Privacy Policy
THETASTELAB by Classic Fine Foods UK Limited (referred to as “CFF UK”, “we”, “us” or “our” in this privacy policy)
takes its data protection and privacy responsibilities seriously.
This privacy policy sets out how we collect, use, protect and share personal information in the course of our business activities.
1. IMPORTANT INFORMATION (paragraph 1)
2. TYPES OF PERSONAL DATA WE COLLECT (paragraph 2)
3. HOW IS YOUR PERSONAL DATA COLLECTED? (paragraph 3)
4. HOW WE USE YOUR PERSONAL DATA (paragraph 4)
5. WHEN WE SHARE YOUR PERSONAL DATA (paragraph 5)
6. INTERNATIONAL TRANSFERS (paragraph 6)
7. DATA SECURITY (paragraph 7)
8. DATA RETENTION (paragraph 8)
9. YOUR RIGHTS (paragraph 9)
10. CONTACT US (paragraph 10)
11. COMPLAINTS (paragraph 11)
12. AUTOMATED DECISION MAKING (paragraph 12)
13. UPDATES TO THIS PRIVACY POLICY (paragraph 13)
14. THIRD PARTY LINKS (paragraph 14)
1. IMPORTANT INFORMATION
This privacy policy gives you information about how CFF UK collects and uses your personal data through your use of this website, when you register with us, purchase a product or service or otherwise engage with us as described in paragraph 3 below.
Classic Fine Foods UK Limited is the controller and responsible for your personal data. CFF UK or its ultimate parent company, Metro AG and/or any subsidiaries of Metro AG (collective “Metro Group”) may have to access and process your data for legitimate purposes as highlighted below.
If you have any questions about this privacy policy, including any requests to exercise your legal rights (paragraph 9), please contact the us using the information set out in paragraph 10.
2. TYPES OF PERSONAL DATA WE COLLECT
We may process the various types of personal data about you which have been grouped as follows:
- Identity Data includes first name, last name, any previous names, title, date of birth and
gender. - Contact Data includes job title, company details, billing and delivery addresses, email address and telephone numbers.
- Financial Data includes (non corporate) bank account, credit rating information and payment card details.
- Customer Data includes delivery instructions, call recordings, meeting notes and information on complaints and feedback.
- Transaction Data includes payment details and information about the products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type, time zone, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes information about how you interact with and use our website, products and services. We may process aggregated data which does not reveal your identity. For example, we may aggregate Usage Data to calculate the number of users accessing a specific website feature. This helps us analyse general trends and improve our website and services.
- Marketing and Communications Data includes your marketing and communication preferences.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We may collect information about you through the following means:
- Your interactions with us. You may give us your personal data directly by communicating with us by post, phone, email or otherwise engaging with our website through online forms.
- Automated technologies or interactions. As you interact with our website, we may automatically collect information about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
- Third parties sources. We may receive personal data about you from various third parties as described below:
– Technical Data collected from analytics providers and advertising networks when you
use our website; and
– As mentioned in section 5, we may receive personal data about you from other
members of the Metro Group.
Note that certain information is required from you in order to conduct our business. If you do not provide this information, then we may not be able to proceed with the relationship/your request.
We also collect personal information through recording telephone calls. The purpose of recording calls is to train staff and to quality control/monitor our activities. The general retention period for call recordings is 90 days, however this is subject to some exceptions, for example where a recording is the subject of an ongoing complaint or claim.
4. HOW WE USE YOUR PERSONAL DATA
Data protection law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases when doing so:
- Performance of a contract with you. When it is necessary for CFF UK (or a third party) to
perform the contract we are about to enter or have entered into with you. - Legitimate interests. We may use your personal data to conduct our business and pursue our legitimate interests, such as preventing fraud and providing you with a secure customer experience. Before processing your personal data for these purposes, we carefully consider and balance any potential impact on you and your rights.
- Legal obligation. We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to.
- Consent. When we ask you to actively indicate your agreement to our use of your personal data for a certain purpose, for example if you subscribe to receive marketing communications.
We have set out in the table below the ways we plan to use the various categories of your personal data alongside the relevant legal bases:
| Purpose | Category of personal data | Legal basis |
| To register you as a new customer | Identity Data Contact Data Customer Data Marketing and Communications Data | Performance of a contract with you |
| To process and deliver products and services you order from us | Identity Data Contact Data Customer Data Financial Data Transaction Data Marketing and Communications Data | Performance of a contract with you |
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Dealing with your requests, complaints and queries | Identity Data Contact Data Customer Data Marketing and Communications Data | Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests to keep our records updated and manage our relationship with you |
| To share customer and supplier data with our sister companies in the Metro Group in order to review common suppliers and harmonise and align contractual terms | Identity Data Contact Data Customer Data Transaction Data Usage Data Marketing and Communications Data | Necessary for our legitimate interests to:
|
| To consider whether there are any opportunities for cross marketing of products and services between Metro Group companies and respective customers | Identity Data Contact Data Customer Data Marketing and Communications Data | When necessary for the legitimate interests, including to carry out marketing to inform customers about products and services Where applicable, having obtained your prior consent to receiving marketing communications |
| To manage and safeguard our business and website, including troubleshooting, data analysis, testing, system maintenance, support, reporting, and data hosting | Identity Data Contact Data Transaction Data Technical Data | Necessary for our legitimate interests to:
|
| To use data analytics to enhance our website, products, services, customer relationships, and experiences, and to evaluate the effectiveness of our communications and marketing | Technical Data Usage Data | Necessary for our legitimate interests to:
|
| To send you relevant marketing communications and personalised suggestions about goods or services that may interest you | Identity Data Contact Data Technical Data Usage Data Marketing and Communications Data | Necessary for our legitimate interests to:
|
| To conduct market research through your voluntary participation in surveys | Identity Data Contact Data Marketing and Communications Data | Necessary for our legitimate interests to understand customer usage and improve our products and services. |
| To train staff and monitor standards of service across the workforce. | Identity Data Contact Data Customer Data | Necessary for our legitimate interests in ensuring staff are effectively trained and in ensuring a consistent and high standard of service is being maintained. |
| To conduct credit checks in relation to businesses | Identity Data Contact Data Financial Data Customer Data | Necessary for our legitimate interests in ensuring the sole trader businesses who we engage with are financially reliable as required for our business continuity. |
5. WHEN WE SHARE YOUR PERSONAL DATA
We may share your personal data where necessary with the parties described below for the purposes set out in the table above:
- Vendors, consultants and other providers. We may share your information with third-party vendors, consultants, and service providers who work on our behalf and need access to your information to perform their tasks. These parties are authorised to use your personal data only as necessary to provide services to CFF UK.
- To comply with laws. We may disclose your information to comply with laws, enforce our policies, protect our services’ security, prevent harm or illegal activities, respond to emergencies, or as directed by you.
- Metro Group. We may share your personal data with companies in the Metro Group for our legitimate interests as highlighted in the table above.
We require all third parties to respect the security of your personal data and comply with applicable law. We do not permit our third party providers to use your personal data for their own purposes.
6. INTERNATIONAL TRANSFERS
We may transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the UK to countries which have laws that do not provide the same level of data protection as the UK law.
Whenever we transfer your personal data out of the UK to countries which have laws that do not provide the same level of data protection as the UK law, we always ensure that a similar degree of protection is afforded to it by ensuring that we use specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK. To obtain a copy of these contractual safeguards, please contact us via the details at paragraph 10.
7. DATA SECURITY
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
8. DATA RETENTION
CFF UK maintain a data retention schedule which details the applicable time each category of personal data is retained for. We decide on these timeframes by setting the period we believe is reasonably necessary to fulfil the purposes we collected it for. This will typically be for the length of our relationship plus any length of time we’re required to keep the information to fulfil our legal obligations, which is often 6 years.
We may also retain information to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot issues, assist with investigations and take other actions permitted by law.
Information connected to you that is no longer necessary and relevant to provide our services may be de-identified or aggregated with other non-personal data for research or analytical purposes.
9. YOUR RIGHTS
Subject to certain exemptions, and in some cases dependent on the processing activity we are undertaking, you may have the following rights in relation to your personal information:
- Request access to your personal data. To receive a copy of the personal data we hold about you.
- Request correction of the personal data. To have any incomplete or inaccurate data we hold about you corrected.
- Request erasure. To ask us to delete or remove personal data in certain situations.
Object to processing of your personal data where we are relying on a legitimate interest as the legal basis for that particular use of your data. - Object or opt-out at any time to the processing of your personal data for direct marketing.
Data portability. To receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to a third-party in certain situations. - Withdraw your consent to our processing of your personal data at any time, if the processing is based on your consent.
- Request restriction of processing of your personal data in certain circumstances.
If you wish to exercise any of the rights set out above or want more information about them, please contact us via the details at paragraph
We may need to ask for ID to check we are satisfied as to your identity and we generally have one month to reply to your request. You will not normally be charged for the request.
10. CONTACT US
If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact compliance@classicfinefoods.co.uk
11. COMPLAINTS
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns and find a solution with you if you raise this using the contact details in section 10.
12. AUTOMATED DECISION MAKING
We do not make any automated decisions about you when processing your personal data.
13. UPDATES TO THIS PRIVACY POLICY
We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check this page for the latest version of this notice.
14. THIRD-PARTY LINKS
You might find external links to third party websites on our website. This privacy notice does not apply to your use of such third party sites.