Godiva's Privacy Policy

 This Godiva privacy policy governs the collection, storage and use of your personal data by us, Godiva (as defined below), as:

  • one of our customers;
  • a visitor of the website https://godivachocolates.co.uk/
  • people who contact us with enquiries;

It provides you with details about the personal data we collect from you, how we use it and your rights to control personal data we hold about you. 

This policy was last updated in May 2023. Godiva’s Policy, which is updated periodically, can be found on Godiva’s website at GODIVA UK Privacy Policy. We will also inform you about such updates by, amongst other things, email notification from time to time.

1.                Who we are:

The data controller responsible for the processing of your personal data is Godiva UK LTD, ("Godiva" or "we"), having its registered offices at St. Martins House, 1st floor, 1 Gresham Street, London, EC2V 7BX.

Godiva, as data controller, respects your right to privacy and will only process personal data you provide to us in accordance with applicable data protection laws and as described in this policy.

Applicable data protection laws include (i) EU Regulation 2016/679 (the "GDPR") (ii) the GDPR as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR"); (iii) the Data Protection Act 2018 ("DPA"); and (iv) all other existing or new applicable laws relating to or impacting on the processing of personal data of a living person and privacy.

2.                The personal data we collect about you and the purposes for which we collect it:

Below you will find an overview of (2.1.) the categories of personal data that we (or third-party data processors acting on our behalf) may collect, (2.2.) the purposes for which this data would be collected and the legal basis for processing.

2.1             Categories of personal data

(a)              Contact details / identification details

We collect personal information about you (such as your name, billing and shipping address, email address, phone numbers, payment details, date of birth, account information like order history or shopping list) when you place an order to receive a product from us, when you register an account with us, when you contact us (by filling out the contact form on our website, writing via the provided address or sending an e-mail), when you subscribe to our newsletter or when you make an enquiry.

(b)              Behavioral and engagement data

We collect information about how you use our website, such as the types of content that you view or engage with, actions you take, the frequency and duration of your activities. We log when you're using and have last used your account/our website, and what content you view on our website.

Personal data we collect may also include unique numerical identifiers such as the IP address of your computer or the MAC address of your mobile device (for example via the use of cookies in compliance with our Cookie Policy accessible at the following link [Godiva UK Cookie Policy].

2.2             Purposes and legal basis under the UK GDPR

We will collect, store and use your personal data for the following purposes and based on the following legal basis:

(i)               identify you and manage any account you hold with us (performance of a contract - failure to provide data for this purpose would prevent the creation of any account;
(ii)              to contact you for reasons related to the service you have signed up for or to provide information you have requested (performance of a contract - failure to provide data for this purpose would prevent us from providing you with any assistance;
(iii)             to respond to your online queries and provide you with services that you may request (performance of a contract - failure to provide data for this purpose would prevent us from following up your requests;
(iv)             deal with payment for our services/products (performance of a contract – failure to provide data for this purpose would prevent us from entering into a contract with you;
(v)              to deliver the content of our website, to ensure the functionality of our IT systems and the optimization of our website, as well as to safeguard our legitimate interests in order to arrange for clarification in the event of unauthorized or attempted access to our website; (legitimate interest - failure to provide data for this purpose would prevent us from granting you access to the website);
(vi)             to send you updates on our products and services when you have subscribed to our newsletter –failure to provide data for this purpose would prevent us from sending you updates on our products and services;
(vii)           to prevent the misuse of the services (legitimate interest –– failure to provide data for this purpose would prevent us from granting you access to the website;
(viii)          to comply with our legal, administrative and regulatory obligations– failure to provide data for this purpose may prevent us from fulfilling our legal, administrative and regulatory obligations;
(ix)             to improve our website, products and services– failure to provide data for this purpose would prevent us from making our products, services and website better. 
  1. How we share your personal data and who we share it with
    • Principle

We will not sell, rent or otherwise disclose your personal data to any third party, except as described in this policy.

  • Companies within Godiva and third-party processors

Your personal data may be shared with and disclosed to other companies within Godiva (i.e. Godiva Belgium, Godiva Global Limited) who are bound by the same internal procedures and who commit to respect your data protection rights.

We may also choose to disclose your personal data to third party processors to process personal data on our behalf for the purposes set out above. These parties are required to process such information based on our instructions and in accordance with this policy. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.

 

The third-party providers to whom we may disclose your personal data are:

  • cloud service providers, such as AWS;

-        our website development service provider GODIVA UK LTD. GmbH which assists us in maintaining our website and handles complaints about the website and digital sales through the website; and

-        analytics and search engine providers that assist us in the improvement and optimisation of our website, such as Google Analytics.

 

 Compliance with laws and legal proceedings

We may also disclose your personal data where:

  • we are required to do so by applicable law, by a governmental body or by a law enforcement agency;
  • to establish or exercise our legal rights or defend against legal claims;
  • to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.

4.                How long do we keep your personal data?

We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. In particular, we will hold your personal data for as long as your Godiva account remains active, and for up to 6 months after any activity with respect to the account ceases. If you ask us to get your personal data deleted in accordance with 7, (d) below, we will delete your personal data immediately.

5.                International transfers

 Some of your personal data may be made accessible worldwide in connection with the abovementioned purposes. For example, your personal data may be used and/or accessed by staff operating outside the UK or European Economic Area, working for us, other members of our group or third-party data processors. Further details on to whom your personal information may be disclosed are set out in section 3.

If we provide any personal data about you to any such non- U or EEA member of our group of third-party data processor, we will take appropriate measures to ensure that the recipient protects your personal data adequately in accordance with this privacy policy. These measures may include the following:

(a)              ensure that there is an adequacy decision in case of transfers out of the UK or EEA which means that the recipient country is deemed to provide adequate protection for such personal data; or

(b)              enter into the standard contractual clauses. These standard contractual clauses include certain safeguards to protect the personal data.

6.                Security

We take appropriate technical and organisational measures to safeguard the personal data that you provide to us against unauthorized or unlawful processing and against accidental destruction, loss or damage, including through use of appropriate organisational and technical measures, such as physical access controls to premises, staff training, locking files away, ISO accreditation, encryption, passwords for systems access and anti-virus software.

In the course of provision of your personal data to us, your personal data may be transferred over the internet. Although we make every effort to protect the personal data which you provide to us, the transmission of information over the internet is not completely secure. As such, we cannot guarantee the security of your personal data transmitted to our website and that any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorised access to it.

7.                Links to third party websites and social media connections 

Our website may occasionally contain links to websites owned by our network, advertiser and affiliate partners. If you follow a link to any of these websites, please note that these sites have their own privacy policies and that we are not responsible for these policies. We encourage you to review the terms of these policies before submitting any personal data to these websites

8.                Your rights

You have the following rights as a data subject:

  1. Right to access: you can ask us for a copy of your personal information; confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the EEA.
  2. Right to update your information: you have the right to ask us to update or correct any out-of-date or incorrect personal data that we hold about you;
  3. Right to withdraw your consent: where the processing is based on your consent, you have the right to withdraw consent at any given time, without affecting the lawfulness of processing based on consent before its withdrawal.
  4. Right to delete your information: you have the right to erasure where the conditions of article 17 of the GDPR have been met. You can ask us for further information on these specific circumstances by contacting us using the details in section 8;
  5. Right to restrict use of your information: you have the right to ask us to restrict the way we process your personal data where the conditions of article 18 of the GDPR have been met. You can ask us for further information on these specific circumstances by contacting us using the details in section 8;
  6. Right to data portability: you have a right to ask us to provide your personal information to a third-party provider of services. This right only applies where we use your personal information on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means.

g)     Right to object: you have a right to ask us to consider any valid objections which you have to our use of your personal data where we process your personal data on the basis of our or another person's legitimate interest; and

h)     Right to stop marketing: you have a right to ask us to stop using your personal information for direct marketing purposes.  If you exercise this right, we will stop using your personal information for this purpose.

We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain personal data may be exempt from such requests in certain circumstances, for example if we need to keep using the data to comply with our own legal obligations or to establish, exercise or defend legal claims. 

If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make. 

9.                Further questions and how to make a complaint

If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact us:

  • via email: privacy@godiva.com
  • via phone +44 0800 028 0787
  • via post: St. Martins House, 1st floor, 1 Gresham Street, London, EC2V 7BX

We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal data.

You also have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for the UK is the UK's Information Commissioner's Office and more information is available on their website at https://ico.org.uk/.