Data Protection and Terms of Use for chicagotown.com

Data protection on the website of Dr. Oetker (UK) Ltd

This Privacy Notice explains in detail the different types of personal data that we might collect about you and how we use cookies on our websites. It also explains how we will store and process your personal data and how we will keep it safe.

1. Who are we?

For simplicity throughout this notice ‘we’ and ‘us’ means Dr. Oetker (UK) Ltd.

We are Dr. Oetker (UK) Limited and this policy applies to any contact you make with us in connection with any of our brands and products (on this website and our other websites run by us) including but not limited to our Dr. Oetker, We Bake, Ristorante Pizza and Chicago Town brands.

2. When might we collect your personal data?

We might collect your personal data in the following situations:

1. When you visit our websites and buy products or services from us.

We use a third-party service, Google Analytics, to collect standard internet information and details of visitor behaviour patterns. We do this so that we can find out things such as how many people have visited our websites and which parts of the websites they looked at and interacted with. We only process this information in a way that does not directly identify anyone.

If we do need to collect your personal data through our website, for example if you enter a competition, we will be very clear about what information we are collecting and what we intend to do with it.

When accessing our website, we will process data in server log files. This data derives from your terminal equipment and may include personal data. In particular, we process the following data:

  • the operating system of your terminal equipment
  • the browser used by you
  • the name of your provider
  • your IP address
  • data and time of access
  • accesses pages and search terms (if applicable)
  • the source that referred you to our website (referrer) for example Google, other websites and social media sites

This processing activity is necessary to ensure the operation of our website, to optimise the content and deliverability of our website, and to provide the necessary information to public bodies in case of a cyber attack. The legal basis for processing this data is our legitimate interest.

Tracking and Cookies

Our website uses cookies and similar technologies that store information on your terminal equipment or accesses such information for the following purposes:

  • providing our website analytics and personalisation - tracking
  • (re-)marketing / data sharing with third parties
  • remembering the notifications you’ve seen so that we don’t show them to you again
  • recognising you whenever you visit our site
  • allowing you to navigate between pages efficiently
  • measuring how you use our site so that we can update and improve it to give you the best possible experience

Providing our website

We use cookies and similar technologies to ensure certain features of our website. This is strictly necessary to provide our website. By doing this, we can, for example,

  • save your preferred language version of our website or similar settings for your next visit
  • distribute requests to our website across multiple web servers (load balancing)
  • provide a uniform context (session) to multiple requests to our website, in order to facilitate login-secured parts of our website or checkout / payment processes
  • save your consent regarding tracking tools and active / deactivate tracking tools according to your choice

When we process your personal data in order to maintain the integrity of our websites and to assess the number of visitors to our website we do so because we believe it is necessary for our legitimate interests.

Analytics and personalisation - Tracking

We use cookies and similar technologies to evaluate user behaviour on our website and to adapt it according to this.

Provided you have given your consent, we process information on your terminal equipment and the browser you are using (in the case of the website) every time you interact with our website. For example, we can find out which language settings you use on our website, whether you use a smartphone or a desktop computer or from which country you access our website.

In addition, we process information about how you interact with our website, for example, from where you are referred to our website, how long you use our website and the path you take through individual sub-pages. For example, we can record whether you found us via a search engine (and if so, under which search term) or an advertisement, how long you spent browsing the content of a particular page and how many pages you visited in total.

We use this information to create analyses of user behaviour on our website and to optimise the website accordingly. In some cases, we create several different versions of our website, which we present to individual users or user groups, and use cookies or similar technologies to evaluate which version is used by you in which way.

Our legal basis for this processing activity is your consent. You may withdraw or change your consent for future processing at any time by changing your tracking settings. Additionally, you may change your browser settings regarding cookies and similar technologies.

We use the following products for analytics and personalisation:

  • Google Analytics / Google Optimize

Google Analytics and Google Optimize are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google processes your data on our behalf (data processor). Our configuration of Google Analytics and Google Optimize does not allow Google to use data that is gathered through Google Analytics or Google Optimize to improve Google products and services.

Please find more information about the cookies that are used by Google Analytics and their respective storage periods here. Google Optimize also uses the cookies that are set by Google Analytics (please refer to the documentation here).

  • (Re-)Marketing / data sharing with third parties

We use cookies and similar technologies to evaluate the reach of our advertising campaigns and how users who have become aware of our website through our advertising campaigns use our services. We also use cookies and similar technologies to record which users use our website in order to form groups (“audiences”) and to address these audiences on other online platforms with personalised advertising.

If you have consented to this, we will record whether you have reached us via one of our advertising campaigns and how you then interact with our website. For example, we can record which share of users who have seen an advert actually use content from our website. This enables us to better plan and control our advertising.

In addition, we group the users of our website into audiences. Audiences are user groups that are put together by us according to certain criteria (e.g. all users who have accessed a category of recipes). If the users of an audience are also users of our marketing partners, we can individually address these users with advertisements (re-marketing) through our marketing partner’s platform. Information that our marketing partner has about his users in one of our audiences can also be used by him to suggest similar user groups to us for advertising.

To this end, we inform our marketing partners that you have visited our website and whether you have visited pages defined by us or have carried out other actions (e.g. registered an account). Our marketing partners may also use this information in the performance of their contract with us, for example to further personalise your profile on their own platform.

Our legal basis for this processing activity is your consent. You may withdraw or change your consent for future processing at any time by changing your tracking settings. Additionally, you may change your browser settings regarding cookies and similar technologies.

Our marketing partners are separate controllers for the data processing that they carry out for their own purposes. The marketing partner will provide you with their own data protection information.

We use the following products for (re-)marketing and we share data with the following third parties:

  • Facebook Pixel

Facebook Pixel is provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland (“Facebook”). More information about Facebook Pixel can be found here. Please also refer to the Facebook Data Policy.

  • Google Ads / Doubleclick

Google Ads / Doubleclick is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).  More information about cookies set by Google can be found here. Please also refer to the Google Privacy Policy.

  • Google Floodlight

Google Floodlight is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).  More information about cookies set by Google can be found here. Please also refer to the Google Privacy Policy.

  • The Trade Desk Pixel

The Trade Desk Pixel is provided by The UK Trade Desk Ltd.10th Floor, 1 Bartholomew Close, London EC1A 7BL, Great Britain (“The Trade Desk”). Please also refer to the  Trade Desk Privacy Policy (among other things for information about cookies storage periods) and the possibility to opt-out from data processing by The Trade Desk.

  • Facebook Page

We run a Facebook Page. Facebook Page is provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). When using the Facebook Page, personal data may be processed by Facebook, for which Facebook and we are jointly responsible. This joint controllership is governed by the Facebook “Page Controller Addendum”.

All key information about data processing on the Facebook Page can be found in the Facebook Data Policy and the Facebook Cookie Policy.

There you will also find all information on the nature and scope of the personal data affected by the data processing and your rights to information, confirmation, correction, deletion, restriction, data portability and complaint with a supervisory authority.

The legal basis for the data processing on the Facebook Page is the legitimate interest of us, Facebook and their customers to provide advertisements, recommendations and to receive insights and measurements. You may object to data processing towards Facebook (please refer to the Facebook Data Policy and the Facebook Cookie Policy).

We have no influence on data processing by Facebook. We do not receive any data from Facebook that would enable us to identify Facebook Page users or analyse their usage behaviour other than any information that you make publicly available on your Facebook profile. For information on how you can change your Facebook privacy settings click https://www.facebook.com/help/238318146535333/?helpref=hc_fnav

We use a third-party web application firewall from CloudFlare to maintain the security and performance of our website. CloudFlare operates a CDN (Content Delivery Network) which keeps copies of our website to allow quicker access from multiple geographic locations. The CDN allows users to access the website quicker than usually possible when not located in the UK. All data is processed via our server located in the UK and CloudFlare doesn’t retain any data except for essential security purposes, (for example, if a data incident ever occurred, all IP addresses involved in that incident would be recorded and retained so that we could investigate the issue and do our best to avoid it ever happening again). The service processes site visitor’s IP addresses to protect our site.

The lawful basis we rely upon for processing your data when you allow optional cookies is consent.

2. When you buy products or services from us over the phone or when you obtain or redeem any vouchers

We will only collect the personal data that we need in order to complete the transaction with you and the bases for processing your personal data would be because there is a contractual need to do so and it is in our legitimate interests.

3. When you respond to any of our social media postings or campaigns

We rely on consent and legitimate interests for processing your personal data in this situation. If you follow us or interact with us on any of our pages on social media platforms such as Facebook, Instagram etc. any information you provide will be subject to our privacy notice as well as the privacy notice of the social media platform. We strongly advise you to check the privacy policies of the social media platforms to ensure that you know what they can do with any personal data you provide them with.

4. When you visit any of our premises that are protected by CCTV

For your safety and the safety and security of our business partners we may record your images on CCTV. We will keep CCTV images only for as long as is necessary and then will delete them from our system completely. We process this personal data because it is in our legitimate interests to do so.

5. When any of our suppliers or business partners share your information with us

This might be in situations such as when our delivery partners as you to sign to accept delivery of something that you have ordered from us. We would ask for your personal data to be shared with us because it would be in our legitimate interests.

6. From information you have completed on any surveys

When you complete any surveys for us, we will ask for your consent to use your personal data and this is the basis upon which we would process that personal data.

7. If you enter any of our prize draws or competitions or if you have attended any of our events or promotions

We rely upon your consent or our legitimate interests to process personal data in those situations.

8. If you have contacted us asking for information about any of our products or services

We rely on consent for processing your personal data when you have contacted us.

9. If (and we hope this never happens) you have had an accident at any of our premises and we ask you to complete any forms about this.

Our basis for processing your personal data in this situation would be because it is in our legitimate interests to do so.

10. If you apply to work with us

We will collect personal information about candidates from a variety of sources including you, recruitment agencies, your referees and any DBS background check provider (we will usually only carry out a DBS check where you apply for a finance based role)

3. The types of personal data we collect

We will never ask you for information that isn’t essential. The personal data we might ask for includes:

  • your name, postal address, date of birth, email address and telephone number
  • your bank account details (where we need these to be able to credit your account for either a refund or as part of a product promotion. We will never take money out of your bank account)
  • if you have a web account with us, we will keep details of your login (these will be kept in an encrypted format so that no one else can use them)
  • if you contact us by phone, we may keep a written note of the conversation either on computer or on paper. We may also record any complaints or issues that you might have when you contact us
  • as part of our promotions we may ask you for information about things such as your dietary preferences, what sort of music you like and what your colour preferences are. We will use this information to help us identify things that can help us in our marketing campaigns
  • if you apply to work for us, we will ask for a copy of your CV, your covering letter and the information you provide on your application form. As part of the selection process we will also keep details of any information you supply during your interview with us. We may also ask for the following “special categories” of more sensitive personal information including:
  • information about your race or ethnicity, religious beliefs and sexual orientation – this will be for use as part of our equal opportunities monitoring only
  • information about your health including medical conditions and health and sickness records
  • details of any criminal convictions and offences

4. What will we use your data for?

In order to be able to maintain our relationship with you we might need to store or process the personal data you have provided us with or we might need to pass it on to one or more of our business partners so that we can meet your requirements more effectively. We may also use your data to improve our products or to inform you of special offers. Your personal data will only ever be used for the purposes of customer management, product surveys or marketing to the appropriate degree. We will not sell your data in any way to third parties. If we do have to use the services of third parties, e.g. for marketing and advertising products, fulfilling competitions, we will have to pass your data to those third parties. We will make sure that they have security measures in place to keep your data safe.

The sorts of organisations we might share your personal data with include:

  • delivery couriers, voucher fulfilment, prize fulfilment companies and postal firms
  • IT companies who support our systems and website
  • professional service providers, such as marketing agencies, advertising partners and website hosts, who help us run our business
  • social media sites to show you products that might be of interest to you, including if you choose to link your account with us. We may use your personal data within social media via their advertising platforms or via third party agencies in order to show you products/services/content that might be of interest to you, including if you choose to link your account with us. Social media advertising tools allow us to target you based on, but not limited to, your interests / likes, your demographic, your email address, your geolocation and activity on our websites. To share this relevant content with you we might share an email address that you have provided to us in some way such as registering for a competition or signing up to our email database. When you upload your customer details in social media sites, the information is hashed (the conversion of your data into randomised code). If you no longer want to receive marketing information from us via social media sites please see Section 9 “Your Rights” below.

Where we do share your data, we provide only the information that is needed for the specific purpose and the person that we share your information with will only be able to use your data for that specific purpose. The third parties will be people we trust to ensure that your privacy is respected at all times and if we stop working with them they will be expected to delete your data or make sure that it is anonymised.

We will only pass your data to third parties for their own purposes if you have expressly given us permission to do so unless we have a legal obligation to share information such as with the police or other regulatory or Government bodies.

Where we have your personal data as part of our recruitment process, we will use your personal data to assess your skills, qualifications and suitability for the role you have applied for and to carry out checks and references. We will also use it during this process to communicate with you, to keep records about the hiring process and to comply with legal or regulatory requirements. During the recruitment process we rely on legitimate interests as a reason for processing your personal data. If we ask you to provide sensitive personal information during the recruitment process this will be used only in the following ways:

  • we will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.
  • we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or sexual orientation, to ensure meaningful equal opportunity and monitoring.

5. The legal reasons for collecting your personal data

Data protection laws allow companies to collect your personal data for several different reasons. We will only collect your personal data if we have a legal reason for doing so. This might be one or more of the following:

Consent – This is where you have consented to us having your personal data. You might have agreed that we can send you such things as details of our promotions or products and services or our newsletters. You can at any time change your mind and tell us that you no longer want to hear from us or that you want to change the way you receive information from us by updating your preferences, there are 2 ways you can do this:

  1. Click on the link to the unsubscribe in the footer of any of the emails you currently receive from us
  2. Or send an email to [email protected] and include:
    • your first name and last name
    • the email address which you registered when you joined the mailing list
    • the mailing list which you wish to change your preferences for (Chicago Town, Ristorante, We Bake, or a combination of these mailing lists)
    • if you are a We Bake user, please confirm your We Bake username
    • any changes you would like to make to your communication preferences

Compliance – In order to comply with legal requirements such as health and safety laws, we may need to collect and process your data.

Contractual obligations – If we have a contract with you, we will need to collect and process your personal details so that we can fulfil our contract.

Legitimate interest – This is where we might use your personal data to meet a reasonable business interest as long as we are not significantly impacting your rights. This would include things such as using your personal data to send you personalised offers based upon your purchasing history.

6. How we keep your personal data safe

We will always treat your personal data with absolute respect and care. We will make sure that our websites and apps are secure by using appropriate technical and organisational measures across all brands including up-to-date encryption, communication via SSL, restricted access to the data that we hold and conducting regular software updates.

All our employees have been briefed on data protection laws and are contractually obliged to protect your personal data. We have made sure that all our suppliers and business partners have a legal obligation to be as diligent as we are about protecting your personal data.

We will never keep your personal data for any longer that we need to. We have reviewed our processes to make sure that when we no longer need your personal data for the purpose for which it was collected, we will delete it from our systems.

7. Transferring your personal data outside the European Economic Area (EEA)

We may need to transfer your personal data outside of the EEA to do such things as process an order or your payment details, we will make sure that we have procedures in place to ensure that your data receives the same protection that it receives when it is processed inside the EEA. Our suppliers will be expected to follow the standards that we set for them and to comply with all applicable laws and this Privacy Notice. If you want us to give you more information about this, please contact our Marketing Services department at the address below.

8. Automated decision making processes

We do not currently use any automated decision making processes and we do not envisage doing so, however we will update this privacy policy and give you full details if we do ever intend to do this.

9. Your rights

When we process your personal data you have a number of rights. These are:

  • you have the right to copies of any of the personal data that we hold about you
  • if any personal data we hold is incorrect or incomplete you can ask us to correct it 
  • you can ask us to delete any personal data
  • you may object to us processing any personal data or restrict how it is processed

If you contact us to ask us to do any of these, we will need you to verify your identity before we can make any changes or supply any information to you. To do any of these things please contact us at:

Data Protection Team
Dr. Oetker (UK) Ltd
4600 Park Approach
Thorpe Park
Leeds LS15 8GB

E-mail: [email protected]

If you are unhappy with the way that we have responded to your requests or you have any other concerns about the use of your personal data, you can contact the Information Commissioner’s Office on telephone number 0303 123 1113 or you can access further information and advice on the ICO website at www.ico.org.uk