RECIPE BOXES
BOX PRICES
Version 3Last updated: 07/02/24

View this as a PDF

Gousto Privacy Policy

Your privacy, our priority

Here at Gousto, your data's in safe hands. Not only do we promise to collect only the essentials we need to make dinnertime as delicious as can be, but we'll always keep you in the loop about how, when and why we use your data.

Privacy 1, 2 and 3

When it comes to your personal data, these are the three most important things you need to know.

1. We use as little data as possible to process your order, deliver your dinners, improve your experience online and contact you about things that might interest you.

2. We keep your data safe and secure, and will never keep it longer than necessary.

3. We'll always keep you in the loop when it comes to your data. And remember, you and your information are protected by data protection law.

Is this policy for me?

The Gousto Privacy Policy lets you know how we deal with your personal data. That's the information we know about you or that can be used to identify you. Plus, we'll describe in detail all the kinds of data we collect, how it's used and protected, who we share it with, how long we keep it and how you can access and correct it.

1. Who's responsible for my data?

That's us. We're SCA Investments Limited trading as "Gousto". We own and operate our website www.gousto.co.uk and the Gousto app, as well as any of the services available to you in-app or online. We're also the Data Controller responsible for protecting your personal data and privacy.

2. Why should I give Gousto my data?

We need your data to be able to deliver your delicious dinners. For example, we'll need your contact details when you open your Gousto account to deliver your meals and provide updates on your orders. Providing us with your personal data allows us to enter into a contract with you and perform our obligations under the contract. If you're unwilling or unable to share your personal data with us, we may be unable to enter into and/or perform the contract with you. This may lead to us cancelling or suspending a product or service you have with us. However, if we were to do this we'll notify you in advance.

3. What does the law say about the data Gousto needs?

Under General Data Protection Regulation (GDPR) we need valid legal reasons for using your data. This is called lawful basis. Our legal bases will usually be one of the following:

3.1 Performance of contract. We need to use data like your contact and payment information to sell you our products and complete your orders.

3.2 Consent. As part of the Gousto experience, you may agree to us collecting and using your data. This may be in the form of opting into emails you receive from us.

3.3 Legitimate interests. We sometimes use your data because we have a legitimate reason to do so. This includes things like providing you with the best product and service or keeping your data if we need to recover debt. We'll always balance your rights and freedoms against our legitimate reasons to use or retain your personal data.

3.4 Legal compliance. There may be cases when we're required to use your personal data to comply with legal or regulatory obligations that we're subject to.

4. How exactly does Gousto use my data?

Purpose

What we use and how we use it

Lawful basis

Provide services

We use your contact and transaction information to provide our services to you. This includes things like:

  • setting up and managing your account
  • communicating with you about your account and orders
  • completing your deliveries
  • dealing with queries and complaints

Performance of contract to fulfil the terms of our agreements with our customers.

Legitimate interests to monitor and improve our services.

Process payments

We use your data to process your payments, orders and refunds.

Performance of contract to fulfil the terms of our agreements with our customers.

Develop and improve our products and services

We use your contact information and feedback to:

  • collect feedback about our recipes
  • give our recipes a star rating
  • enable you to participate in a Gousto prize draw or competition
  • collect Gousto survey responses
This form of processing allows us to reward our customers and to develop and improve our products and services.

Legitimate interests to understand our customers and improve our products and services.

Consent where relevant to use your data in this way.

Reward our customers

We use your contact information to enable you to participate in a Gousto prize draw or competition.

Consent to use your data in this way.

Maintaining our platform and app

We use your behavioural data to manage our website and app as well as help keep these platforms secure. To do this, we may use strictly necessary cookies which you can find out more about by reading our Cookies Policy.

Performance of contract to fulfil the terms of our agreements with our customers.

Improve our online customer experience

We also use your behavioural data to experiment, test, troubleshoot and conduct data analysis to provide you with the best possible customer experience.

Legitimate interests to ensure our platforms are operating as expected, to efficiently present our content to you and to keep our platforms safe.

Consent to use analytics cookies, which you can find out more about by reading our Cookies Policy.

Marketing, gifting and samples

We use your contact information to:

  • send you marketing emails, mail, calls or SMS as long as we've received your permission. We get in touch with details about our goods and services. These might include special offers, discounts, events, competitions or promotions
  • send you marketing emails, mail, calls or SMS from trusted third parties as long as we've received your permission to send you gifts, free samples and other promotional material with your Gousto box that we think may be of interest to you
We also use your website, app, product and order history data to:
  • personalise your experience when you use our services so that they're more relevant and interesting to you
  • measure and improve our advertising
  • recommend recipes
We also use anonymised account data to build marketing personas. To do this we may combine your personal data with the data from lots of other customers, as well as any data we receive from third parties. We always anonymise your data to make sure your information is secure. This means we change your personal data so that it's no longer classed as personal data and you can't be identified by it.

Consent to use your data in this way.

Consent to use marketing cookies, which you can find out more about by reading our Cookies Policy.

Legitimate interests to support our marketing activities and be efficient about how to conduct our marketing activities.

Meet our legal obligations and prevent fraud

We use your contact information, transaction history, payment information and behavioural information to:

  • comply with laws and regulations that we're subject to
  • comply with requests made by law enforcement where required

Legal obligation

Keep your account secure and prevent fraud

We use your contact information, transaction history, payment information and behavioural information to:

  • detect and prevent fraudulent activity
  • keep our services secure
  • keep your account secure

Legal obligation

Provide location-based services

We may use your IP address and other customer behaviour data to:

  • recognise you when you visit or return to our website or apps
  • to track anonymised traffic and usage patterns. We always anonymise your data to make sure your information is secure. This means we change your personal data so that you can no longer be identified by it and so that it's no longer classed as personal data.

Legitimate interests to provide our customers with the best possible experience.

Performance of contract to fulfil the terms of our agreements with our customers. We may use cookies to do this, which you can find out more about by reading our Cookies Policy.

5. How long will you keep my data?

5.1 We keep different types of information for different periods of time. We'll only keep your personal information for as long as is reasonably necessary for the purposes we originally collected it. We'll always delete or anonymise personal data when it's no longer needed unless we're legally obliged to hold onto it. When choosing how long we hold on to your personal data, we consider the following:

• the amount, nature, and sensitivity of the personal data;
• the potential risk of harm from unauthorised use or disclosure of your personal data;
• the purpose for which we process your personal data;
• whether we can achieve those purposes through other means;
• applicable legal requirements;

5.2 We may keep hold of your data to contact you with product updates or offers at a later date. We keep this data for up to 36 months after you have stopped using Gousto. This means we may email you or send an SMS if you haven't ordered for a while. Remember, you can opt out of all marketing emails at any time in your account.

6. How will you protect my data?

6.1 Security is a priority for us. We're continuously implementing and updating administrative, technical and physical security measures to help protect your personal data. We protect your data and treat it with the respect it deserves.

6.2 Your data may be transferred, stored and/ or processed outside the UK and/or the EEA as our suppliers sometimes operate from outside of the UK and/or EEA. We'll only transfer your data outside of the UK and/or EEA in compliance with data protection laws and provided appropriate or suitable safeguards are in place to protect your data, such as Standard Contractual Clauses, Binding Corporate Rules (including the Mastercard Binding Corporate Rules) or any other clauses, mechanisms or safeguards to ensure compliance.

7. Who do you share my data with?

7.1 Service providers. We may allow third parties who supply us with a service access to your personal data. Examples include (i) e-commerce platform providers, (ii) couriers such as Yodel or CollectPlus, (iii) IT service providers that host, manage and service our data, (iv) website hosts, (v) content delivery networks and (vi) businesses that assist us in undertaking communications, monitoring, testing or improving our website or apps.

7.2 Banks and payment partners. We may share your payment information and email address with banks and payment service providers such as PayPal, SagePay, checkout.com and First Data (our payment gateway and providers) to process the payments of your orders and any potential refund, as well as credit reference and fraud prevention agencies, who may keep a record of that information.

7.3 Trustpilot. We may disclose your contact details to Trustpilot to enable it to email you inviting you to leave a review on our site.

7.4 Law enforcement agencies. We may disclose personal data so far as reasonably necessary if we have reason to believe that it breaches our terms and conditions, or that such steps are necessary to protect us or others, or that a criminal act has been committed, or if there has been a complaint about content posted by you, or if we're required to do so by law or appropriate authority.

7.5 Professional advisors. We may at times need to share your personal data with lawyers, bankers, auditors and insurers who provide us with consultancy, legal, banking, accounting and insurance services. Where appropriate, we will always seek to anonymise your data before we share it with these organisations.

7.7 Gifting partners. We may also share your contact details with third parties to send you gifts or loyalty rewards on behalf of Gousto.

8. What are my data protection rights?

You're covered by data protection laws that give you the right to request a copy, correct or the deletion of your information. You've also got the right to opt out of communications. Read on for your full list of rights.

8.1 Update or correct your information: you can easily correct or change your personal/ contact information on your "My Details" page by logging in to your account on our website or apps.

8.2 Access your information: you've got the right to request personal data that we hold about you, subject to us reserving the right to withhold such data to the extent permitted by law.

8.3 Delete your information: you've got the right to request that we delete all the personal data that we hold about you. Remember, we may be legally entitled to keep hold of some of your personal data.

8.4 Opt out of marketing communications: you can easily change your marketing permissions on your "Account Details" page, under your "Communication Preferences" section by logging in to your account on our website or apps. For more information on how to do this please see here.

8.5 Revoke your consent: if you've given us your consent to use your personal data, you can withdraw us from processing it at any time. Please note that it will have been lawful for us to use your personal data up to the point you withdraw your permission.

8.6 Object to us processing your information: if we're relying on "legitimate interests" as the legal basis of our processing of your personal data and you disagree with us using it, then you can object. However, if there is a compelling reason why we need to use your personal data, we may be able to continue to do so. Otherwise, we will stop processing it.

8.7 Have the processing of your information restricted: in some circumstances, you can ask us to restrict the processing of your personal data. For example, you might want us to pause processing payments until we've corrected your bank details or want to close your account and want us to keep a record of your information.

8.8 Have your information transferred to a third party: in some circumstances, we can provide your personal data to a third party in a secured, commonly used and machinereadable format on your request.

9. Will this policy change?

We update our privacy policy now and then but don't worry, if we make any material changes, we'll let you know by email. New versions will be posted on our website. We'll assume you agree to the revised privacy policy if you use our website or apps after the effective date shown at the bottom of this privacy policy.

Effective date: Our privacy policy was last updated on 07/02/24(Version 3)

How can I get in touch?

The quickest and easiest way to talk to us about your personal data is through our friendly Customer Care team. You can also contact our Data Protection Officer at dpo@gousto.co.uk. While we'd love to be your first port of call, you have the right to contact the Information Commissioner's Office (ICO) directly. We're registered with the Information Commissioner's Register of Data Controllers under number ZA029698.