At the Joy of Eating (D. Grillandi t/a) we take your privacy very seriously and we endeavour to keep your data safe. We will never share with or sell your information to other business for marketing or sales purposes.
1. The personal data we collect
Information submitted through our website
If you bought a plan or service from us you told us your name, email address, postal address and phone number.
If you completed our questionnaire you also told us details about your diet, health, lifestyle, and other personal data.
If you bought something from our shop you told us your name, email address and billing address. You would also have entered your credit card details but we don’t know or store those details at The Joy of Eating. All financial transactions are handled using industry leading encryption through our payment gateway at stripe.com.
Information submitted by email
We may also collect information by email, social media or through messaging apps as part of the services you receive from us.
2. Web site analytics
We use Google Analytics to log and analyse the traffic to our web site.
A “Unique ID” tracking cookie is used for the legitimate purpose of anonymously identifying unique visitors, but otherwise no “personal data” is logged,.
Google Analytics processes anonymised information about:
the pages you visit on our website
how long you spend on each page
how you got to the site
what you click on while you’re visiting
We will not identify you through analytics information, and we will not combine analytics information with any other data that could identify who you are.
The lawful basis for processing anonymised data for Google Analytics is your consent.
3. How we use your data
We use your data to:
provide our services
analyse and improve our plans, services and web site,
send you emails about the services you receive from us,
meet our insurance obligations.
Under the General Data Protection Regulation (GDPR), the lawful basis we rely on for processing this data is: We have a legitimate interest.
4. Who sees your data
DO YOU SHARE MY INFORMATION WITH OTHER ORGANISATIONS?
We will keep information about you confidential. We will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
• Our insurers for the processing of a claim
• Any contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential
• Anyone to whom we may transfer our rights and duties under any agreement we have with you
• Any legal or crime prevention agencies and/or to satisfy any regulatory request
We will seek your express consent before sharing your information with third parties, however if we believe that your life is in danger then we may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.
5. Safeguards in place to ensure data that identifies you is secure
We only use information that may identify you in accordance with GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
We will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as password protected laptops. We ensure external data processors that support us are legally and contractually bound to operate and prove
6. How long we keep your information
Following completion of the plan or services you receive from us, we retain your personal data for the period defined by our insurers. This enables us to process any complaint you may make. In this case the legal basis of our holding your personal data is for contract administration.
7. Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
In all cases where we are asked to delete data we will keep a note of the following for two years after the request: your name, your email address, the reason, the date of the request and the outcome.
Please contact us by email if you wish to make a request: