Introduction

Packmyfood is conscious of its responsibility for maintaining exemplary business practices, not only with and by its staff, but also in relation to its local community and worldwide network of customers and suppliers.  Packmyfood is committed to ensuring that all personal data associated with its business is processed and stored securely and in line with the legal obligations of the General Data Protection Regulations (GDPR) (Regulation (EU) 2016/679).

The Packmyfood website complies with the principles of the Data Protection Act 1998.

The following Policy is intended to demonstrate how Packmyfood collects and stores personal data. As a data controller and data processor, Packmyfood collects stores and processes data to fulfil its contractual and legal compliance obligations. The purpose of this Policy is to ensure that all individuals associated with the Company understand its principles, procedures and standards for handling personal data, and to establish individual’s rights.

Personal data is defined as any information which can identify or be associated with an individual. This includes, but is not limited to: names, addresses, phone numbers and email addresses.

Sensitive personal data includes, but is not limited to: medical details, financial information and other sensitive personal information.

Data subjects are defined as any individuals (e.g. employees, customers, suppliers, contractors) associated with the Company.

How Packmyfood uses your information

Your name and contact details

Your payment information

Your contact history with Packmyfood

Every time you contact Packmyfood by email, phone, text or social media.

Purchase history

What you have bought from Packmyfood and what Packmyfood has bought from you over the time.

Our principles

The principles of the Policy require that personal information must:

• be processed fairly and lawfully and in accordance with the data subject’s rights;
• be processed in a manner that would be reasonably expected by the data subject;
• be used for the purpose it was collected for;
• be processed in the Company’s legitimate interest;
• be adequate, relevant and not excessive for the purpose it was collected;
• be processed with the correct level of confidentiality;
• not be transferred outside of the EU, unless that country or territory can ensure a suitable level of protection for the rights and freedoms of the data subjects whose personal data is being processed;
• be retained for as long as deemed appropriate and deleted thereafter. Low-risk paper documents are recycled and higher-risk documents with more sensitive personal data must be shredded.

Informed consent

• Transparency about the personal information Packmyfood holds on individuals is central to this Policy;
• At the first point of contact, individuals must be made aware of what information is collected and why;
• Failure to object or respond does not mean that consent has been given and consent must be as easy to give as it is to take it away;
• Consent should be reviewed at appropriate intervals.

Records

• Records relating to processing, storing and erasure of personal data are kept so that Packmyfood can understand and provide traceability for the full scope of its data handling activities;
• Data disclosure and a secure business network
• Packmyfood has a responsibility to ensure that it both maintains its business relationships to consistently high standards and that it collects, processes and stores personal data in line with GDPR;
• Personal data held by Packmyfood will not be transferred to any country outside of the EU without obtaining the data subjects consent or otherwise complying with the relevant privacy legislation;
• Packmyfood has an international network of agents, suppliers, contractors and external third parties that help it to provide the best quality service and achieve its day-to-day business objectives. For sales and compliance purposes, it may disclose personal information (such as contact information) to such trusted third parties inside and outside of the EU. Such business associates are bound by this Policy and will process personal data only when they can offer adequate measures to protect it;
• Packmyfood may disclose personal information if required by law.

Appropriate confidentiality at all levels

• Data stored in different formats is treated with the same level of security and safeguarding. Where electronic documents are password protected or have restricted access, paper versions are locked in filing cabinets or desk drawers;
• All sensitive personal data is held with the appropriate safeguards and access is limited;
• Profiling and credit checks are carried out against customers, suppliers and contractors by a third party. All results are held securely;
• CCTV cameras on site are for security purposes. Certain members of staff have login access via a browser. This is only accessed for security reason.
• Effective internal regulation
• This Policy empowers Senior Management and the Privacy Protection Officer to carry out internal data audits and compliance checks;
• Data protection procedures and guidelines should be reviewed annually by the Privacy Protection Officer to ensure compliance and good practice, and that all queries regarding data protection internally and externally are being dealt with effectively and in compliance with this Policy;
• All employees should receive general awareness training and/or sufficient information and guidelines on the implications of GDPR;
• All personal and Company-issued electronic devices are covered by GDPR and are verified for password checks. Employees working remotely should work on Packmyfood’s VPN where accessible and log in and out of each session;
• A password change policy is in place managed by the IT department;
• In an employee’s absence, IT support will be contacted and the absentee’s emails may be forwarded to another team member;
• Employees should avoid leaving documents with personal data out overnight.

Individual rights

1. Right to Access

All data subjects have the right to know what data Packmyfood holds on them. Packmyfood has one month to reply to all requests. If the request is excessive or unreasonable, Packmyfood has the right to charge a fee.

In all instances below, Packmyfood has the right to request one or two pieces of identification, to ensure the identity of the person who requests the information.

General response times are as detailed. If the response is unsatisfactory for the individual, they have the right to repeat their request. In this instance, Packmyfood has two weeks to review the objection with the Managing Director. The decision made in this second review is final.

All requests should be made in writing to the individual’s manager or Company contact.

1. Right to Portability

 Data must be provided in a format that the individual can understand and that another data controller could easily import. If requested, Packmyfood must send to the data to a third party. Packmyfood should provide the data in whatever format it is requested where this is a commonly used and readily available format to Packmyfood. Packmyfood is not responsible for protecting the data that has been received by the data subject or third party.

1. Right to Object

Data subjects can object to the processing of their personal information. Objections to direct marketing should be made automatically through the ‘unsubscribe’ link at the bottom of the marketing email, or in their account preferences. Packmyfood has one month to review and respond to objections to processing for HR purposes. Packmyfood may have a legitimate interest to override the request.

1. Right to Erasure (right to be forgotten)

Data subjects may request for their personal information to be deleted. The legitimate interest of the Company may override the request. The HR department and the Privacy Protection Officer will respond without undue delay.

1. Right to Rectification (right to correct administrative mistakes)

Data subjects have the right to request for any mistakes made in recording personal data, such as spelling mistakes or incorrect information, to be rectified. Packmyfood has one month to correct the mistake and inform the individual.

Security breach

All individuals will report any actual, near miss, or suspected data breaches to Packmyfood Privacy Protection Officer for investigation. Lessons learnt during the investigation of breaches will be relayed to data controllers and processors to enable necessary improvements to be made.

The Privacy Protection Officer and Managing Director are responsible for assessing the level of security breach and informing the ICO and data subjects where necessary. In the event of a security breach, Packmyfood has 72 hours to respond.

Cookies

We use cookies to collect information when you visit our site. These are the type of cookies we use on our website:

(1) Site functionality and necessary cookies – these cookies allow you to navigate the site and remember choices you make such as language and search parameters and they are essentials to use our website features.

(2) Site performance cookies – These cookies collect anonymous information in how people use our website. For example, we use Google Analytics, cookies to help us understand how customers arrive at our website, browse or use our site and highlights area of improvements. Googles privacy policy: https://policies.google.com/privacy

By using our website, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. Further information about cookies can be found at https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/.

Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our website and your user experience may be differ from what you’re expecting