OUR PRIVACY POLICY
Introduction
This privacy policy sets out the types of personal data we may collect about you when you interact with us. It also explains how THE PROTEIN WORKS™ stores, uses and importantly, keeps safe, any information that you give us when you use this website.
THE PROTEIN WORKS™ is committed to ensuring that your privacy is protected at all times and though you may find that there is a lot of detail in the following policy, we want you to be properly informed of your rights and how we use your data to best serve you. For example, this policy will explain where we store your data and how we combine certain touch points you have with us to build a better idea of what you may want to hear about in the future.
It's likely that we’ll need to update this privacy policy from time to time. Privacy is a really sensitive area and as with everything we do, we obsess over the details. Should you need to know about something significant in the way we use your data, we’ll contact you straight away, otherwise please just check back here to keep up to date.
When you’re using THE PROTEIN WORKS™ website, we are the data controller and we don’t sell on any of the data you share with us, or that we collect.
EXPLAINING THE LEGAL BASIS THAT WE RELY ON
The laws on data protection set out a number of different reasons for which a company may collect and process your personal data. We’ll outline below what those reasons are and how we stack up with them:
Consent
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service. Normally where you see a * that means the data is mandatory. For example, we collect date of birth to verify you are over the age of 18 in order to recieve a newsletter or other marketing communications should you express you wish to hear from us. Anywhere else there is a field without * denoted, it’s entirely up to you whether you share that information. Sharing it usually gives us a more accurate picture of you, so we can tailor things in the future and cut the ‘noise’ out of messages, offers, or updates that aren’t relevant to you. A great example of this is around dietaries. A lot of our customers are vegan, so choosing to share that with us helps us talk to you about just vegan products as often as we can.
Contractual Obligations
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier. We review the contracts of our hand selected couriers on a regular basis to ensure they look after your data like its family too – and we’re confident they all comply with the very latest regulations.
Legal Compliance
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting the company to law enforcement.
Legitimate Interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running THE PROTEIN WORKS™ and which does not materially impact your rights, freedom or interests. For example, we will use your history of what you’ve bought from us to send you personalised offers or content around a product or collection of products and how they can be best used. We also collate the shopping history of collections of customers to identify patterns which help us keep up with growing demand or emerging trends. Using this data also helps us to identify new areas we can develop our product offering and/or service we provide in order to remain committed to our mission to innovate. We will also use your email address, mobile number to send you direct marketing telling you about products, offers and services that you might find interesting. From time to time we may also use your phone number to call you as part of our WOW customer service programme where we like to gain feedback from customers who are willing to provide it.
WHEN DO WE COLLECT YOUR DATA
WHAT DATA DO WE COLLECT?
HOW WE USE YOUR DATA
One of the ways to ensure we give you the best, fastest and most relevant experience with us is to use different data points in order to create a picture of you. This is hypothetical based on the information we have, and we do our best with it in order to personalise your experience now and in the future.
Once we have relevant enough data we will use that from time to time to personalise things, like the offers and content you see to ensure they are most likely of interest to you. Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for. For example, if you’ve asked us to let you know when an item comes back into stock, we can’t do that if you’ve withdrawn your general consent to hear from us.
Here’s how we’ll use your personal data and why:
COMBINING YOUR DATA
We want to bring you offers and promotions that are most relevant to your interests at particular times. To help us form a better, overall understanding of you as a customer, we combine your personal data, for example your shopping history and data that we obtain from third parties to whom you have given your consent to pass that data onto us. A good example of this would be your recently viewed products and the information you’ve made available with your social media account to serve you adverts that are tailored to what you like or what we think you’ll like based on trends we’re seeing across our customer base and in the market.
SECURITY
We know how much data security matters to all our customers. Everyone at THE PROTEIN WORKS™ is an online shopper too – so we feel strongly about the protection of your data and treat it like its family.
We secure access to all transactional areas of our websites and apps using ‘https’ technology which is the most secure way. Access to your personal data is password protected, and sensitive data such as payment card information is secured and tokenized to ensure it is protected. We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
HOW LONG WILL WE KEEP YOUR DATA?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. An example of customer data retention periods:
Orders
When you place an order, we’ll keep the personal data you give us forever unless you ask us to remove it, this is done so in order to uphold our industry-first and only Lifetime Guarantee. We also hold it for this period of time so we can comply with our legal and contractual obligations around product recalls and so on.
Marketing
When you opt in to receive marketing communications from us we’ll keep you on our database for a minimum of 6 years and remove your data should you not have interacted with us for that period of time or longer - this is to make sure that we only contact the customers who show a ‘current’ interest in keeping in touch with us.
WHO DO WE SHARE YOUR DATA WITH?
We don’t share your data with anyone for any purposes other than to fulfil our obligations to you. For example, delivery couriers, fraud management, to handle complaints, to help us personalise our offers to you and so on.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
Examples of the kind of third parties we work with are:
Sharing your data with third parties for their own purposes:
We will only do this in very specific circumstances, for example:
To help personalise your journey through our website we currently use the following companies, who will process your personal data as part of their contracts with us:
WHERE IS YOUR DATA PROCESSED?
The majority of our data is processed inside the UK. The only exception to this are for international orders. If you are based outside the UK and place an order with us, we will transfer the personal data that we collect from you to the courier in your country in order for your parcel to be delivered to you.
When we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the UK.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Policy.
WHAT ARE YOUR RIGHTS OVER YOUR DATA?
At the end of the day, the data you share with and that we collect as per the detail described in this policy, is your data. As such you have rights over what we hold and how we use it. For example, you have the right to ask for:
You have the right to request a copy of any information we hold about you at any time, and also to have that information corrected if it is inaccurate. To ask for your information or to change it at any time, please contact helpdesk@theproteinworks.com, log into your account and edit your preferences or call us on + 44 1928 571 677. *There may be a small fee depending on the type of information you request, we’re not a huge corporate business so one of our dedicated team will spend time to collate all your information which could take some time, the charge will cover the costs of our thoroughness.
If we choose not to action your request we will explain to you the reasons for our refusal.
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
HOW CAN YOU EDIT & STOP PREFERENCES?
There are several ways you can stop direct marketing communications from us:
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated. To get any update at any time you can call us on + 44 1928 571 677
HOW WE USE COOKIES
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the Privacy Policy applicable to the website in question.
LIST OF COOKIES WE COLLECT
The table below lists the cookies we collect and what information they store.
COOKIE name | COOKIE Description |
---|---|
frontend | You session ID on the website. |
currency | Your preferred currency. |
The Google cookie names are | _utma, _utmb, _utmc, _utmt, _utmz, _ga, _gat, _dc, _gtm. Google's privacy policy on the information which it obtains from these cookies can be found here: http://www.google.com/intl/en/privacypolicy.html |
_uetsid | Microsoft Bing Ads Universal Event Tracking (UET) tracking cookie. More information can be found here: https://advertise.bingads.microsoft.com/en-us/resources/policies/remarketing-in-paid-search-policies |
Recommend Pro cookie name tracking service information on products you have viewed are | _et_id, _et_ses, RECOMMENDTRACKER. |
The Qubit cookie names are | qb_permanent, qb_session, qbef, _qst_s, x_qtag_, _qubitTracker, _qst, __qca. |
__btr_em | Bronto. Cart Recovery cookie that contains an encoded customer email address. |
__btr_id | Bronto. Cart Recovery cookie that contains a customer cart ID that can be associated with a user. |
bmec | Bronto.. |
__CFDUID | Dotdigital: Service infrastructure. |
DM_I RECORDID SESSIONID | Dotdigital: Tracks and identifies a visitor as an Engagement Cloud contact whilst they browse a site’s pages. |
DM_I | Dotdigital: Tracks contacts whilst they browse a site’s pages and records any ROI data, should they make a purchase. |
SURVEY-X | Dotdigital: Tracks and identifies a respondent as they answer the survey and records when the survey is complete. |
SURVEY-STARTED-X | Dotdigital: Tracks and identifies a respondent as they answer the survey and records when the survey is complete. |
X-DISMISSED X-COMPLETED | Dotdigital: Tracks and identifies a respondent as they answer the survey and records when the survey is complete. |
LPFORMX | Dotdigital: Enables someone filling in a form to save their progress so they can return to complete the form at later date. |
LP-X | Dotdigital: Identifies the contact to enable personalisation when they visit any landing page from that particular account. |