Chocolate Unpacked is committed to protecting your privacy. We will use the information that we collect about you in accordance with the Data Protection Act 1998, the Privacy and Electronic Communications Regulations 2003 and GDPR 2018. Our use of your personal data will always have a lawful basis, either because it is necessary to complete a booking or purchase, because you have consented to our use of your personal data (e.g. by subscribing to mail updates), or because it is in our legitimate interests. We will only share your information with companies if necessary to deliver services on our behalf. For example service providers (e.g. Eventbrite for the provision of online bookings and partnering venues where events are held), third-party payment processors, and other third parties to provide our sites and fullfil your requests, and as otherwise consented to by you or as permitted by applicable law.
What information do we collect?
You give us your information when you book one of our events, make a purchase from us, buy something on our website, sign up for updates or email with us.
We use iZettle to process card transactions and do not store credit card details.
We keep a record of the emails we send you, and we may track whether you receive or open them so we can make sure we are sending you the most relevant information. We may then track any subsequent actions online.
Like most websites, we receive and store certain details whenever you use the Chocolate Unpacked website. We use “cookies” to help us make our site – and the way you might use it – better. There is more information on this below.
What we use your personal information for
When you provide us with personal information (to book an event, complete a transaction, verify your credit card or place an order), we hold that information under legitimate interest. You have the right to be informed that we hold it, the right to access that data, to correct it if it is erroneous, to have it deleted, to restrict processing of that data, and to object to our processing of your data. You also have other rights under the GDPR, which you can find out about here
We aim to be clear when we collect your data and not to do anything you wouldn’t reasonably expect. If you make a purchase, book an event or sign up for updates we usually collect your name and contact details and your bank or credit card information (if making a transaction via iZettle). Where it is appropriate (and you have the right to decline to give this information) we may also ask for your age and gender.
We use this data to provide you with the products, events, services or information you asked for, ensure we know how you prefer to be contacted, understand how we can improve our communications.
We will include opt-out instructions in any marketing communications you receive from us.
Our store is hosted on iZettle. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through iZettle’s data storage, databases and the general iZettle application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then iZettle stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read iZettle’s Terms of Service.
You may be asked to submit personal information about yourself when you make a booking. We will collect this information so we can fulfil your booking request when attending an event.
When you make a booking we collect information only as relevant to the specific event such as your title, name, e-mail address (used for booking confirmation and post-dining feedback emails), home or work address, billing information taken for deposits (applicable only for corporate events), ticketing, telephone number, company name, dietary requests, marketing preferences (whether you opt-in or opt-out).
We require the information outlined in the previous section to understand your needs and provide you with a better service, and in particular for the following reasons:
Internal record keeping
Send you service emails (booking confirmation and post-event feedback)
Improve our products and services.
Send marketing communications if you have opted in to receive them.
We may use the information to customise the website according to your interests.
For reservations taken through Wix, Eventbrite or a partnering host venue’s software, your data will only be stored in the as per their respective data centres.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as hosting venues, payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
This site, like many others, uses small files called cookies to help customise your experience. ‘Cookies’ are small text files that are stored by the browser on your computer or mobile phone. Websites are able to read and write these files, allowing them store things such as personalisation details or user preferences. Cookies provide a “memory” for the website, enabling it to recognise a user and respond appropriately.
The cookie settings on this website are set to ‘allow all cookies’ to give you the very best experience. If you continue without changing these settings, we assume you consent to this – but if you do want to disable cookies on your browser you can read how to do so here.
We use a number of different types cookies on the site.
There are different types of cookies:
Session (transient) cookies: are erased when site visitors close their browsers and are not used to collect information from their computers. They typically store information in the form of a session identification that does not personally identify the user.
Persistent (permanent or stored) cookies: These cookies are stored on a site visitor's hard drive until they expire (at a set expiration date) or until they are deleted. These cookies are used to collect identifying information about the user, such as web surfing behaviour or user preferences for a specific site.
We use the following cookies on our website:
Cookie name - Life span - Purpose
svSession - Persistent - Identifies unique visitors and tracks a visitor’s sessions on a site
hs - Session - Security
XSRF-TOKEN - Session - Security
smSession - Persistent (2weeks) - Identifies logged in site members
TSxxxxxxxx (where x is replaced with a random series of numbers and letters) - Session - Security
TSxxxxxxxx_d (where x is replaced with a random series of numbers and letters) - Session - Security
RequestID - Session - Tracks visitor behaviour and measures site performance
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Google Analytics is a third-party service that collects standard internet log information about our website visitors. This includes number of visitors to a specific page, whether they are accessing the page via laptop or mobile, and general demographic data. Google Analytics paints a useful picture of who visits our website and how people find out about us online. We do not use Google Analytics to identify anyone.
We use social media to broadcast messages and updates about events and news. On occasion we may reply to comments or questions you make to us on social media platforms. Depending on your settings or the privacy policies social media and messaging services like Facebook, Instagram or Twitter, you might give the third party permission to access information from those accounts or services.
We use Wix for our mailouts. Their system gathers statistics about the number of people who open, click into, and unsubscribe from our newsletter, as this helps us improve our marketing. We may use our database information to deliver our marketing campaigns, but we won’t sell or pass on your data to any other businesses.
You can unsubscribe from our mailing list at any time by clicking the unsubscribe link at the bottom of the email, or by contacting us at www.chocolateunpacked/contact
You have the following rights related to your personal data:
The right to request a copy of personal information held about you
The right to request that inaccuracies be corrected
The right to request us to stop processing your personal data
The right to withdraw consent
The right to lodge a complaint with the Information Commissioner’s Office or Fundraising Regulator
Questions and Contact Information
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at www.chocolateunpacked/contact