Privacy Policy



Introduction
Who are Gnaw Chocolate Limited?
Explaining the legal bases of General Data Protection Regulation

How do we collect your personal data?
What data is collected?
Why do we need to collect your personal data?
How will we use your personal data?
Your security. How we protect your personal data
Joint use of your personal data
Children
Protecting your data outside the EEA
International orders
Your rights under GDPR
What to do if you feel that your data has not been handled correctly
Policy updates
Contact us
 
 
Introduction

We appreciate that reading Privacy Policies isn’t top of your list when it comes to your favourite pastimes, but it is important.

Gnaw Chocolate has always operated under its core values of openness, honestly and integrity, as such, we want you to be fully informed about your legal rights, along with how Gnaw Chocolate Ltd collect, handles, used and securely stores your personal data.

The EU Data Law changes on 25th May 2018. Gnaw Chocolate are committed to ensuring that we comply with the new General Data Protection Regulation (GDPR) and that we continue to safeguard the data of our customers, followers, suppliers and employees.

To help you find the information you are looking for quickly and easily, we have broken our Privacy Policy down into sections.
 

Who are Gnaw Chocolate Limited?

Gnaw Chocolate Limited was founded in 2011 by founders, Matt and Terri Legon. Gnaw Chocolate Limited is legal owner of two chocolate brands; Gnaw Chocolate and Brooke & Amble.

Gnaw Chocolate works with a number of overseas distributors to supply both Gnaw and Brooke & Amble bars to customers overseas. Gnaw ensures that all distributers, suppliers and third-party agencies are all GDPR compliant.

For simplicity throughout the policy ‘we’ and ‘us’ refers to Gnaw Chocolate Limited as a whole. 

 
Explaining the legal bases of General Data Protection Regulation:

Gnaw Chocolate will only use personal data in a way that is both fair and lawful.

The new data protection law sets out 6 lawful bases for which a company may collect and process your personal data, these are:


Consent:


You can give your direct consent and positively opt-in to receive communication from Gnaw Chocolate.
For example; Marketing permissions: You may sign up to a receive a newsletter, direct mail or text messages.

We will never assume that you have given your consent, even if we have had this previously. From 25th May 2018, we must receive express consent for you to remain on our database. We will record the date, time and how consent was given by each individual that has given their consent.


Without direct consent:


This reason applies as part of a contract between two or more parties.
For example; Supplier and employment contracts. This could be a contract in the supply of goods and services or an employment contract.

Where personal details of a ‘Next of Kin’ are provided by an employee as part of the recruitment process, Gnaw Chocolate will ask for the employee to confirm that the appropriate permission has been granted by the Next of Kin for Gnaw to hold their personal data. This will be held securely and protected by password by Human Resources.       

 
Contractual obligations:

There are some circumstances where we would need your personal data to comply with our contractual obligations.

For example; Online orders: If you order a home delivery of our products from our online Gnaw Store, then we would need to take your address to deliver this to you. To complete your order, we would also need to pass this on to our courier partners to fulfil the delivery. We ensure that all suppliers and couriers are GDPR compliant, under our own obligations.


Vital interest:


In the interest of protecting someone’s physical health, mental well-being or in extreme cases, to save someone’s life, it may be necessary to pass on personal data.
For example; If the emergency services require this information, such as medication, Next of Kin. 


Legal compliance:


If the law requires us to, we may need to collect, process your data and pass this on to enforcement agencies if requested to do so.  
For example; Law enforcement: We may be asked to pass on details of people involved in criminal activity to the Police.


Government legalisation compliance:

It may be necessary to pass on personal data if we receive a valid request from a regulatory or public authority function, such as the HMRC.

 
Legitimate interest:

Legitimate interest is not focused on a particular purpose but it refers to where there is a minimal impact on the individual, or else a compelling justification for the processing.
For example, we may provide those registered with Gnaw loyalty scheme with exclusive offers, only available to them. The data privacy law allows this as an ‘legitimate interest’ in understanding our customers and providing the highest levels of service.

Legitimate Interest may also be used when:

  • the processing is not required by law, but is of a clear benefit to Gnaw or others;
  • there’s a limited privacy impact on the individual;
  • the individual should reasonably expect you to use their data in that way;

  • We cannot give the individual full upfront control or send disruptive consent requests when they are unlikely to object to the processing.


How do we collect your personal data?

Gnaw Chocolate gather personal data for a variety of ways during the operation of the business: These are: 
  • When you visit either the Gnaw or Brooke & Amble websites, and use your account to buy products and services, or redeem vouchers or discount codes provides by Gnaw or third-party voucher code websites
  • When you purchase a Gnaw chocolate product online and check out as a customer, whether you hold an account or check out as a guest
  • When you create an account with us
  • When you engage with us on social media
  • If you join our mailing list by positively opting -in to marketing preferences or join a loyalty programme administered by Gnaw
  • If you contact us for any reasons, to make an enquiry regarding the business or any of our products, apply for an employment post with Gnaw, or submit a complaint
  • When you enter prize draws or competitions, by any means, including electronically and via social media platforms
  • When you comment upon or ‘share’ any of Gnaw Chocolate Limited social media posts
  • When you review our products online, such as Google Reviews, Facebook Reviews and other review platforms. (Any individual may access personal data related to them, including opinions. If your comment or review includes information about the Partner who provided that service, it may be passed on to them if requested)
  • When you submit a customer feedback survey we have sent to you
  • When you complete any forms, which are then held by Gnaw. For example, if a photographic permissions form is required
  • When you’ve given a third-party permission to share with us the information they hold about you
  • If you make a complaint regarding the business, a member of staff or a Gnaw product; information will be held where a full internal investigation has taken place. If this also involves a third-party, this information may also be shared with them to ensure the investigation can be completed and unable us to seek an appropriate resolution
  • When you visit our factory and offices where we have CCTV systems operating for the security of both employees and visitors. These systems may record your image during your visit.
 

What data is collected?


When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.

For example, we will collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you made, items viewed or added to your basket, gift list and wish list choices, voucher redemptions, how and when you contact us.
  • When you set up on account online with us, we will request mandatory information:
    • your name, billing/delivery address, email and telephone number. For your security, we’ll also keep an encrypted record of your login password. We do not hold or store any payment information on our e-commerce website.
    • Details will be held on the e-commerce system regarding your order history, receipts along with delivery and tracking information
    • We will ask you to verify your email address details by sending an activation email – a confirmation email will be sent once your account is activated
  • We may also hold details of your interactions and communications with us through our website, emails, online store, social accounts and messaging app’s – this includes any comments, product reviews or testimonials left on the Gnaw Chocolate website
  • Details of your shopping preferences along with details of your visits to our websites and which site you came from to ours, if applicable
  • Information gathered by the use of cookies in your web browser
  • Technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered; this is tracked and stored on our secure Google Analytics account
  • If you receive an email from us, your engagements with be recorded on the mailing software, MailChimp. This includes open rate and click through rates
  • If you choose to engage and follow us via our social media channels, your username will be used and will be visible to other users of the Gnaw and Brooke & Amble pages if you post and we respond to your comments, questions or feedback.
    It is assumed that those using social media are over the age of consent (13 years old) and that they abide by the terms and conditions of Facebook, Twitter, Instagram and Pinterest.
  • Photographic permission forms maybe collected for consent to use imagery online, in print and on social platforms
  • Copies of documents you provide to prove your age or identity where the law requires this, For example; To comply with Employment Law we will need to check the ‘right to work within the U.K’ – this will involve Gnaw Chocolate holding a copy of you your passport and/or driver's licence. This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality

 
Why do we need to collect your personal data?

We want to ensure that we deliver our products to you quickly and efficiently; we want to provide the very best customer service.

As part of our commitment to customer service, we want to keep you informed with the latest Gnaw news, offers, limited discount codes, and competitions which may interest you. In the case of any loyalty scheme, we’ll would offer those members exclusive and relevant rewards.  


How will we use your personal data?

It is essential that we collect your personal information to enable us to process any orders that you make by using our websites. We will keep your details for a reasonable period afterwards in order to fulfil any contractual obligations to you and to provide the very best in customer service in your legitimate interest.

Holding this data is necessary to ensure we meet our legal obligations, such as The Consumer Contracts Regulations 2013 (which replaced the Distance Selling Regulations.

It allows us to respond to customer queries, refund requests, guarantees, returns, replacements and complaints. We may also keep a record of these to document how we communicated with you and also to monitor our own internal procedures.
  • We use your personal data in order to maintain, update and safeguard your account and to protect our business and your account from fraud and other illegal activities. It allows us to monitor browsing activity and to quickly identify and resolve any problems and protect the integrity of our websites. We action this as part of both our and your legitimate interest.
  • To protect our premises, assets, customers and partners from crime, we operate CCTV systems in our factory and offices which record images for security. We do this due to our legitimate interests. If criminal activity is detected, this data will then be passed on to the relevant law enforcement authorities.
  • With your consent, we will use your personal data and personal marketing preferences to keep you informed by post, email, web, social media, text, telephone about relevant products including special offers, discounts, promotions, events, competitions and Gnaw news. You are free to opt out at any time. (It is assumed that if you follow or like Gnaw Chocolate/Brooke & Amble on social platforms, that you opt-in to receive messages from Gnaw).
  • We will track digital marketing activity, such as email Open and Click-through rates and website traffic on Google Analytics to gain a better understanding of our communications and how we can improve these for the future for our customers.
  • To send you communications required by law or which are necessary to inform you about our changes to the services we provide you.
    For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders.
  • To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
  • We may use your data to develop, test and improve our systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests. For example; We may look at your personal data to enable us to make improvements to our website, providing you with an improved platform.
  • To comply with our contractual or legal obligations to share data with law enforcement. For example; If information is requested by the courts or Law Enforcement agencies.
  • To send you survey and feedback requests to our customers to improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message.

 
Your security. How we protect your personal data:

We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.

We secure access to all transactional areas of our websites using ‘https’ technology.

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. For example; When you set up an online Gnaw account, you will be asked to activate your account by verifying your email address.

Access to your personal data is password-protected, and sensitive data such as payment card information) is not stored by the website in anyway – there is no option to store card payment information on our e-commerce websites.  

All passwords are securely protected and are only accessed by Managers in the organisation. These are regularly reviewed and updated. All PC’s are password protected and locked by the user whenever they are away from their desks.

On occasion, it is essential in the operation of the business to send personal data to other suppliers, such as Sage, to enable us to process payments.  Whenever this is necessary, the document will be password protected. The password will only be shared verbally or on a separate email so there is no risk on interception. 

Internal policies are in place to ensure that data is not held in multiple, such as laptops, flash drives, external hard drives or on Cloud storage.

Similarly, when accessing computer systems remotely using Office 365, the security and compliance module is turned on to mark a document as secure. This module ensures that is a document is accidentally attached to an email, it is not sent.     

We regularly monitor our system for possible vulnerabilities and attacks, and we subscribe to a stringent ‘Malware Bytes’ Software and End Point Anti-virus software on all Gnaw computer systems to prevent any external penetration and regularly identify ways to further strengthen our security.

Our email and database provider, MailChimp, has a ‘double opt-in’ function which adds an addition layer of security and verification. In addition, reCAPTCHA is enabled, this prevents Spambots.

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will either be deleted completely or anonymised, so the data can still be held for business planning and statistical analysis but the individual can no longer be identified.
For example; In the case of website traffic, Google Analytics will automatically delete data after 24 months. When you place an order, our e-commerce system will keep the personal data you give us for five years so we can comply with our legal and contractual obligations.


Joint use of your personal data:

When you provide express consent to Gnaw Chocolate Ltd, you may also receive messages regarding our other brands, For example; Brooke & Amble or new products in the Gnaw Chocolate range.

Third-party suppliers:

We will only share your personal data with our business partners to comply with our contractual obligations to you or for the business. E.g. We will share your delivery address with our couriers to ensure your products are delivered. We do not share your personal data with other parties for their own purposes, for example, their own marketing.

We sometimes it is necessary for us to share your personal data with trusted third parties. E.g. Delivery couriers or to enable us to handle complaints. When this is essential, we ensure that they also keep your data safe and protect your privacy:
  • We ensure that all of our suppliers and business partners also comply with GDPR; we hold a copy of their Privacy Policy as part of their contractual agreement with us
  • We provide only the information they need to perform their specific services
  • They may only use your data for the exact purposes we specify in our contract with them, For example; Goods delivery
  • We work closely with them to ensure that your privacy is respected and protected at all times
  • If/when we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third-parties we work with are:
  • I.T companies who support our website, telephone and other business systems
  • Operational companies, For example; delivery couriers
  • Direct marketing companies who help us manage our electronic communications with you. Our customer database is securely stored with MailChimp, who are fully compliant with GDPR. To find out more about MailChimp’s Privacy Policy and their commitment to GDPR, please click visit: https://bit.ly/2kkGyih By signing up to the Gnaw mailing list, you give consent for your data to be sent to and securely stored by MailChimp on their servers.
  • Google Display Network and targeted social advertising platforms such as Facebook and Pinterest to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites
  • For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies
  • We may, from time to time, expand, reduce or sell the business and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.

 
Children:

Due to the nature of our business and the brand tone of voice, it is unlikely that we will ever broadcast messages which are not suitable for children. However, safeguarding children is of primary importance to Gnaw. Parental/guardian permissions will be sought if children under 16 engage with Gnaw, for example, for a school project. Permission forms will need to be returned prior to the children’s involvement in the project, including allergy information. When any photography is taken, photographic permission forms will need to be returned by those with parental consent.

With regards to social media, the age of consent for Facebook, Twitter, Instagram and Pinterest is 13. Whilst we cannot verify the ages of who follows us through social media, we can ensure that content is appropriate for all ages.
 

Protecting your data outside the EEA:

Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as the USA where our MailChimp account is held. We have ensured that MailChimp are fully complaint with the EU GDPR legislation.


International orders:

If you are based outside the UK and place an order with us, we will transfer the personal data that we collect from you to Gnaw in the UK. By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes. This may occur because our information technology storage facilities and servers are located outside your country of residence and could include storage of your personal data on servers in the UK.

The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA. For example, this might be required in order to fulfil your order, process your payment details or provide support services.

If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow GDPR at all times and that we must hold their Privacy Policy to ensure that this is the case as part of their contractual agreement with Gnaw. If you wish for more information about these contracts please contact our Data Protection Officer.


Your rights under GDPR:

The right to request the personal data held by Gnaw Chocolate.

As with previous Data Protection Laws, upon request we will provide you with a copy of all personal data we hold about you. If you would like us to do so, please submit a ‘Subject Access Request’. Under the new GDPR legislation, we will respond in full within one month of the request being received. We will acknowledge the request as soon as it is received. There will no longer be any £10 fee payable to us for this information request.

Where the Subject Access Request is more complex, Gnaw may request an extension in order to fulfil our obligation fully. If we choose not to action your request we will explain to you the reasons for our refusal and inform at the Information Commissioner’s Office of this decision.

To request a Subject Access Request, please do so in writing:
Data Protection Officer. Gnaw Chocolate Ltd. 64 – 65 Livestock Market, Norwich, Norfolk. NR4 6EQ.  customerservice@gnawchocolate.co.uk
 

Your right to withdraw consent

Under GDPR, individuals have the ‘right to be forgotten’. You have the right to withdraw consent at any time, even if you have previously given your express consent.

Electronically: You can do so electronically by clicking ‘unsubscribe’ at the base of any email sent to you by Gnaw Chocolate. Alternatively, you can write to the Gnaw Data Protection Officer via email or by post and request for your data to be deleted from the Gnaw database. 

By email:
The Data Protection Officer can be contacted at customerservice@gnawfolkchocolate.co.uk
Please include ‘For the attention of the Data Protection Officer’ in the subject line.

By post:

Data Protection Officer. Gnaw Chocolate Limited. 64-65 Norwich Livestock Market, Norwich. Norfolk. NR4 6EQ.

The personal data of any individual who unsubscribes will be automatically moved to an unsubscribed list. This will then be hard deleted from our mailing system, MailChimp.

If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
You also have the right to request:

  • The correction of your personal data when incorrect, out of date or incomplete
  • Removal of personal data when there is no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (such as the end of a warranty)
  • That we stop using your personal data for marketing purposes, either on specific channels or completely)
  • That we stop any consent-based processing of your personal data after you withdraw that consent
  • Review by a Partner of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).

To withdraw consent or make any amends to your personal data, please contact  customerservice@gnawfolkchcolate.co.uk

To stop receiving emails from Gnaw, you can also click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from Gnaw Chocolate and Brooke & Amble, unless you specify that you would still like to hear from either brand.

To stop receiving emails and other forms or marketing, you can also email: customerservice@gnawfolkchocolate.co.uk or write to Data Protection Officer. Gnaw Chocolate Ltd. 64 – 65 Livestock Market, Norwich, Norfolk. NR4 6EQ. 

Please note: You may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
 


What to do if you feel that your data has not been handled correctly.

If you are ever unhappy in anyway, we would like you to contact us:

Call us:

01603 501 518

Email us:
customerservice@gnawfolkchocolate.co.uk (Please as Data Protection to the subject line)

Write to us
:
Data Protection Officer, Gnaw Chocolate Ltd. 64-65 Norwich Livestock. Market, Norwich. NR4 6EQ


What to do if you would like to make a formal complaint:

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113.
Alternatively, visit www.ico.org.uk/concerns 

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.


Policy updates:

It’s likely that we’ll need to update this Privacy Notice from time to time to ensure we comply with legislation and safeguard our customers and business partners.
We will notify you of any significant changes, but you’re welcome to come back and check the policy whenever you wish.

You can also request a copy of this policy, by contacting our Data Protection Officer, by any of the methods listed above.

 
Contact us:

If you have any queries about your personal data or our Privacy Policy, please contact our Data Protection Officer who will be happy to help:

Call us:
01603 501 518

Email us:
customerservice@gnawfolkchocolate.co.uk (Please as Data Protection to the subject line)

Write to us
:
Data Protection Officer, Gnaw Chocolate Ltd. 64-65 Norwich Livestock. Market, Norwich. NR4 6EQ

 

 

Privacy Policy - updated 23 May 2018.