, you have the right to ask for:

Access to the personal data we hold about you, free of charge in most cases*.

The correction of your personal data when incorrect, out of date or incomplete.

For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (such as the end of a products life cycle for our Lifetime Guarantee).

That we stop using your personal data for direct marketing (either through specific channels, or all channels).

That we stop any consent-based processing of your personal data after you withdraw that consent.

You have the right to request a copy of any information we hold about you at any time, and also to have that information corrected if it is inaccurate. To ask for your information or to change it at any time, please contact [email protected], log into your account and edit your preferences or call us on + 44 1928 571 677. *There may be a small fee depending on the type of information you request, we’re not a huge corporate business so one of our dedicated team will spend time to collate all your information which could take some time, the charge will cover the costs of our thoroughness.

If we choose not to action your request we will explain to you the reasons for our refusal.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

How Can You Edit & Stop Preferences?

There are several ways you can stop direct marketing communications from us:

Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that channel. We aim for this to happen immediately, however it can take up to 30 days

If you have an account, log in & visit the ‘My Account’ area and change your preferences. You can change preferences at a very granular level, like stop receiving SMS texts, but continue to receive emails.

Write to us [email protected] or call us on + 44 1928 571 677

Post to us at TPW™ Towers, Units 1-2 Aragon Court, Manor Park, Runcorn, Cheshire, WA7 1SP, UK.

Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated. To get any update at any time you can call us on + 44 1928 571 677

How We Use Cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links To Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the Privacy Policy applicable to the website in question.

List Of Cookies We Collect

The table below lists the cookies we collect and what information they store.

COOKIE name	COOKIE Description
frontend	You session ID on the website.
currency	Your preferred currency.
The Google cookie names are	_utma, _utmb, _utmc, _utmt, _utmz, _ga, _gat, _dc, _gtm. Google's privacy policy on the information which it obtains from these cookies can be found here: http://www.google.com/intl/en/privacypolicy.html
_uetsid	Microsoft Bing Ads Universal Event Tracking (UET) tracking cookie. More information can be found here: https://advertise.bingads.microsoft.com/en-us/resources/policies/remarketing-in-paid-search-policies
Recommend Pro cookie name tracking service information on products you have viewed are	_et_id, _et_ses, RECOMMENDTRACKER.
The Qubit cookie names are	qb_permanent, qb_session, qbef, _qst_s, x_qtag_, _qubitTracker, _qst, __qca.
__CFDUID	Dotdigital: Service infrastructure.
DM_I RECORDID SESSIONID	Dotdigital: Tracks and identifies a visitor as an Engagement Cloud contact whilst they browse a site’s pages.
DM_I	Dotdigital: Tracks contacts whilst they browse a site’s pages and records any ROI data, should they make a purchase.
SURVEY-X	Dotdigital: Tracks and identifies a respondent as they answer the survey and records when the survey is complete.
SURVEY-STARTED-X	Dotdigital: Tracks and identifies a respondent as they answer the survey and records when the survey is complete.
X-DISMISSED X-COMPLETED	Dotdigital: Tracks and identifies a respondent as they answer the survey and records when the survey is complete.
LPFORMX	Dotdigital: Enables someone filling in a form to save their progress so they can return to complete the form at later date.
LP-X	Dotdigital: Identifies the contact to enable personalisation when they visit any landing page from that particular account.
_gaexp	Google Optimize: Used to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.
_opt_awcid	Google Optimize: Used for campaigns mapped to Google Ads Customer IDs.
_opt_awmid	Google Optimize: Used for campaigns mapped to Google Ads Campaign IDs.
_opt_awgid	Google Optimize: Used for campaigns mapped to Google Ads Campaign IDs.
_opt_awkid	Google Optimize: Used for campaigns mapped to Google Ads Campaign IDs.
_opt_utmc	Google Optimize: Stores the last utm_campaign query parameter.
_hjClosedSurveyInvites	Hotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown.
_hjDonePolls	Hotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in.
_hjMinimizedPolls	Hotjar cookie. This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site.
_hjDoneTestersWidgets	Hotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in.
_hjIncludedInSample	Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.
_hjShownFeedbackMessage	Hotjar Cookie. This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show.
_hjid	Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
hjTLDTest	Hotjar cookie. When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
_hjUserAttributesHash	Hotjar cookie. User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated.
_hjCachedUserAttributes	Hotjar cookie. This cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool.
_hjLocalStorageTest	Hotjar cookie. This cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted immediately after creating it so the expected storage time is under 100ms.