Privacy Notice

PERSONAL IDENTIFICATION INFORMATION

We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our website, register on the website, place an order, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our website. Users may visit our website anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain website related activities.

GDPR

For the purposes of data protection law, the “controller” is Chocolate Express, a company incorporated and registered in Jersey under company number 69169 and having its registered office address 83-85 Central Market, Halkett Place, St Helier, JE2 4WL, Jersey (from now on referred to as “Chocolate Express”, or as “we” and related words such as “us” and “our”). Our registered Import VAT pre-paid Authorisation number is 121. 

As a controller, we are responsible for processing your personal data. We are registered as a data controller with the Office of the Information Commissioner, Brunel House, Old Street, St Helier, Jersey, JE2 3RG Information Commissioner’s Office, which is Jersey’s supervisory authority for data protection matters.

WHAT DO WE USE YOUR PERSONAL DATA FOR?

In the course of our business, which is the sale of chocolates and confectionary, in our shops and online, we collect the following personal data when you have given us your explicit consent, to keep you informed of current offers and products we have:

personal details, such as name, username

contact data, such as delivery address, billing address, e-mail address, phone number(s)

biographical data from job applications and CVs, such as employment history

transaction data, such as details about payments to and from you

technical data, such as your login data

profile data, such as username and password, previous orders    

We do not knowingly collect “special category” personal data. This is a special type of sensitive data to which more stringent processing conditions apply.

We also do not collect information about criminal convictions or offences.

HOW DO WE USE YOUR PERSONAL DATA? 

Introduction

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

to allow you to register an account

to perform a contract we are about to enter into or have entered into with you

if it is necessary for our legitimate interests (or those of a third party) and these are not overridden by your own rights and interests

where we need to comply with a legal or regulatory obligation.

Lawful processing

In order to process personal data, we must have a lawful reason (sometimes called a lawful basis). We always ensure that this is the case, and we set out our lawful bases below – but please note that more than one may apply at any given time: for example, if we inform you of changes to our privacy notice, we may process your personal data on the ground of complying with law and on the ground of legitimate interests.

Contractual Necessity

If you are our customer or applying for a job, we will process your personal data for the following purposes, on the legal basis that it is necessary for us to provide our products and services to you. Of course, you are not obliged to provide us with any of this information, but if you chose not to, we may be unable to provide the product or service that you have requested.

Legitimate Interests

We process your personal information for our legitimate business purposes, which include the following:

  • to conduct and manage our business
  • to identify suspicious purchasing activity (for example, where a card has been used for high-volume and/or high-value purchases or where cardholder and deliver addresses differ) – however, we do not make automated decisions on the basis of such profiling
  • to allow you to review a product you have purchased
  • to deal with complaints
  • to let you know about our products, services, promotions or events that we consider may be of interest to you (and which may be tailored to your interests as construed from your purchase history). We do this only where you have provided us with a preferred means of contact for this purpose. We carry out this processing on the legal basis that we have a legitimate interest in marketing our products and services, and only to the extent that we are permitted to do so by applicable direct marketing laws. You can opt out of receiving this information by unsubscribing from our emails.

Whenever we process your personal data for these purposes, we ensure that your interests, rights and freedoms are carefully considered.

Compliance with laws

We may process your personal data in order to comply with applicable laws (for example, if we are required to co-operate with an investigation pursuant to a court order).

Consent

If you have never purchased from us or have not purchased from us for a long time, but have given us your explicit consent to hear from us about our products, services, promotions or events that we consider may be of interest to you, we will contact you by email. You have the right to withdraw consent to marketing at any time.

DO WE NEED YOUR PERSONAL DATA – AND IF So – WHY?

To form a contract with you, we will need some or all of the personal data described above so that we can perform that contract or the steps that lead up to it: this is set out above in this notice. If we do not receive the data, the contract could not be performed.

If you sign up to our mailing list, you will have to provide certain personal data. Of course, you may decide to stop receiving our mailings at any time.

HOW LONG WILL YOUR PERSONAL DATA BE KEPT FOR?

We carefully consider the personal data that we store, and we will not keep your information in a form that identifies you for longer than is necessary for the purposes set out in this notice or as required by applicable law.

INFORMATION THAT IS GATHERED FROM VISITORS

In common with other websites, log files are stored on the web server saving details such as the visitor's IP address, browser type, referring page and time of visit. This information is not used to track individual visitors to this website.

Cookies may be used to remember visitor preferences when interacting with the website.

WHAT ARE COOKIES?

Cookies are small digital signature files that are stored by your web browser that allow your preferences to be recorded when visiting the website. Also they may be used to track your return visits to the website.

Where registration is required, the visitor's email and a username will be stored on the server.

HOW THE INFORMATION IS USED

Cookies may be used to enhance the visitor's experience when using the website and/or to enable a shopping basket system or features such as expanding menus. These session cookies expire after a browser session so would not be stored longer term. For this reason session cookies may sometimes be considered less privacy intrusive than persistent cookies. They are sometimes known as benign cookies.

SHARING YOUR PERSONAL INFORMATION

We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above. We may use third party service providers to help us operate our business and the website or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.

E-mail may be sent to inform you of news of our services or offers. You will always be given the chance to opt out of any periodic mailings.

If you have subscribed to one of our email services, you may unsubscribe by following the instructions which are included in e-mail that you receive.

HOW WE PROTECT YOUR INFORMATION

We adopt appropriate data collection, storage and processing practices and security measures to preserve data integrity, and to regulate access to the data, protecting against unauthorised access, data loss, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our website.

Our website operates on a secure linux server which is updated on a daily basis with any operating system updates or security patches that need applying.

Only authorised Chocolate Express employees and third parties processing data on our behalf have access to your personal data.

All Chocolate Express employees who have access to your personal data are required to adhere to the Chocolate Express Privacy Notice and we have in place contractual safeguards with our third-party data processors to ensure that your personal data is processed only as instructed by Chocolate Express.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We take all reasonable steps to keep your data safe and secure and to ensure the data is accessed only by those who have a legitimate interest to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us. Any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

DO WE TRANSFER PERSONAL DATA outside the eu?

Although we are based in Jersey, we may transfer your personal information to a location (for example, to a secure server) outside the European Economic Area, if we consider it necessary or desirable for the purposes set out in this notice.

In such cases, to safeguard your privacy rights, transfers will be made to recipients to which a European Commission “adequacy decision” applies (this is a decision from the European Commission confirming that adequate safeguards are in place in that location for the protection of personal data), or will be carried out under standard contractual clauses that have been approved by the European Commission as providing appropriate safeguards for international personal data transfers, or by the adoption of EU-US Privacy Shield.

YOUR INFORMATION RIGHTS

We draw your attention to your following rights under data protection law:

  • right to be informed about the collection and use of your personal data
  • right of access to your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information – you will be asked to provide proof of your identify and residential address, and we may ask you to provide further details to assist us in the provision of such information
  • right to have inaccurate personal data that we process about you rectified – we want to ensure that the personal information that we process and retain about you is accurate, so please do remember to tell us about any changes, for example if you have moved house or changed your contact details. It is your responsibility to ensure you submit true, accurate, and complete information to us; please also update us in the event this information changes.
  • right of erasure – in certain circumstances you have the right to have personal data that we process about you blocked, erased or destroyed
  • the right to object to, or restrict:
    • - processing of personal data concerning you for direct marketing
    • - decisions being taken by automated means which produce legal effects concerning you or that similarly significantly affect you
    • - in certain other situations, to our continued processing of your personal data
  • the right of portability of your data in certain circumstances.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

These rights are subject to certain limitations that exist in law. Further information about your information rights is available on the ICO’s website: https://oicjersey.org/  

THIRD PARTY CONTENT

Users may find advertising or other content on our website that links to the websites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these websites and are not responsible for the practices employed by websites linked to or from our website. In addition, these websites or services, including their content and links, may be constantly changing. These websites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our website, is subject to that website's own terms and policies.

OPTING OUT OF COOKIES FROM OUR WEBSITE

You may be able to block cookies via your browser settings but this may prevent you from access to certain features of the website.

COOKIES AND OUR USE OF GOOGLE ANALYTICS

If a page of our website contains a link to the Google Analytics tracking code we are using Google, as a third party vendor of visitor logging.

These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited.

We do not share personal data with Google.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this privacy policy at any time. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

YOUR ACCEPTANCE OF THESE TERMS

By using this website, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our website. Your continued use of the website following the posting of changes to this policy will be deemed your acceptance of those changes.