Hook to Plate Ltd (“us”, “Hook to Plate”, “we”, or “our”) operates its website https://hooktoplate.co.uk (“Website”) which supplies its subscription boxes and products to its customers. 

This Privacy Policy governs those that will access and use our Website whether you are a visitor (“Visitor”) who accesses our Website without making any purchases or enquires about products, whether you are a customer (“Customer”) purchasing our products and services and making use of the subscription service (“Subscription Service”) available, or those that we work with in the provision of our Subscription Service, all of whom are referenced as (“you” or “your”) for the purpose of this Privacy Policy. It also covers off any other interactions that may take place either directly by telephone, or via the Website.

You will provide some of this data to us and we will also collect some of it, through the use of our Website and our Subscription Service. 

Overview

At Hook to Plate, we take privacy very seriously. We have prepared this Privacy Policy (“Privacy Policy”) to ensure that we communicate to you, in the clearest way possible, how we treat your personal information. We encourage you to read this Privacy Policy carefully as it governs your use of our Website.

We are committed to ensuring that your personal information remains confidential and secure in accordance with applicable Data Protection Legislation. We are the controller of personal data obtained via the Website, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

This policy sets out how we look after your personal data if you are a:

• Visitor to our Website;
• A Customer purchasing our products or services or subscribing to our Subscription Service;
• A potential customer;
• Supplier or business contact of Hook to Plate;
• Any third-party organisation that uses Hook to Plate or the Website.

This Privacy Policy (together with any applicable terms and conditions as they may apply through the use of the Website, Terms of Use and any other documents or terms incorporated by reference) describe the types of information that we collect from you through the use of the Website, and how that information may be used or disclosed by us and the safeguards we use to protect it. The personal information that we collect is used for providing and improving our services. We will not use or share your information with anyone except as described in this Privacy Policy. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

We may update this policy from time to time, and you can find our latest version on our website or by asking us for a copy.

Who is Hook to Plate?

Hook to Plate Limited, is a company incorporated in England and Wales, with its company number 15812159 and its registered office being Beaver Lake Farm Crow Hill, Crow, Ringwood, England, BH24 3DE. 

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at [                                     ].

We will only process personal information about you in accordance with the UK Data Protection Legislation which for the purposes of this Privacy Policy shall mean: all applicable data protection and privacy legislation in force from time to time in the UK including without limitation the UK GDPR; the Data Protection Act 2018 (and regulations made thereunder) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the Commissioner or other relevant regulatory authority and which are applicable to a party (“Data Protection Legislation”).  

1. What does Hook to Plate do? 

We supply the finest blue fin tuna in Subscription Boxes to our customers, as made available through our Website.

2. The purpose of this Privacy Policy

The purpose of this Privacy Policy is to set out how we collect and use your personal data when we directly control the personal data as a data controller in respect of the use of the Website and for any personal data we collect and use as an organisation. 

3. The data we collect and how we collect it.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together depending on your relationship with us (for instance, whether you are a Visitor or a Customer benefitting from our Website, or a supplier) as follows:

• Identity Data: includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender. 

• Financial / Transaction Information: details of bank account details or debit / credit card information for payment information, billing information and transaction information if you buy any products from us or purchase any of our services. We use a third party payment provider to collect this information.

• Contact Data: your email address, telephone number and postal address. 
• Technical Log Data includes internet protocol (IP) address, device ID’s, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, geolocation data, social media preferences, operating system and platform and other technology on the devices you use to access the Website.
• Profile Data includes any username and password where you register an account with us, your purchases, survey responses, profile-linked user preferences, complaints, preferences, and any feedback responses. 
• Usage Data includes information about how you use the Website. We may collect details of any information, feedback or other matters you give to us by phone, email, post or via social media.
• Cookies Data like many websites, we may use some “cookies” to enhance your experience and gather information about the visitors and number of visits to the Website. Please refer to our Cookie Policy about cookies, how we use them and what kind.
• Analytics includes third-party analytics services (such as Google Analytics) to evaluate your use of the Website, compile reports on activity, collect demographic data, analyse performance metrics, and collect and evaluate other information relating to our Website and internet usage.  These third parties use cookies and other technologies to help analyse and provide us the data.  By accessing and using the Website, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy.

• Marketing and Communications Data. This includes any data we collect from marketing preferences and our third parties. 

• Location Data. We may collect location data in the use of our Website, but you have the right to turn off location services at any time and disable this functionality. We may ask your consent to use location services to identify your location each session. 

You can withhold your personal data from us, but we may not be able to provide our Website to you if you do so and you may be prevented from accessing parts of the Website. 

We may collect your personal data from different sources: 

• We collect all the types of data listed above directly from you when you interact with us. This includes when you register or use the Website.

• We collect Technical Data automatically when you interact with the Website, by using cookies and other similar technologies. 

• We will never send you unsolicited ‘junk’ email or communications or share your personal data with anyone else who might.

• When you purchase a product or service directly or by phone but don’t have (or don’t use) an account.

• When you engage with us on social media.
• When you contact us by any means with queries, complaints, etc.
• When you ask us to email you information about a product or service.
• When you comment on or review our products and services.
• If you fill in any forms. 
• If you have given a third-party permission to share with us the information they hold about you.

If you supply personal data on behalf of someone else, you confirm that the other person has appointed you to act on their behalf and has given you consent to do so.

4. How we use your personal data

We (or third-party data processors, agents and sub-contractors acting on our behalf) may collect, store and use your personal information by way of different methods to collect data from and about you including through:

Direct interactions. This is information (including Identity, Contact and Financial Data) you consent to giving us about you when you fill in forms and sections through the Website, you make any orders or purchase our Subscription Services, or other products or services, or send to us directly, or by corresponding with us (for example, by email or chat). It includes information you provide when visit the Website, or when you create an account with us and finally when you report a problem with our Website, or Hook to Plate generally. If you contact us, we will keep a record of that correspondence.

Information we collect about you and your device either automated or otherwise. Each time you visit or use the Website; we will automatically collect personal data including Technical Log Data. We collect this data using cookies and other similar technologies including server logs. 

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, which include strict confidentiality and contractual terms.

We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:

●      Where you have consented before the processing.

●   Where we need to perform a contract, we are about to enter into or have entered into with you.

●   Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

• Where we need to comply with a legal or regulatory obligation.

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

When we are acting as a data controller, we will use your personal data for the purposes set out in the table below. 

The law sets out several different reasons for which we can collect and use your data. The legal grounds on which we collect and use your data are also set out in the table below. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose for using your data	Legal ground for using your data for this purpose.
To allow you to access to the Website.  To enable access to us and to enable you to benefit from our Website. To manage any account with us and to enable us to deliver our services, including managing payments.	Necessary for our legitimate interests (to allow those access to the Website) / Performance of a contract with us. To comply with a legal obligation. Necessary for our legitimate interests (to recover debts due to us and to make payments) / Performance of a contract with us.
To manage our relationship with you, which will include notifying you about changes to our Privacy Policy, and any key correspondence with you.	Necessary for our legitimate interests (to provide important updates to our Customers)/ Performance of a contract.
To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). To customise our Website and its content.	Necessary for our legitimate interests (to protect our business, software and Website; to keep our services updated). Your consent as gathered through the use of cookies.
To deliver relevant system, software and website content and advertisement and promotional activity to measure or understand the effectiveness of the business.	Necessary for our legitimate interests (to study how our Customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.	Necessary for our legitimate interests (to continuously improve our services for our customers and users).
Marketing our services to existing and former customers.	For our legitimate interests, i.e. to promote our business to existing and former customers.See ‘Marketing’ below for further information.
To create anonymous aggregated data, as set out below.	Necessary for our legitimate interests (to provide additional benefits and functionality to our Customers and users without disclosing personal data).
To comply with applicable laws and regulatory obligations.	To comply with a legal obligation.
Communications with you not related to marketing, including about changes to our terms or policies or changes to the products and/or services or other important notices.	Depending on the circumstances: to comply with our legal and regulatory obligations and in other cases, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price.

Marketing

We will use your personal data to send you updates (by email, text message, telephone or post) about our products, including exclusive offers, promotions or new products.

We have a legitimate interest in using your personal data for marketing purposes (see above ‘How we use your personal data’). This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time by:

• contacting us at info@hooktoplate.co.uk; 
• using the ‘unsubscribe’ link in emails; or ‘STOP’ number in texts; or
• updating your marketing preferences on your account

We may ask you to confirm or update your marketing preferences if you ask us to provide further products in the future, or if there are changes in the law, regulation, or the structure of our business.

We will always treat your personal data with the utmost respect and never sell it with other organisations outside the group for marketing purposes.

For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ section below.

Aggregated Data

We may aggregate and use non-personally identifiable data we have collected from you and others. This data will in no way identify you or any other individual.

We may use this aggregated non-personally identifiable data to:

• assist us to better understand how our users are using the Website and our services generally; 

• provide users with further information regarding the uses and benefits of our organisation; and

• otherwise, to improve our Website.

Cookies when using the Website

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookies Policy.

5. Who has access to your personal data and who do we share it with?

We (or the third parties mentioned above) may need to share your personal data when using your personal data as set out in the table above. We may share your personal data with the following third parties:

• Our professional advisers, including lawyers, auditors and insurers.
• Service providers who provide IT and system administration services, or who store data on our behalf.

• Our bank / third party payment providers.

• Organisations that we collaborate with (if any).

• Other third parties we use to help us run our business, e.g. marketing agencies or website hosts and website analytics providers.

• Law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations.

• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy. 

Where any of your personal data is required for such a purpose, we will take all reasonable steps to ensure that your personal data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the Data Protection Legislation. This type of external data processing is always subject to contractual assurances that personal data will be kept securely and used only in accordance with our specific directions. 

We will not misuse your personal data for any other purpose other than as set out in this Privacy Policy.

6. International Transfers

Subject to us complying with the Data Protection Legislation and ensuring appropriate safeguards are in place, we may transfer your personal data to third parties providing services to us who are based outside of the UK without obtaining your specific written consent. This may include parties providing IT administration services, delivery and courier services, hosting services and other organisations which have products or services that are essential in the delivery of our Website; and finally, organisations providing assistance with managing our marketing databases.

Whenever we transfer your personal data outside of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

(a) the personal data is transferred to or processed in a territory which is subject to adequacy regulations under the Data Protection Legislation that the territory provides adequate protection for the privacy rights of individuals such as the EEA further to Articles 45 of the UK GDPR; or

(b) we participate in a valid cross-border transfer mechanism under Data Protection Legislation, so that we can ensure that appropriate safeguards are in place to ensure an adequate level of protection with respect to the privacy rights of individuals as required under the Data Protection Legislation; or

(c) the transfer otherwise complies with Data Protection Legislation.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

The only exceptions to the periods mentioned above are where:

• Applicable law requires us to hold your personal data for a longer period or delete it sooner.

You can exercise your right to have the personal data erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under any applicable laws.

For more details of our specific retention periods, please contact us.

8. Data Security

Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through the Website as referred to above.

We have implemented significant security measures to maintain a high level of security.

We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so. 

Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet and you take the risk that any sending of that data turns out to be not secure despite our efforts.

If we give you a password upon registration and use of the Website, you must keep it confidential. Please don’t share it.

9. How do we protect personal information?

We implement a variety of security measures to protect and maintain the safety of your personal information including encrypted software. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. 

Any personal data submitted through our Website, is stored by the Website host’s secure UK-based data centre. 

10. Your rights as a data subject

Under certain circumstances, you have rights under the Data Protection Legislation in relation to your personal data. These rights are set out below.  If you wish to exercise any of the rights set out below, please contact us.  

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Your rights are as follows:

• Right of access – you have the right to request a copy of the personal data that we hold about you and to check that we are lawfully processing it. 

• Right of rectification – you have a right to request that we correct personal data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten / erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records i.e., when there is no good reason for us continuing to process it.

Please keep in mind that some information may remain in our records after deletion. We may use any aggregated/encrypted data derived from or incorporating your personal data after you update or delete it, but not in a manner that would identify you personally.

• Right to restriction of processing – where certain conditions apply, you have a right to restrict or suspend the processing, for example if you want us to establish its accuracy or the reason for processing it.

• Right of portability – you have the right to have the data we hold about you transferred to another organisation.

• Right to object – you have the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.

There are some exceptions to the above rights. 

• Right to withdraw consent.  In the limited circumstances where you have provided your consent to the collection, processing and transfer of the personal data referred to above, you may withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent, or to processing carried out on other legal grounds. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

All the above requests will be forwarded to the relevant party should there be a third party involved in the processing of your personal data.

11. Cookies

Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.

The Website uses cookies for Statistical analysis and to:

• Understand user behaviour
• Administer the Website
• Record your geographic location in order to display relative information
• Tailor the information presented to a user based on their preferences, and to improve user experience.

Any information gathered by our use of cookies is compiled on an aggregated/encrypted, anonymous basis.

By default, the majority of popular web browsers automatically permit websites to deploy cookies onto your device. To delete or disable cookies on your preferred browser, we recommend reading this advice posted by Google https://support.google.com/accounts/answer/61416?hl=en. Please note, disabling cookies may impair your experience of the Website.

For more information on applicable cookie law in the UK, we recommend visiting the Information Commissioner’s Office (ICO) website: https://www.cookielaw.org/ where you can find the latest information, guidelines, and advice.

If you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter, following us on Instagram, those social networks will record that you have done so and may set a cookie for this purpose.

In some cases, where a page includes content from a social network, such as a Twitter feed, or Facebook comments box, those services may set a cookie even where you do not click a button. As is the case for all cookies, we cannot access those set by social networks, just as those social networks cannot access cookies we set ourselves.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. For more information about the cookies we use, please see our cookies policy.

12. Technical Log Data

We collect information that your browser sends whenever you visit the Website. This Technical Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of the Website that you visit, the time and date of your visit, the time spent on those pages, and other statistics. The data collected does not include personally identifiable information and is used, as described above, for statistical analysis, to understand user behaviour, and to administer the site.

The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). The information generated by the Cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

13. Changes To This Privacy Policy

We may update our Privacy Policy from time to time. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Continued use of the Website will signify that you agree to any such changes.

14. Complaints to the Information Commissioner’s Office

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance by emailing us at info@hooktoplate.co.uk

15. Contact Us

If you have any questions about this Privacy Policy, please contact us