Who Is Chocbox?
Chocbox is an online retail brand, owned by Chocbox Ltd, a business registered in England & Wales (company number: 08471487).
The legal responsibility of ‘Chocbox’, ‘we’ and ‘us’, as referred to in this policy, falls to Chocbox Ltd. Chocbox is committed to protecting our customers’ privacy and complies with the General Data Protection Regulation (GDPR) requirements.
Please take the time to review this notice, which explains which information we collect about visitors to this site, how we use it, and your rights.
Which Personal Data Do We Collect?
When you access and move around www.chocbox.co.uk (and any future Chocbox app), register an account with us or buy a product from us, we may collect some or all of the following personal data about you:
- Your username and password
- Your name, date of birth, age and sex
- Your billing and delivery addresses, email address and phone number(s)
- Delivery information and preferences
- Payment method (typically credit card or debit card)
- Your images and other user content you may post on this site or on Chocbox’s social media, eg: for product comments
- Your correspondence with and from Chocbox
- Records of your interactions with us, eg: if you contact our customer service team or interact with us on social media
- Information you provide when you enter a competition, sign up for any of our clubs and current and future online activities and events, surveys, feedback, etc
- Your preferences about receiving communications from us
- Details we may ask you to submit (securely) to verify your identity.
We may also collect information about the device you use to access our site as well as other information necessary to offer you the full benefits of our site. Eg: we may access your location if you give us your consent, so we can make sure you receive your purchases from us.
In order to take advantage of some of our services, you may need to supply us with the personal details of a third-party (for example, their name and address if you wish to send them a gift). We will not use this information for anything other than providing the service for which the information was supplied.
We may also collect some of this personal data from third parties who have your consent to pass your details to us.
We may combine information you give us while using this website (eg: if you make a purchase or join our mailing) with the information above.
How We Use Your Personal Data
Depending on how you use our site, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include:
- To fulfil your order and maintain your online account
- To manage and respond to any queries or complaints to our customer service team
- To personalise the Chocbox site to you and show you content we think you will be most interested in, based on your account information, your purchase history and your browsing activity
- To improve and maintain the site and to monitor its usage
- For market research, eg: we may contact you for feedback about our products
- To send you marketing messages and show you targeted advertising (where we have your consent or are otherwise permitted to do so)
- For security purposes, to investigate fraud and, where necessary, to protect ourselves and third parties
- To comply with our legal and regulatory obligations
We rely on the following legal basis, under Data Protection law, to process your personal data:
- Because the processing is necessary to perform a contract with you, or take steps prior to entering into a contract with you (eg: when you make a purchase with us, we use your personal data to process the payment and get your order to you)
- Because we have obtained your consent (eg: when you contact us with a query, when you add optional information to your account profile, or if you consent to receive marketing from us)
- Because it is in our legitimate interests, as an e-commerce provider, to maintain and promote our services. We are always seeking to understand more about our customers in order to offer you the best products and customer experience – both online and off-line. We may use information about you to tailor your view of the site, to make it more interesting and relevant in respect of the products and offers on view.
We do love communicating with our customers! So, depending on your marketing preferences, we may use your personal data to send you marketing messages by email, phone or post. Some of these messages may be tailored to you, based on your previous browsing or purchase activity and on other information we hold about you.
If you no longer want to receive marketing communications from us (or perhaps would like to opt back in), you can change your preferences at any time by contacting us (details below), clicking on the ‘unsubscribe’ link in any email, or updating your settings in the ‘My Account’ section of the website. If you unsubscribe from marketing, please note we may still contact you with service messages from time to time (eg: order and delivery confirmations).
You may also see ads for our site on third-party websites, including on social media. These ads may be tailored to you using cookies (which track your web activity, so enable us to serve ads to customers who have visited our site). Where you see an ad on social media, this may because we have engaged the social network to show ads to our customers or users who match the demographic profile of our customers. In some cases, this may involve sharing your email address with the social network. If you no longer want to see tailored ads you can change your cookie and privacy settings on your browser and these third-party websites.
Who Do We Share This Personal Data With?
We may share customers’ personal data with third parties in the following circumstances:
- PayPal or another secure online payment service (when you make a purchase in our online shop)
- MailChimp – so we can produce interesting and relevant newsletters and e-shots. (Only applicable if you have given consent)
- Facebook, Twitter & Instagram (via interactions in widgets) – so that they can improve the relevance of ads shown to you on their networks
- Couriers – so they know where to deliver your stuff and can contact you directly, eg: if they can’t find your address
- Google Analytics – so that we can use their software to gain insight into the success and shortfalls of our website (although this data has been anonymised)
- With the owner of the Chocbox brand, The House of Sarunds Ltd, as required to operate the site
- With law enforcement or other governmental authorities, eg: to report a fraud or in response to a lawful request
- Otherwise where we have your consent or are otherwise legally permitted to do so
Storage & Retention
We will keep your personal data only for as long as we need it, for the purposes we describe above. So this period will vary, depending on your interactions with us. Eg: where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty purposes. If you have set up an account with us, we store and protect your data until you close the account.
We may also keep a record of correspondence with you (eg: if you have made a complaint about a product) for as long as is necessary to protect us from a legal claim. Where we no longer have a need to keep your information, we will delete it. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.
How We Protect Your Data
- Using HTTPS secure web connection. This ensures that all data transferred between yourself and Chocbox is encrypted. This means that if anybody did manage to spy on the connection, they would not be able to see the data being transmitted. You can read more about the benefits of HTTPS here
- SSL Keys. Our webserver can only be accessed via SSL keys. This increases security by removing the use of passwords to the website admin login
- Firewall. Our website can only be accessed via a firewall service. This greatly reduces the risk associated with your personal data by restricting access to hackers and addressing possible vulnerabilities
You have certain rights in respect of your personal data, including the right to access, correct and request the erasure of your personal data.
You also have the right to object to your personal data being used for certain purposes, including to send you marketing. See ‘Marketing’ above, for more details of how to opt-out of marketing.
We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are a number of limitations to these rights and there may be circumstances where we are not able to comply with your request. To make any requests regarding your personal data, or if you have any questions or concerns regarding your personal data, you should contact us using the details below.
You are also entitled to contact your local supervisory authority for data protection.
from the combined minds of Chocbox
This policy was last reviewed and updated in August 2020