Who we are :
We are Yumi Limited (Yumi),a company registered in England with company registration number 11899980 Please read this notice carefully before you use our app or website or make use of any services provided by Yumi Limited or its subsidiaries or otherwise interact with Yumi Limited or its subsidiaries in the course of business. If you have any questions by emailing us at [email protected] .
Scope of this notice :
What information do we collect ?
If you register your details with us (via the app or the website) as a user or otherwise communicate with us, we will need to collect certain information in order to communicate with you and provide you with our services. The types of information we collect and why we need to do so are set out below.
There are six legal bases or reasons permitted by law for processing a person’s personal data. These are :
- Consent: you have provided permission for the processing of your personal data
- Contract: we need to process your personal data to perform our contractual obligations to you
- Legal obligation: we would break the law if we did not process or use your personal data
- Vital interests: your life (or someone else’s life) depends on our processing or use of your personal data
- Public task: we need to process or use your personal data to carry out a task that is in the public interest
- Legitimate interests: processing your personal data is in our legitimate interest, and we have carried out a Legitimate Interests Assessment (LIA)
In general, we anticipate processing your personal data as follows :
Type of data collected :
Contract data – data that we automatically collect
- Location data
Location data is collected on our website. We collect it to work out if we offer our services in your area. We do this in order to identify whether we are able to provide services to you.
- Customer details
Name, email, phone, home address or other address details, payment details and other biographical information pertinent for the provision of our services. We collect this data in order to provide our services to you or in order to answer enquiries about our services and provide customer services and investigate complaints.
Consent data – data that we have to ask your permission to collect
- Location data collected through our app
If you choose to enable this option we can provide a more efficient service to you. You give your consent to the processing of this data for one or more specific purpose.
- Your feedback about our services
If you choose to provide feedback we can use it in order to improve our services and learn about our customers’ needs. You give your consent to the processing of this data for one or more specific purpose.
- Permission to send emails and notifications
You can choose to give us permission to send you emails or notifications about our new services, business developments or special offers to promote and market our business. You give your consent to the processing of this data for one or more specific purpose.
- Internet activity
When you agree to the use of our cookies, you can choose to give us permission to use your IP address, browser type, browsing actions and patterns, unique identifier and other website/app identifying information to improve our service, personalise your experience and understand customer activity.
- Business contact name, role, email address, phone number and address
To operate and promote our business, in order to take steps prior to entering into a contract with you or in our legitimate business interest.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. Aggregated Data is similar to a ‘business presentation’ providing a statistic summary such as pie charts. For example, we may process data to calculate the percentage of users accessing or using a specific feature on our website. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice and permitted legal bases prescribed by law.
Transfer of your personal information to third parties :
Yumi may employ the services of third parties to help us in certain areas for various reasons such as delivery and hosting of the website and app, payment brokers, IT maintenance and identity checking services. In some cases, these third parties may receive your personal information. If you provide details of a payment card, we may use third parties to check the validity of the sort code, account number and card number you submit in order to prevent fraud.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Transfer of your information outside the EEA:
Yumi does not, at the effective date of this policy, intend to transfer your information outside the EEA.Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented including:
- Where we use certain service providers, we may use specific contracts by organisations operating outside the EEA which are approved by the European Commission in jurisdictions or countries which give personal data the same level of protection that is in place in Europe.
- Where and if we use providers based in the US, we may transfer data to them only if they are part of the Privacy Shield which requires them to provide a similar level of protection to personal data shared between the Europe and the US. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA and in relation to any contracts which we may have with organisations operating outside the EEA.
Our product and service range, as per most businesses, is always subject to change and evolution. At Yumi, we would like to keep you up-to-date with details of any new services or any offer and promotions or improvements to existing services using the information that you have supplied to us.
You will receive marketing communications from us only if:
• you have requested information from us; or
• you have expressly consented to receiving that marketing.
You can ask us to stop sending you ‘marketing messages’ or notifications at any time by logging into your account and adjusting your marketing preferences or by following any opt-out links on any marketing message sent to you or by contacting us at any time.
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and any applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Cookies and related tracking technologies:
Yumi uses the following categories of cookies :
Group 1: Strictly Necessary Cookies
These cookies are essential in order to enable you to move around our website and our app and use their features. Without these cookies, services such as remembering your login details cannot be provided and we would not be able to provide any meaningful service.
Group 2: Performance Cookies
Group 3: Functionality Cookies
These cookies remember choices you make. These can then be used to provide you with a better user experience to make your visits to our Website and our App more tailored and convenient. The information these cookies collect may be anonymised and they cannot track your browsing activity on other apps or websites.
Group 4: Targeting cookies or advertising cookies
These cookies collect information about your browsing habits in-order-to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of advertising campaigns. The cookies are usually placed by third party advertising networks. They remember the websites you visit, and that information is shared with other parties such as advertisers.
Category 5: Social Media Cookies
These cookies allow you to share what you have been doing on the App on social media such as Facebook and Twitter. These cookies are not within our control. Please refer to the respective privacy policies of the relevant social media outlet for how their cookies work.
If you want to delete any cookies that are already on your computer or device, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies or otherwise contact the operator of your computer or device or operating system for more on information on how to delete any cookies. Alternatively, you may refer to the User Manual for your computer or device.
Information on deleting or controlling cookies is available on the Internet through various websites. One example is www.AboutCookies.org. Please note that by deleting our cookies (or disabling future cookies) you may not be able to access certain features of our website or app and, therefore, you may not be able to make use of our services.
Yumi may use ‘Web Beacons’ from time to time or at all times depending on our interface and on our feedback from you. This means that some sections of our app, our website and our emails may contain electronic images known as Web beacons (sometimes known as clear gifs) that allow us to count users who have visited these sections or read our emails. Web beacons collect only limited information which include a cookie number, time and date of a section view, and a description of the section on which the Web beacon resides. We may also carry Web beacons placed by third party advertisers. These beacons do not carry any personally identifiable information and are only used to track the effectiveness of a particular campaign, email, advert or marketing material. As such, they do not fall within the meaning of personal data.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties so that your personal data is only accessed, processed or used in very strict and specific circumstances. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Sale of the business:
Updating your information:
It is important that the personal data that we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You may review, correct, update or change your personal information at any time by contacting us at [email protected] or amending your account details on the App.
Third Party Links:
Our website and our app may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements, policies or data-handling processes. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Your legal rights:
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK’s authority for data protection issues which governs the UK’s Data Protection Act (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns about data protection before you approach the ICO. So, please contact us in the first instance.
You have the right to:
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information which we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
Access to information
The Data Protection Act 1998 gives you the right to access information held about you. Your right of access can be exercised in accordance with that Act.
What we may need from you:
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights as outlined above). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond:
We will respond to legitimate requests within 30 days. Occasionally it may take us longer than a month to make a substantive decision or finalise your request particularly if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated as to the relevant timescales.