In connection with the use of the JOE LOYALTY APP (the “App”), JOE & THE JUICE A/S (“JOE & THE JUICE” or “we”) will, act as the data controller, collect, process and disclose personal data about the users of the App.
In this document, the word “User” or “you” refers users of our mobile application.
If you are a user of the App, you must read this text carefully in order to understand how we process your personal data.
COVID-19 UPDATE – NHS TEST AND TRACE (please note that this is only relevant to our customers and visitors who visit our stores in the United Kingdom)
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing.
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the coronavirus.
Where we are requested to do so by the NHS Test and Trace, we will share your name, contact phone number and the time that you made your purchase at our store and any other information requested by law by the NHS Test and Trace (the “Tracing Information”).
We will only share information with NHS Test and Trace if it is specifically requested by them. For example, if another customer at the venue reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of customer details for a particular time period (for example, this may be all customers who visited on a particular day or time-band, or over a 2-day period). If you fall within the specific categories specified by the NHS Test and Trace service, we will share your Tracing Information with the NHS.
NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We act as the data controllers for the collection of your personal data through our App and will therefore be responsible for compliance with data protection legislation for the period of time that we hold that information for this purpose. When that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time.
Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing, it will be destroyed by us 21 days after the date of your visit.
However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name, date of birth and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to.
The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the venue/establishment, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
Your information will always be stored and used in compliance with the relevant data protection legislation.
The use of your Tracing Information is covered by the General Data Protection Regulations Article 6 (1) (c) – a legal obligation to which we as a venue/establishment are subject to. The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating environment and to help fight any local outbreak of coronavirus.
By law, you have a number of rights as a data subject, such as the right to be informed, the right to access information held about you and the right to rectification of any inaccurate data that we hold about you.
You have the right to request that we erase personal data about you that we hold (although this is not an absolute right).
You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances.
You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute).
If you have any questions or would like to make a specific request or comment to us about how your information is used, you should contact us at firstname.lastname@example.org.
1. What information do we collect and when do we collect it?
We collect your personal data whenever you interact with JOE & THE JUICE and when you use the App. More specifically, we will collect and process the following information:
Information You Provide
Information We Collect Automatically
We automatically collect certain information when you access, use, or interact with our App:
2. The legal basis for the collection and processing of the personal data
Just as it’s crucial that you understand what personal data we collect and when, it’s equally as important for you to understand why we are processing that personal data. We will only process your data if we have a justifiable reason to do so in accordance with the applicable data protection law, for instance if we have your consent; if we have a legitimate interest in processing such data; if we have a legal obligation to process your data; or if we need to process your data to fulfil our contractual obligations to you or provide you with a service that you have requested.
To comply with our legal obligations
We process certain personal data to ensure that we comply with relevant and applicable legal requirements. For instance, we will process data to ensure that we are compliant with laws governing bookkeeping and tax.
We will process your data for our legitimate interests, including but not limited to our ability to operate, maintain and improve our business and to preserve and support our relationship with our customers. Before deciding to process your data in accordance with what we understand to be a legitimate interest, we weigh your own right to privacy against our own interests in processing such data.
We will process certain personal data for our legitimate interests as described below:
a) For improvement of the App and the business: we will process personal data to help us create, develop, operate, deliver and improve the contents and the performance, effectiveness and quality of the App, the products and services offered through the App, the content, communications.
b) For customer support and administrative purposes: to ensure that our customer support team can contact you and/or assist you with any questions, issues or complaints in the most efficient manner.
c) For security purposes: we will process certain data for anti-fraud and security purposes. For instance, we may process your IP address to monitor where your account is being accessed from.
d) For claims handling and for legal proceedings: we process personal data in connection with the handling of claims, debt collection and/or legal proceedings. Further, we may process your data in order to prevent fraud, misuse of the App and the App’s network security.
Fulfilment of a contract
We will collect and process your data for the purposes of ensuring that the contract between you and us is fulfilled. We will use your information so that we can provide you with access to our App, to provide you with the services and products that you have requested via the App, to ensure we are able to collect payment from you and so that we may contact you to revolve any problems with your order.
Where you provide consent
We also process your personal information based on your consent. In such circumstances, you are under no obligation to provide your consent or personal information but may choose to do so voluntarily. If you do grant us your consent, you may withdraw your consent at any time as described in the section below.
3. Withdrawal of consent
For processing of personal data based on your consent, you have the right to withdraw the consent, however, without affecting the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent by changing the settings in the App (where possible) or by contacting us directly at email@example.com.
4. Customer Marketing
If you have provided your consent, or if we have a justifiable reason for doing so (as permitted by law) we will use your personal information to inform you of any promotions we have on offer, or any new products or services that we believe may be of interest to you. We will communicate these to you via email or within the App. You can control your marketing preferences by changing your account settings within the App. Please click on your profile Consent Options select relevant toggle to turn on or off email marketing, advertising and re-advertising.
5. Disclosure of your personal data
a) Delivery service providers that deliver your purchased products you have purchased to you;
b) Auditing and accounting firms that assist us in the creation of our financial records;
c) Professional services consultants, such as firms that perform analytics, assist with improving our business, provide legal services, or supply project-based resources and assistance;
d) Payment providers who will verify the payment method information you have submitted to the App, and who will then process payment;
e) Customer support service providers who will assist us with resolving any issues you may experience with the App and related services;
f) Data control service providers who will assist us in managing and controlling the consents and related information that you provide to us;
g) IT service providers who will assist us with storage of information on our behalf pertaining to the App and with any back up or analysis of the App as a platform to help repair any technical issues;
h) Security vendors, such as entities that assist with security incident verification and response, service notifications, and fraud prevention;
i) Analytics services who will assist us with improving the effectiveness of the App. These service providers will conduct trend analysis that will allow us to better understand what you want to help to provide a more personalised customer experience.
j) Marketing partners who will assist us with identifying and distributing appropriate marketing and promotional information regarding JOE & THE JUICE and our products.
k) Remarketing (retargeting) partners who will assist us with distributing relevant advertising materials to you regarding JOE & THE JUICE and our products.
In addition to the above, we will disclose your personal data when:
l) We are required to do so (or we believe we are required to do so) in order to comply with a legal obligation or regulatory requirement;
m) We reasonably believe or suspect illegal activity or conduct is or has taken place and report this to law enforcement agencies; and
n) For our own legitimate interests if our business enters into a joint venture with, it purchases or is sold or merges with another business entity. In such circumstances your information may be disclosed or transferred to the new entity, any new business partners, our advisors or the new entity’s owners or advisors.
6. Personal Data Relating to Children
Our App is intended for users age 16 and older. We do not knowingly collect information from children under 16. If we discover that we have inadvertently collected information from anyone younger than the age of 16, we will delete that information.
7. International transfers of personal data
If we transfer personal data to recipients in countries outside the EU/EEA, we will, if required, put a contract or other means in place to ensure that your data is adequately protected, for instance, by using the European Commission’s standard contractual clauses for transfers of personal data to non-EU/EEA countries. Wherever your personal information is transferred, stored or processed by us, we will take commercially reasonable steps to safeguard the privacy of your personal information.
8. Retention period
We will store the personal data for as long as is necessary to fulfil the purposes above. This means that we store the personal data as long as you have an account with the App. If you delete your profile in the App, we will delete your personal data when we do not longer need to document compliance under applicable legislation and when we are no longer exposed to legal claims from you or other entities under applicable laws.
9. Your EU and UK Privacy Rights
Subject to local data protection legislation, if you are located in the EU or in the UK, you enjoy the following rights in relation to your data that we process:
a) The right to rectification: if your information is incorrect or inaccurate you are entitled to have this information corrected.
b) The right of access: you are entitled to access any information of yours that we are processing.
c) The right to be forgotten: you may ask us to delete your personal data from the App and from our systems. We will of course comply with such request, unless an exception applies.
d) The right to object: you are entitled to object to the processing of your data if such data is processed for purposes other than those necessary for the performance of the services provided under the App or for compliance with a legal obligation. Please be aware that if you object to the processing of your personal data, it may affect our ability to provide you with certain services or your use of the App.
e) The right to restrict the processing: you may also request that we restrict the processing of your personal data. If requested by you, it means that the processing of your data going forward will be suppressed or blocked altogether. If you exercise this right, your information may still be stored by us, but it will not be used any further.
f) The right to data portability: you are entitled to receive a copy of your personal data in a transferable format for your own purposes. However, please note that this right is subject to certain conditions under applicable data protection law.
g) The right to withdraw consent: in situations where you have provided us with your consent to process your data, you have the right to withdraw your consent at any time.
h) The right to lodge a complaint: you are free to lodge a complaint regarding our handling or processing of your personal data with the national data protection authority.
If you have any questions or wish to exercise any of your rights, please do not hesitate to contact us by email at firstname.lastname@example.org.
10. Your Nevada Privacy Rights
Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others. If you are a Nevada resident and would like to make such a request, please email email@example.com.
11. Your California Privacy Rights
Under California’s “Shine the Light” law, California residents may opt out of the disclosure of personal information to third parties for their direct marketing purposes. Any California resident may choose to opt out of the sharing of such personal information with third parties for marketing purposes at any time by directing such request to firstname.lastname@example.org.
The California Consumer Privacy Act (“CCPA”) provides California residents, referred to in the law as “consumers,” with rights to receive certain disclosures regarding the collection, use and sharing of personal information, as well as rights to access and control personal information. The CCPA defines “personal information” to mean “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular” California resident. Certain information we collect may be exempt from the CCPA because it is considered public information (because it is made available by a government entity) or covered by a federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.
To the extent that we collect personal information about you that is subject to the CCPA, that information, our practices, and your rights are described in the below disclosures.
Right to Information Regarding the Categories of Personal Information Collected, Sold, and Disclosed
On certain occasions, we also sell information to third parties. An external party may be considered a third party either because the purpose of sharing the Personal Information is not an enumerated business purpose under California law, or because our contract does not restrict them from using Personal Information for other purposes. To “sell” information means to disclose it to an external party for monetary or other benefit. We sell the following information:
Right to Access Information
You have the right to request access to Personal Information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. To protect our customers’ Personal Information, we are required to verify your identity before we can act on your request.
Right to Request Deletion of Information
You have the right to request in certain circumstances that we delete any Personal Information that we have collected from you. To protect our customers’ Personal Information, we are required to verify your identity before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipate. If we do, we will explain that to you in our response.
Right to Information Regarding Participation in Data Sharing for Financial Incentives
We may run promotions from time to time whereby incentive consumers to share personal information through use of our app. Participation in any of these incentives is voluntary, and you may opt out of the data sharing at any time
Right to Opt Out of Sale of Personal Information to Third Parties
You have the right to opt out of the sale of your personal information to third parties. To exercise this right, please visit our “Do Not Sell My Personal Information” webpage. Please note that your right to opt out does not apply to our sharing of personal information with service providers, who are parties we engage to perform a function on our behalf and are contractually obligated to use the personal information only for that function.
How to Submit a Request.
You may submit a request to exercise your rights by filling out a Consumer Data Request Form available here, or by calling 1-800-832-8916 or emailing us at email@example.com.
In order to process your request to know/access or delete Personal Information we collect, disclose, or sell, we must verify your request. We do this by:
You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf. We require that you and the individual complete notarized affidavits in order to verify the identity of the authorized agent and confirm that you have authorized them to act on your behalf. Parents of minor children may submit a birth of the child certificate in lieu of an affidavit, in order to make requests on the child’s behalf. Please see sample affidavits here.
Please contact us via the App or at firstname.lastname@example.org if you have any questions regarding the protection of your personal data or if you wish to exercise your legal rights.