Who are we?
Health Food Wall makes available commercial fridges containing fresh and healthy food, drinks, snacks and other products supplied by us. The technological solutions used in the fridges make it possible for us to record and process which products you purchase from us. This makes it easier for us to stock the fridges properly and to know our consumers’ needs. Payments occur through our mobile app or through a contactless payment terminal that is built onto the fridge.
Health Food Wall acts as the data controller in processing your personal data. That means we determine the purposes for and the means by which your personal data is processed. If you have any questions about this Privacy Notice, the data we process, or if you would like to exercise one of your data protection rights, do not hesitate to contact us.
What kind of personal data we collect from you and for what purposes?
Data we process through our food walls
When you use our food walls, we collect data about which machine you have used, what products you have purchased, the date of purchase, the price of the products and type of payment card used. We do not collect personal data about you and we cannot link purchases to you as an individual.
Data we process when you use our mobile app
Some of our fridges should be operated with a mobile app, that can be downloaded from the Apple App Store or Google Play Store. When you use the app for the first time, you are asked to create a user account and provide payment details. The app contains a QR scanner that can be used to unlock the fridge. Payments occur automatically after you have taken products from the fridge. The app shows your purchases and receipts.
Through the fridge and app, we may collect and process the following information:
• First and last name
• Email address
• Language preference
• Information about your device, including device models, OS versions, configurations and settings, IP addresses, device identifiers and other unique identifiers
• Which fridge(s) you have been using
• The products you have purchased from the fridge(s)
• Payment details, such as bank card or credit card number*
We use this information to:
• Identify and authenticate you
• Enable interaction with the fridge(s)
• Provide software updates
• Offer maintenance services and customer support
• Provide (personalized) notifications, alerts, offers and promotions through the app
• Perform order management and inventory management.
• Send you receipts by email, if desired
In other words: we need your information to be able to offer you our services. Besides, we use yourinformation to be able to increase the performance of the fridge and the app and to improve customer experience. We have a legitimate interest to do so.
*Please note: we do not have access to your payment details. These are processed by our payment service provider, that acts as a data processor. Our payment service provider has no access to other information we collect about you. Your payment details are only processed after you have given consent.
Data we process through fridges with a payment terminal
Some of our fridges work with a built-in contactless payment terminal. You may open the fridge after the terminal has read your bank card or credit card. Only after you have taken out the desired products, your bank card or credit card will be charged. We collect information about the products you have purchased.
Your payment data are processed by our payment service provider. We have no access to your payment data. We receive a user-ID from our payment service provider, that we can link to the purchases you have made and the fridge you have been using, but not to you as an individual. We use the information about your purchases and the fridge to perform order management and inventory management and to improve customer experience.
Data we process when you contact us
When you contact us, we process your name, email address, telephone number (when you call us) and other information you provide to us. We use this information to communicate with you, to be able to respond to your questions or requests and to provide support.
Data we process through social media
We use social media accounts to promote our business and interact with our customers. When you choose to comment or post content on our social media accounts, we can see your name and profile picture. Also, you might provide personal information in your comment or post. You are not required to provide personal information on social media, so this is your own responsibility. We will not process personal data you provide through social media any further.
How long do we store your personal data?We will not store your personal data any longer than is necessary for the purposes for which is was collected. This means that information will be destroyed or erased from our systems when it is nolonger required. We will pseudonymize the information we store as much as possible. Some information will be stored for a certain period of time because of legal obligations imposed on us. For example, the Tax Authorities require us to store receipts, sales and inventory administration and other information for at least 7 years. If you make use of our app, the personal information you provide is stored indefinitely until you delete your account.
Information you provide in public posts and comments on our social media accounts will be stored indefinitely, unless we delete our social media accounts, or you choose to remove your posts and reactions. You can also contact us if you want us to remove certain information.
Data processing by third parties
We make use of third parties to be able to run our business and offer you our services. Those third parties may process your personal data, but only to the extent necessary. The following third parties act as data processors and only process data on our behalf:
• Our technical service supplier has developed our app and back office and stores information collected through the fridges and the app on their servers, which are located in The Netherlands.
• Our payment service provider enables us to accept online payments through the app and payments through the contactless payment terminals.
• We work together with companies that provide services such as administration, billing, sending emails on our behalf, customer contact centers, advertisements and website and email hosting.
• Affiliate companies which we control or own.
We may also share information with the following third parties:
• Food suppliers, to offer you fresh food from our fridges.
• Companies that can repair our fridges when they are broken or do not function properly.
These parties act as data controllers. Their main businesses do not concern the processing of personal data, but they might need some personal data to be able to carry out their services. We limit the disclosure of personal data to those parties as much as possible. We may share analytical data with our food suppliers, but we will not share anything that can be related to individuals with them. If you notify us of a defect in one of our fridges by email or telephone, we may occasionally share your contact details with repair and service companies. We will ask for your consent before we do so. Normally, we do not share personal information with such companies.
We may also disclose personal information to third parties when we are required to do so by the courts or to comply with other legal, statutory or regulatory obligations.
Data transfer outside the European Economic Area
We try to limit data transfer outside the EEA as much as possible. Some of the third parties mentioned above may transfer or store your data in countries outside the EEA. We make sure these third parties have appropriate safeguards in place.
Protection of your personal data
To keep your personal data safe and secure, we have implemented administrative, technical and physical security measures appropriate to the size and nature of our business. For example, we protect our devices with passwords and other security measures, keep our websites, devices and operating systems up to date, use firewalls against viruses, cyberattacks and unauthorized access and our website uses a SSL certificate for secure online communications. Also, the third parties that process data on our behalf all take your privacy very seriously. We have closed data processing agreements with them to ensure that your personal data is protected properly.
As a data subject, the GDPR provides you with certain rights concerning your personal data:
• The right to be informed on what personal data is being used and for what;
• The right of access to personal data that you’ve shared with us;
• The right to rectification of incomplete or incorrect personal data;
• The right to erasure if the purpose of personal data processing has been fulfilled;
• The right to the restriction of processing when you’re exercising other rights, for example
when a court case is in progress;
• The right to object to processing of your personal data;
• The right to data portability.
If you want to exercise one of your rights, please contact us at email@example.com. We will get back to you within 1 month from the receipt of your request. When you use our mobile app, you can also access and rectify some of your personal data from there.
If there is a dispute, we prefer to resolve it mutually. If we are unable to find a solution together, you can submit a complaint to the Dutch data protection authority, the Autoriteit Persoonsgegevens, through their website: www.autoriteitpersoonsgegevens.nl.
Updates to this Privacy Notice