EU Privacy Notice
Privacy Notice for Customers Located in the European Union
This privacy notice (Notice) explains how America’s Test Kitchen, including America’s Test Kitchen Limited Partnership and America’s Test Kitchen, Inc (we, our, us) collect, use and share our EU customers’ (you, your) personal data, and your rights in relation to the personal data we hold.
Our websites and communications are not intended for children under the age of 13. We will not knowingly collect personal information via any of our websites from visitors in this age group. We encourage parents to talk to their children about their use of the Internet and the information they disclose to websites.
We are committed to respecting your privacy.
Updating the Notice
We may modify this Notice at any time. We will endeavour to update you to any significant changes to this Notice. This Notice was last updated June, 2018.
Data controller and contact details
America’s Test Kitchen Limited Partnership is the data controller of your personal data and, where we are offering our products or services to individuals located in the European Union we are subject to the General Data Protection Regulation (GDPR).
If you have any questions about this Notice, or if you would like to exercise any of your legal rights in respect of your personal data, please contact us using the following details:
- Email: GDPR@americastestkitchen.com;
- Telephone: 800-526-8442
- Post: America's Test Kitchen, Customer Service, 21 Dry Dock Avenue, 21 E, Boston, MA 02110
How we collect your information
We may collect your personal information:
- from the information you provide to us when you fill in forms on our websites (for example, to register for one of our websites; cooking courses, electronic newsletters; product giveaways; or surveys);
- when you enter personal information into one of our third party hosted applications (for example, our iPad app);
- when you correspond with us by phone; email, or by other means;
- from cookies and similar technologies that we (or third party service providers on our behalf) may set on your computer (please see the section on cookies below);
- from third party social media platforms when you engage with us through these platforms.
The types of information we collect
We may collect and process the following personal information about you when you use our website, public forums, or otherwise communicate with us:
- your name, title, gender;
- your address, email address and phone number;
- your social media usernames;
- financial and credit card information when you make a purchase;
- your transaction history such as what products you have purchased from us in the past;
- technical information gained from your use of our websites, including your internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your website visit (such as which pages you visited, the time of visits, products you browsed, how you navigated to our website, and how long you spent browsing our website); and
- personal information provided by you in other correspondence with us.
How we use your information, our legal basis for using your information and who we share your information with
Where we have a contractual relationship with you
We will process your personal data because it is necessary for the performance of a contract with you (for example, when you purchase our products or services) or to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following:
- to carry out our obligations arising from any contracts entered into between you and us including processing payment transactions and to provide you with the products and services that you request from us;
- to interact with you before you enter into a contract with us, such as when you express your interest in our products or services (for example, to send you information about our products or services or answer enquiries about them).
In this respect we will share your data with our subcontractors as necessary whom we engage to assist us in conducting our business, such as CDS Global, Inc. who operate our order management system and Deloitte Digital an arm of Deloitte Consulting LLP who host and manage our customer database.
We also process your personal data because it is necessary for our or a third party's legitimate interests. Our legitimate interests include our commercial interests. In this respect, we may use your personal data for the following:
- to create and maintain a unique user account for you if you register as a member on one of our websites;
- to improve and customize the website for our users;
- for advertising and marketing purposes both by us and, from time to time, by third party underwriters of our television shows (unless it is required or appropriate to gain your consent) to whom email addresses registered to the relevant TV show websites are sometimes shared (email addresses registered to cooksillustrated.com are not shared with third parties). We never share telephone or credit card numbers with any third party;
- to enable you to participate in contests, surveys and other promotions;
- if our business (or a part of it) undergoes a sale, financing, merger or transfer, we may disclose your personal information to a counterparty and their professional advisors for due diligence purposes and to complete the transaction. Such transfer will be subject to an appropriate confidentiality agreement between the relevant parties and we will notify you by way of prominent notice on our website of any such change.
[We may also provide data such as your name; your email address; and information about which marketing material is relevant to you to Salesforce, our third party email service provider, so that we can contact you with marketing material or other relevant updates about our products and services. ].
We also process your Personal Data for our compliance with our legal obligations. In this respect, we may use your Personal Data for the following:
- to meet our legal and regulatory obligations, such as our tax reporting requirements;
- in order to assist with investigations (including criminal investigations) carried out by competent authorities.
For these purposes we may provide your data to our auditors, the police and other competent authorities.
Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of our services.
Marketing and advertising
We may use personal characteristics such as your expressed interests, your previous interactions with us and past purchases to target our communications and marketing to a specific audience. If you wish to tailor the communications you receive from us then please contact us using the details provided above.
You have a right to object to being profiled. Please see “Your Rights” below.
When you subscribe to an email list or an electronic newsletter we will provide you with the option to change your preferences and opt-out of receiving those communications. Every marketing email you receive from us will contain an "unsubscribe" link.
International transfers of data outside of the EEA
Where service providers are based in the USA, transfers of personal data are based on:
- the service provider being a certified member of the EU-US Privacy Shield scheme; or
- where the transfer is subject to one or more of the "appropriate safeguards" for international transfers prescribed by applicable law (for example, standard data protection clauses adopted by the European Commission). In particular, we have model clauses in place between us and CDS Global, Inc.
How long your information is kept
We will retain your personal data for as long as is required for legal purposes and our legitimate business purposes after the termination of our relationship with you. In particular:
- in relation to personal data relating to the transactions you have entered into with us, we will retain that data for an indefinite period after that transaction has concluded in case any legal claims arise out of the provision of those products or services;
- we will retain your details on our marketing database until you inform us that you no longer wish to receive our marketing communications. However, where you do unsubscribe from our marketing communications we will keep your details on a suppression list to ensure that we do not send you information you have asked not to receive.
Security of your personal information
The security of your personal information is important to us. Our sites have security measures in place to protect the loss, misuse and alteration of the information under our control, and all orders are communicated to us via a secure server. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. If you have any questions about security on our sites, you can send an email to us at email@example.com.]
Under the GDPR you have the following rights in relation to our processing of your personal data:
- to obtain access to, and copies of, the personal data that we hold about you;
- to require us to correct the personal data we hold about you if it is incorrect;
- to require us to erase your personal data in certain circumstances;
- to require us to restrict our data processing activities in certain circumstances (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
- to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for transmitting that personal data to another data controller;
- to object, on grounds relating to your situation, to any of our processing activities, including where we use profiling to market to you, where you feel this has a disproportionate impact on your rights;
- to complain about the processing of your data to the relevant supervisory authority (for example, in the UK this is the Information Commissioner’s Office).
Please note that the above rights are not absolute, and we may be entitled to refuse your requests where exceptions apply. For example, if you ask for your personal data to be erased, we may nevertheless continue to maintain certain details about you for our accounting and audit purposes and to comply with our legal obligations.