Introduction

 
Planet Organic Limited (referred to as “we”, “us” and “our”) is fully committed to protecting our customers. This Privacy Policy (the “Policy”) sets out the basis on which any personal information we collect from you or that you provide to us will be processed by us. Planet Organic Limited has created this Policy in order to demonstrate our commitment to preserving the privacy of all visitors to our websites and customers of our products/services. We are committed to ensuring that all products, services and activities made available through our websites and stores are provided in a safe and secure environment.
 
Planet Organic Limited (company number 03826282) with registered office address 42 Westbourne Grove, London, W2 5SH is the data controller in relation to the processing activities described below. This means that Planet Organic Limited decides why and how your personal information is processed.
This Policy may change from time to time so please check this page occasionally to ensure that you’re happy with any changes. This Policy was last updated on 24 May 2018. 
 

Data we collect and how we collect it

The personal information we collect and the way in which we collect it are as follows:
 
Personal information you give to us. This is information about you that you give to us by entering information via our website, social media platforms, or corresponding with us by phone, email or otherwise. 
 
This personal information is provided voluntarily provided. This includes information provided at the time of registering to use our site, ordering products we provide through our site, posting material on any of our blogs, forums, wikis and other social media applications, requesting services, and managing your account online (including accessing documentation and engaging in correspondence with us by phone, email or otherwise). Such information may consist of, but is not limited to, your title, name, delivery or billing address, email address, payment card details, sales information relating to the sale of products to you, correspondence and communication details, and telephone and fax numbers. 
 
We may also ask you for information when you report a problem with our site. If you complete any surveys that we request you complete for research purposes, we will collect information in such circumstances as well. The information you give us includes your name, address, email address and phone number, enquiry details and may include records of any correspondence and responses to any surveys.
 
Personal information we collect about you. We may automatically collect details of transactions you carry out through the site, and your visits to our site, including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources you access. We may also automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Please see Cookies for further information.  We may also collect any personal information which you allow to be shared that is part of your public profile or third party social network, type and version, time zone setting, browser plug-in types and versions, operating system and platform.  
 

How we use your personal information

 
The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are explained below.
 
Performance of the contract with you or take steps to enter into. We may use and process your personal information where we have supplied you (or continue to supply you) with any products or services, where we are processing an order from you, where we have arranged for the supply of another company’s products or services to you, or where you are in discussions with us about any new product or service. We will use this information in connection with the contract for the supply of products or services when it is needed to carry out that contract with you or for you to enter into it. Please see Data we collect and how we collect it above for details of the types of personal information we process for these purposes.
 
Legitimate interests.
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes:
 
for marketing activities (other than where we rely on your consent to contact you by email or text with information about our products and services or share your details with third parties to do the same, as explained below in Consent for data processing);
for analysis to inform our marketing strategy, and to enhance and personalise your customer experience (including to improve the recommendations we make to you on our website and our mobile app);
to personalise your shopping experience, for example how you use our mobile app and website to provide you with personalised offers or shopping ideas;
to conduct market research, either ourselves or with reputable agencies;
to correspond or communicate with you;
to verify the accuracy of data that we hold about you and create a better understanding of you as a customer;
to help us understand more about you as a customer, the products and services you consume, the manner in which you consume them and how you shop across the Planet Organic, so we can serve you better;
for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access; 
for prevention of fraud and other criminal activities;
to administer and manage our YoYo loyalty scheme (for YoYo mobile app customers);
to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
to assess and improve our service to customers, stores, apps and website; 
for the management of queries, complaints, or claims; and
for the establishment and defence of our legal rights.
 
 
Consent for data processing. We may use and process your personal data where you have consented for us to do so. This includes:
 
To contact you with marketing information about our products and/or services if you have (i) registered for an account with us online and (where we don’t have another basis to contact you) indicate that you would like to receive such marketing from us; (ii) sign up to our mailing list, emails or texts service via our website or other medium where available; or (iii) when you refresh your marketing preferences and provide a consent when responding to a request from us to do so. 
 
You may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent for further details.
 
By providing your personal information and registering with us or logging on with us when you enter our websites, you explicitly consent to the Group processing and disclosing your Personal Information for the purposes, and otherwise in the manner set out in this Policy, or as otherwise provided in accordance with the Terms and Conditions.
 
Legal requirement. We will use your personal information to comply with our legal obligations: (i) to assist any public authority or criminal investigation body; (ii) to identify you when you contact us; and/or (iii) to verify the accuracy of data we hold about you.
 
Vital interests. Where we have supplied you with any products, we may use your personal information to contact you if there are any urgent safety or product recall notices to communicate to you or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you. It is in your vital interests for us to use your personal information in this way.
 
Job applicants, current and former Planet Organic employees
 
Planet Organic Ltd is the data controller for the information you provide during the process unless otherwise stated.  
 
What will we do with the information you provide to us?
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
 
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
 
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. 
 
What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
 
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t. We do not usually seek sensitive information (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation) from visitors. We will, where necessary, obtain your explicit consent to collect and use such information.

 

Data anonymisation and use of aggregated information 

Your information may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. Aggregated data cannot be linked back to you as a natural person. We may use this data for analytical and research purposes.
For more information on how we use cookies and how to switch them off on your device, please visit our Cookies Policy and our section of Cookies below. 
 

Others who may receive or have access to your personal information

 
Planet Organic recognises that your personal information is valuable and we take all reasonable measures to protect your information while it is in our care.
 
Third parties who provide products and services
 
There are some instances where your personal data may be shared with others in order to improve your customer experience at Planet Organic. Personal data submitted to us may be disclosed to other member firms (Venture Stream and Paraspar) to process your order or for Planet Organic to send you promotional information about Planet Organic only. We will never pass on your information to other companies for anything unrelated to Planet Organic.
 
When you enquire about or purchase one or more of these products or services through us, the relevant third party may use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them. These third party product providers may share your information with us, which we will use in accordance with this Policy. In some cases, they will be acting as a controller of your information and therefore we advise you to read their privacy policy.

 
Our suppliers and service providers
 
We may disclose your personal information to third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on Planet Organic’s behalf. These include, providers of information technology, identity management, advertising agencies, administrative services, website hosting and management, data analysis, data back-up, security and storage services. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions. 

 
Credit/debit card payment processors
 
When you purchase any products or services online, your credit/debit card payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us using the details at the end of this Policy.

 
Customer satisfaction surveys
 
As customer satisfaction is important to us, we may ask a third party research company to contact you for the sole purpose of gathering general information and specific information relating to us and our products and services. 

 
Other ways we may share your personal information
 
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. Planet Organic may disclose your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers, to any law enforcement, regulatory, or other government agencies or to other third parties as required by, and in accordance with, applicable law or regulation. 
 
We will always take steps with the aim of ensuring that your privacy rights continue to be protected.

 
Where we store your personal information
 
All information you provide to us is stored on our secure servers which are located within the European Economic Area (EEA).
 
If at any time we transfer your personal information to, or store it in, countries located outside of the EEA (for example, if our hosting services provider changes) we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law. This is because some countries outside of the EEA do not have adequate data protection laws equivalent to those in the EEA.
 
If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
 

Security and links to other sites

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access. 
 
Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
 
Our website may contain links to other websites run by other organisations. This Policy does not apply to those other websites‚ so we encourage you to read their privacy policies. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
 

Cookies

We use small text files called ‘cookies’ on our website which are placed on your hard drives to assist in providing an improved customised website experience. The use of cookies is a standard operating procedure for most websites. If you are uncomfortable with the use of cookies, most browsers permit users to opt-out of receiving them. In that case you will be unable to use this registration process and may find other functionality in the site impaired. After termination of the visit to our site, you can delete the cookie from your system if you wish to do so. For more information on how we use cookies and how to switch them off on your device, please visit our Cookies Policy.

Marketing

We may collect your preferences to receive marketing information directly from us by email in the following ways:
 
If you register an account with us online, we will ask you if you would like to provide your consent to receive marketing information directly from us; 
If you join our mailing list, we will contact you with marketing information, including special offers and new product information;
If place an order we may contact you with marketing information in the ways mentioned in the notices presented to you, except where you indicate you would prefer otherwise; or
From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
 
If you do not complete a purchase and have not indicated that you would prefer otherwise, we may send a reminder to you about your incomplete purchase.
 
You have the right to withdraw your consent (opt out) at any time to our use of your personal information for marketing purposes. Please see Withdrawing your consent and Objecting to our use of your personal information below for further details on how you can do this.
 

Your rights

 
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request.
 
Accessing your personal information. You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this Policy.  We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
 
Correcting and updating your personal information. The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this Policy.
 
Withdrawing your consent. Where we rely on your consent as the legal basis for processing your personal information, as set out under How we use your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Policy.  If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
 
Objecting to our use of your personal information and automated decisions made about you. Where we rely on your legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out under How we use your personal information, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this Policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data. You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe tool. You may also contest a decision made about you based on automated processing by contacting us in any of the details described at the end of this Policy.
 
Erasing your personal information or restricting its processing. In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this Policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request. You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.  In these situations we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.  
 
Transferring your personal information in a structured data file. Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under How we use your personal information, and we process this information electronically, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
 
Complaining to the UK data protection regulator. You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.
 
 
 

How long do we hold information for?

 
If we collect your personal information, the length of time we retain a record of your personal information for is determined by a number of factors. This is done in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary.
 
If you have registered an account with us we will store your personal information for as long as your account is open. If your account is dormant for more than [2 years] we’ll send you two reminders, after which we’ll close your account and delete your account information data.
 
If you have signed up to receive email marketing from us we will store your personal information for as long as you are subscribed to our email marketing list (even if your account has closed). If you unsubscribe or your subscription expires because you do not interact with our marketing emails for over [3 years], we will keep your email address on our suppression list to ensure that we do not send you marketing emails.
 
If you have contacted us with a complaint or query we will store your personal information for as long as is reasonably required to resolve your complaint or query.
 
We retain technical information for [18 months] from the date it is collected. 
 
The only exceptions to the above are where:
 
we may need your personal information to establish, bring or defend legal claims or to comply with a legal or regulatory requirement; 
the law requires us to hold your personal information for a longer period, or delete it sooner;
you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Erasing your personal information or restricting its processing above); or
in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
 
When it is no longer necessary to retain your data, we will delete the personal information that we hold about you from our systems. After that time, we may aggregate the data (from which you cannot be identified) and retain it for analytical purposes.
 

Changes to our Policy

 
We may modify or amend this Policy from time to time at our discretion and any changes will be notified to you by posting an updated version on our website and/or by contacting you by email. Any changes will take effect 7 days after the date of our email or the date on which we post the modified Policy on our website, whichever is the earlier. We encourage you to periodically review this Policy to be informed about how we are protecting your information and check for changes. If you do not agree with any aspect of the updated Policy you must immediately notify us and cease using our services.
 

Contact us

 
Please direct any queries about this Policy or about the way we process your personal information to our The Data Controller using our contact details below.
 
If you wish to write to us, please write to 42 Westbourne Grove, London, W2 5SH.
 
Our email address for data protection queries is privacy@planetorganic.com