Last updated: 24th May 2018
We are the primary data controller for the purposes of this website and our registered office is Grind, 8-10 New North Place, Shoreditch, EC2A 4JA, United Kingdom.
Grind & Co. Limited is the data controller of your personal data and is responsible for the collection, use, disclosure, retention and protection of your personal information in accordance with the General Data Protection Regulation.
Grind & Co. Limited may transfer your personal information outside of the European Economic Area to our group companies and authorised third parties. Where we use third party service providers based outside of the European Economic Area, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. Where we use third party service providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
How we collect your data.
We may collect, process and retain personal information from you and any devices you may use;
When you navigate to a Grind web view or mobile view
When you make a transaction with us in store, online, or on our mobile app
When you register an account with us
When you provide it to us when you use our services
We may also collect personal information from you if you physically enter one of our stores.
The personal information we collect includes the personal information;
That you provide us when you register a Grind Card through our loyalty program
That you give us when you make a transaction with us in store, online, or on our mobile app
That you provide when you register an account with us
That you provide when interacting with our customer services team including details we require to contact you and verify your identity
Device identifiers such as IP addresses, cookie IDs, IDFAs and other device identifiers
Geo location information, IoT technologies and connection information such as statistics on your page views, traffic to and from the sites, ad data and referral URL
If you give us personal data about someone else, you must do so only with their explicit and prior consent.
How we use your data.
We may use your information;
When we process orders your make
When we provide you with customer service
When we customise, measure and Improve our services
When we provide you with editorial content
In order to detect, prevent, mitigate and investigate fraudulent or illegal activities
In order to provide other services requested by you as described when we collect the information
Where there is a legitimate business interest or a reasonable expectation to do so, we shall use and retain your personal information to contact you via email, social media or postal mail in order to inform you of account activity, delivery fulfilment and marketing activity.
We retain your personal information as long as it is necessary or relevant . After it is no longer relevant for us to retain your personal information, we dispose of it securely according to our data retention and deletion policies.
When we determine the maximum retention duration of any personal data we hold we do so with regard to our legitimate interests to retain data, our obligation under GDPR to minimise data we hold with what we do hold as personal data being kept proportionate; the nature, and sensitivity of the personal data and the potential risk of harm from unauthorised use or disclosure of your personal data.
The General Data Protection Regulation provides for rights of access, modification and deletion of your personal information.
These include your rights to;
Access and obtain a copy of your data on request
Require the business to change incorrect or incomplete data
Require the business to delete or stop processing your data
Object to the use of your data where the business' legitimate interests are the grounds for use
You can submit requests for this at firstname.lastname@example.org or at Grind, 8-10 New North Place, Shoreditch, London, EC2A 4JA.
If you do not wish to receive editorial communications from us, you can unsubscribe with the link in any email you have received.
Disclosure and Security.
We may disclose your personal information to authorised third party service providers who help us to provide our services, these include but are not limited to;
When we require a payment payment providers to facilitate a purchase
When we require a fulfilment provider to facilitate order management and delivery
When we require an email provider to facilitate our editorial content
We minimise the amount of personal information we disclose to what is directly relevant and necessary to accomplish the specified purpose.
We protect your information using measures that reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in specific accordance with our instructions.
Where legally compelling grounds exist, we may also disclose your personal information to the government and to law enforcement, and otherwise in the defence of legal claims.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.