1.2 By providing us with your data, you warrant to us that you are over 13 years of age.
1.3 JACK & CHILL/NIKASU FOODS UK LTD are committed to safeguarding the privacy of our website visitors and service users.
1.4 This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
2. Our details
2.1 JACK & CHILL is the brand registered in England and Wales under the company name NIKASU FOODS UK LTD and our registered office is at 21-23 Croydon Road, Caterham, England, CR3 6PA.
2.2 NIKASU FOODS UK Ltd/Jack & Chill is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice)
2.3 In this document when we refer to our website this is http://jackandchill.co.uk/
2.4 You can contact us by email:- email@example.com
3.1 This document was created using a template from SEQ Legal (https://seqlegal.com/free-legal-documents/privacy-policy).
4. Where we collect your personal information from:
We may collect data from you in the following ways:
Data you give to us:
• When you sign up to our website
• When you sign up to our newsletter
• In emails or letters to us
• When you enter our competitions
• When you leave us feedback
• When you visit us at one of our events
Data we collect when you use our services:
• Payment and transaction data
• Profile and usage data – data we collect from devices you use to connect to our services such as
computers and mobile phones, using cookies.
Data from third parties we work with:
• Social networks such as Instagram, Facebook and Twitter. Please visit these sites individually for information on their privacy policies.
5. Data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Identity data – name
• Contact data –address, email address or telephone numbers
• Financial data – bank account and payment card details (through izettle payments at events)
• Transaction data – details about payments to and from you and other details if you have purchased
• Technical data - internet protocol (IP) address, browser type and version, time zone setting and
location, browser plug-in types and versions, operating system and platform and other technology on
the devices you use to access our website
• Marketing and communications data – your preferences in receiving marketing from us and our third parties and your communication preferences
6. How we use your personal data
6.1 In this Section 6 we have set out:
(a) the general categories of personal data that we may process;
(b) in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
6.2 We may process enquiry data (information contained in any enquiry you submit to us regarding goods and/or services). The enquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is consent.
6.3 We may process transaction data (information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website). The transaction data may include your contact details, your card details and the transaction details. The source of the transaction data is you and/or our payment services provider iZettle. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely [the proper administration of our website and business.
6.4 We may process notification data (information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
6.5 We may process correspondence data (information contained in or relating to any communication that you send to us). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
6.6 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
6.7 We may process any of your personal data identified in this policy] where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
6.8 Please do not supply any other person's personal data to us, unless we prompt you to do so.
7. Providing your personal data to others
7.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. Information about our group of companies can be found at www.nikasu.com
7.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
7.3 Financial transactions relating to our website and services may be handled by our payment services providers, iZettle & Metro Bank. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at
7.4 We may share your personal data with Service providers who provide accounting, order fulfillment, administrative, PR, Marketing and sales services
7.5 In addition to the specific disclosures of personal data set out in this Section 6, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
8. Retaining and deleting personal data
8.1 This Section 8 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
8.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
8.3 We will retain your personal data as follows:
(a) Any personal data will be retained for a minimum period of 2 years from the date your contract is terminated with us.
8.4 Notwithstanding the other provisions of this Section 7, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
9.1 We may update this policy from time to time by publishing a new version on our website.
9.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
9.3 We will notify you of any changes to this policy by email.
10. Failing to provide your own personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
11. Transfer of Data
We are subject to the provisions of the General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
• We may transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
• If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place; or
• Where we use certain service providers who are established outside of the EEA, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
12. Third Party Links
Our website may include links to third party websites, plug-ins and applications (for example when you are signing up to our newsletter or requesting a money off voucher through a pop up). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.
14. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.
15. Marketing Communications
We may use your personal information to tell you about relevant goods and any upcoming offers. We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so. You can ask us to stop sending you marketing messages at any time – you just need to contact us, or use the opt-out links on any marketing message sent to you.
16. Your rights under the GDPR Laws
You have certain rights which are set out in the new GDPR laws relating to your personal information. The most important rights are:
• The right to see what information we hold – you can request this from us on firstname.lastname@example.org and this is known as a data subject access request.
• Not to have to pay a fee to access your personal data.
• The right to tell us that the information we are holding is incorrect. If you think this is the case, please
send an email to email@example.com and we will check its accuracy and correct where
• Withdraw consent to using your information. If you would like to do this then please contact us on
firstname.lastname@example.org. You have the right to object to our use of your information, to ask us to delete your information and to request the restriction of how we process your data.
We will aim to respond to all legitimate requests within one month, on occasions where it may take us longer we will notify you and keep you updated through the process.
17. Making a complaint
If you are unhappy with how we are using your personal data then please contact us on email@example.com . We are registered to process data with the Information Commissioner’s Office and you have the right to make a complaint with them also, however we would be grateful for the chance to deal with your concerns in the first instance.
18. Contact Us
For any reason and at any time, you may want to contact us at the following address :- firstname.lastname@example.org