Privacy Policy
How to contact Pimento Hill
Pimento Hill is headquartered in London, UK, where we make little jars of big flavours. If you have any questions about how we process your personal data, and you are unable to find the answer to your question in our privacy notice, please send an email to privacy@pimentohill.co.uk.
You can also correspond with us by post:
Pimento Hill Ltd
10 Town Quay Wharf
Barking, Essex IG11 7BZ
UNITED KINGDOM
Why do we collect personal data about you and what do we do with it?
Consumers
We collect personal data to help us manage our customer relationship with you - whether you regularly buy from us, or just enjoy browsing in our online shop or at our market stalls in London. Most of the time we receive the personal data directly from you, and in these cases we use the data for specific purposes.
- To provide you with the products or services you have ordered with us
This includes all the things we might do when you make a purchase from us, for instance creating your customer account and taking your order; accepting payment for the order and issuing receipts; making sure your order gets delivered to wherever it needs to go; and where necessary, processing any changes to the order.
All these actions result from the contract we have with you, our customer, and they are necessary for fulfilling our obligations arising from our customer relationships.
- To provide you with account information or recent purchase information that may require serious or immediate attention
One example is when we send you automatic notifications of changes to your account. This kind of action also results from the contract we have with you as our customer and is equally as necessary for fulfilling our obligations arising from our customer relationships.
- To provide you with courtesy information related to recent purchases or uncompleted transactions
This category includes abandoned shopping cart reminders and other marketing communications that are relevant for maintaining our customer relationship with you — always according to your communication preferences. It is in both our legitimate interest for you, our customer, to receive time-sensitive information related to goods and services that you have recently purchased or considered for purchase. You always have the right to opt out from such communication.
- To send you product newsletters and other kinds of marketing communications
This includes engaging you in market research which is appropriate for maintaining customer relationships. You always have the right to unsubscribe from this kind of communication.
- To screen for potential risk and fraud/identity theft, and to report suspicious business operations to the applicable authorities
This is necessary to ensure that we comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we may receive.
Online services users
When you stop by to use our site and participate in competitions, prize draws or surveys, or to subscribe for marketing material, such as our recipes or press releases, you hand over your personal information to us. Some of our services are available to registered users only, and therefore you may be required to set up a Pimento Hill account in order to join the fun. In these cases, we will use personal data about you - with your consent - to enable you to participate in these activities or to send you the material that you want to see.
We also collect information on how you use our site and other online services, as it is our legitimate business interest to improve your customer experience with us and to develop our products and services so that we can carry on making delicious jars of goodness. In particular we use your data for the following purposes.
- To refine how we understand customer usage and trends
When we can better understand why you like what you like, we can do a much better job of giving you the discounts and marketing material you really want to see, always subject to your communication preferences.
- To develop and maintain new and existing products and services
We want to give you the tastes that you love - and also delight you with new flavours to experience. When we analyse how our customers use our products and services, this brings added value of enabling you to order improved products and services, and enabling us to meet and exceed your expectations.
- To deliver a customised view of our products and services
When you visit and use any of the features on our website, we create a customised view of our products and services in order to meet your specific interests and preferences. We do this by building a profile that best describes you as a customer based on various types of data, such as your personal attributes or your behaviour. We also use our profile of you to help support individually customised advertising and marketing, and to support our product and service development.
What personal data do we collect about you?
Consumers
Whenever you purchase a product or service from us and enter into a customer relationship with us, we collect relevant personal data:
- contact information, such as name, address, telephone, and/or email address;
- order and transactional information;
- payment information, including possible discount or loyalty card information;
- customer management information, such as marketing approvals and denials;
- data on marketing and customer service actions (for example, prize draw and competition data), consents and prohibitions.
Online services users
We store customer information for the duration of the customer relationship, and in the case of customer service purposes, for an additional two years. During this time, we may send you electronic or postal mail that services the transaction or provides promotional information that we believe may be of interest based on purchasing and browsing activity. We retain personal data for as long as required by law, for example HMRC accounting.
We also collect different kinds of information about you on your visits to our website:
- browser activity, which may be used to supplement our profile of you especially if you hold an account with us; this includes the information we store for you when you log into your account with us (like site preferences and shopping basket), how often you visit pimentohill.co.uk and what you’ve purchased;
- information about the device or connection you are using, such as device ID, IP address, browser type, internet service provider, date and time stamps, and referring or exit pages;
- contact information when you ask to subscribe to our newsletter or press releases (for example, first and last names, email address, language preferences, and if relevant, your address, telephone number, job title and company name, website and salutation);
- contact information when you ask to participate in our competitions, campaigns or events by filling out a webform; any personal data provided will only be retained for competition or campaign management, or the feedback collection that we host ourselves - we do not use your personal data for any other purpose unless otherwise agreed with you, and the information will be destroyed 2 years after the competition or campaign has ended, and 3 years after the event has ended.
When we collect information about your online activity, we use cookies, web beacons and log files. A cookie is a piece of data that our website automatically transfers to the hard drive of your computer or mobile device when you access the website. When accessing any page on pimentohill.co.uk for the first time, a banner informing our use of cookies is displayed. By continuing to browse, whether by accessing another area of the website, or by clicking on an image or a link, you are agreeing to our use of cookies.
It’s possible to block and delete cookie preferences through your browser settings, and you can find links below. Just take note that if you do disable cookies, you may not be able to access all the services on pimentohill.co.uk.
Web beacons (along with tags and pixels) and log files work like cookies, and allow us to gather information about how you browse our site, regardless of whether you are logged in to your Pimento Hill account. Please note that we do not alter our site’s data collection or use practices when we see a ‘Do Not Track’ signal from your browser.
We know you love to share the content we have on our channels. Just be aware that social networking sites, like Facebook, Instagram and Twitter, might send cookies. We don’t control the setting of these third-party cookies, so we suggest you check the third-party websites for more information about their cookie policy and how to manage them.
Do we share personal data about you with others, and how do we keep it safe?
The only people who are given access to customer data are those who specifically need to process personal data for doing their job. All of them are subject to an obligation of confidentiality. When we share personal data with other organisations, we make sure it is only for fulfilling the purposes described in this document - and we always ensure we have a legal basis for doing so. Organisations include service providers and our partners.
ICT service providers and suppliers
We use carefully selected ICT partners for IT support, maintenance and development.
Financial institutions and payment processing partners
Payments are made through our payment solution providers. Customers provide their credit card, debit card or PayPal account information direct to our providers who process payment details further.
Transport services
We disclose personal data to transport service providers and product suppliers when it is required to fulfil customer orders, for example delivering purchased products to our customers.
Marketing services providers
We use carefully selected digital marketing service providers, communications service providers and media agencies to help us deliver and present marketing content based on the personal data we collect about our customers.
Authorities
When required by local law, Pimento Hill discloses personal information to authorities.
Providers outside the EEA
We do not transfer or disclose personal data outside the European Union or European Economic Area without legal grounds. Some of our service providers are located outside the European Economic Area (specifically in Canada and the United States) and we will transfer personal data to them when necessary for carrying out the purposes listed in this privacy notice.
For example, we use Shopify to power our online store; we also use Google Analytics to help us understand how our customers use the site. You can read more about how Shopify and Google Analytics use your personal information via the links below.
Shopify https://www.shopify.com/legal/privacy
Google Analytics https://www.google.com/intl/en/policies/privacy/
In any case, whenever we engage third parties we use appropriate contractual safeguards when transferring personal data to those service providers. If you wish to opt out of Google Analytics, you can do so here: https://tools.google.com/dlpage/gaoptout
We also have appropriate technical measures and organisational security policies and procedures in place to protect personal data and information from loss, misuse, alteration, or destruction.
In the event that there are data breaches, we will report such breaches to the ICO (as required by regulation) and notify affected customers, as soon as practicable after we become aware of the breach or are notified of a breach by our 3rd party suppliers or partners.
What rights do you have?
The General Data Protection Regulation provides the following rights to European residents.
Right of access to your personal data
You have the right to know what personal data we process about you, and how we process it. You also have a right to receive a copy of this data.
Right to ask us to correct wrong information about you
Keeping the personal data about you up-to-date is a top priority for us, but if you notice that we process outdated or otherwise incorrect data about you, you always have the right to ask us to correct it.
Right to erasure (right to be forgotten)
In certain situations, you have the right to ask for your personal data to be deleted. For example, you can exercise this right if you think that we no longer need your personal data for the purposes listed in this privacy notice. Once we have validated your request, we will delete your data unless we need to retain it to comply with our legal obligations. In any case, your personal data will be removed from Pimento Hill’s systems after our defined retention times.
Right to restrict processing
In certain circumstances, you have the right to ask us to restrict processing your personal data. This means that we will not do anything else with your personal data but continue storing it in our IT systems. Once we have validated your request, we will stop processing such data.
Right to object
You always have the right to opt-out of direct marketing communication by clicking the unsubscribe link we provide you with in all our marketing communications with you. You also have the right to object to the processing of your personal data that we carry out for our legitimate business interests described in this privacy notice. Upon receiving your request, we will carefully assess it and stop processing your personal data if our processing has indeed been unreasonable.
Right to data portability
You have the right to ask us to send you, or someone else, a copy of the data you have provided to us in a commonly used machine-readable format. This right only applies to the personal data that you have provided to us when we have collected data based on your consent or on a contract that we have with you. Once we have validated your request, we will transfer your data to your designated destination.
Right to lodge a complaint with a data protection supervisory authority
We value your business and the relationship we have with you as our customer, and hope that you would always contact us if you have questions about how we process personal data. However, if you think that we do not comply with data protection law when processing your personal data, you have the right to lodge a complaint with a data protection supervisory authority. You may in particular contact the supervisory authority of the country you live or work in.
How to use your GDPR rights?
Please email or write to us if you have questions about your data or wish to exercise your GDPR rights. We will respond to your request within 30 days of receiving it. If your request is complex we can extend the time period for a maximum of two more months.
When using your rights, please prepare to prove your identity. You have a right to use your rights free of charge. If we find the request to be unfounded or excessive, a fee may be charged to cover the administrative costs. Your requests will be stored along with your personal information.
We may update this policy
We may update our privacy policies from time to time. We will notify you of any material changes for operational, legal or regulatory reasons. We will also post an updated copy on our site(s) - please check our site(s) periodically for updates.