Last update: May 2018
Last update: May 2018
Personal information we collect
Information provided by you
When you register for an account with toucanBox you provide your name, email address, password, delivery address, the names of recipient children and their dates of birth and payment information e.g. your credit or debit card details and billing postcode. You also have the option to tell us what your relationship to the child is. Through your use of the service you may also choose to provide your product feedback in the form of star ratings and comments.
We collect information you voluntarily provide to us, such as your name, phone number and email address when you contact our Customer Care team for help with your subscription or purchase of a gift.
toucanBox does not target, as its paying customers, children under the age of sixteen. Although visitors of all ages may navigate through our websites, we do not knowingly collect or request personal information from those under the age of sixteen. If we discover, by any means, that a child under sixteen has been registered on our site, we will cancel that account and delete the personal information in it from our records.
Information collected automatically
We automatically collect some information about you such as that collected by server logs or 3rd party website analytics services, and by using cookies or similar technologies when you visit our websites. We may collect information about the type of device you use and its operating system and version, your IP address, your general geographic location as indicated by your IP address, your browser type, the pages you view on our websites and how you interact with that content.
Information obtained from other sources
We may receive information about you from social media platforms when you interact with us on those platforms. We may also receive information from your Bank or from PayPal that tells us why a payment transaction on your chosen payment method failed if it did so.
How we use personal information
Providing the toucanbox service
We process your personal information in order to provide you with the service you have requested from us and signed up for. This processing is necessary for the performance of our agreement with you and helps us provide you with the best possible experience of toucanBox. We also use your data to develop aggregate analysis and business intelligence that enables us to operate, make informed decisions about, and report on the performance of our business. We have a legitimate interest in processing your data for these reasons and it is often necessary for the fulfillment of our contract with you.
Taking care of our customers
To help provide you with the best possible customer care we collect certain data by email or using our contact us form and make tools available to our Customer Care team that process your personal data to help us respond to your enquiries, to investigate and diagnose problems with your service and to help manage your account.
We do not routinely offer customer care by telephone but should you contact us by phone, we may collect your phone number and any information provide to us during your conversation with us. We do not record phone calls.
If you contact us by post, we will collect any information you provide to us in any postal communications you send us however we will not keep physical copies of your communication any longer than is strictly necessary to handle your enquiry.
We have a legitimate interest in processing your data for these reasons and it is often necessary for the fulfillment of our contract with you.
Website and IT improvements
We collect and store server logs to improve network, server and database security. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks, fraud and other attacks, by detecting unusual or suspicious activity.
We also analyse how our website users interact with our website and its features. For example, we analyse total visitor numbers and unique visitors, the time and date of the visit, whether certain pages or sequences of pages were visited, whether a visit resulted in a subscription to our service, the operating system and browser used and approximately where visitors are when they are accessing our websites. We use the information gathered from the analysis of this information to improve our websites.
We have a legitimate interest in improving our websites so that we can provide a better experience for existing customers and to attract new customers to our service.
Communication and marketing
We use the data we collect to deliver and personalise our communications with you. For example, we may contact you by email to inform you about new products, special offers or to invite you to take part in a survey or provide product feedback. This processing is necessary to serve our legitimate interest. As a subscriber to toucanBox you can opt-out of these emails at any time by visiting your email settings.
|Type of email||Lawful basis|
Welcome email, payment emails, forgotten password email, cancellation confirmation email, important announcements about service or security
These communications are fundamental to providing your service and you cannot unsubscribe from these emails while remaining a customer of toucanbox.
Newsletters and special announcements
Seasonal craft and recipe ideas (Christmas, Easter, etc) and special announcements
These emails are part of our product and the service you have subscribed to.
Feedback and satisfaction surveys
Responses to these emails help us improve our products and your service.
Rate your box emails
Product ratings and feedback emails
Responses to these emails help us improve our products and your service.
Special offers from toucanBox
Special offers, friend referral, competitions and schools/ fundraising
These offers will only related to the product you currently buy from us and are part of the service that we offer.
We may also choose to send carefully selected emails from trusted third parties. We will always choose offers that we believe you will genuinely be interested in and that are related to your experience of toucanBox and we will only send you these messages if you specifically provide consent for us to do so. You can withdraw that consent at any time by visiting your email settings and this will not impact your service in any way. Note we will never transfer your details to the 3rd party for the email to be sent.
Cookies and similar technologies
A cookie is a small data file that is sent by our servers to your computer when you visit our websites. When you visit our websites again, this cookie can be read and your browser can be recognised. We use the following categories of cookies on our website:
- Strictly necessary cookies - these cookies are essential for you to browse our website and use its features and you cannot opt out of receiving them. You can block them using your browsers’ cookie settings (see below) but this may prevent you from being able to use our websites.
- Performance cookies - we use Google Analytics to help us understand things like how long a visitor stays on our website, what pages they find most useful, and how they arrived. You can find out more about Google Analytics from Google. We also test some new features on groups of users this way.
- Functionality cookies - these cookies allow our websites to remember choices you make while browsing. For example we may store you country choice so that we can automatically configure your experience to the correct territory and language.
- Targeting/advertising cookies - third party cookies are those placed by websites and/or parties other than toucanbox but at our request. These largely help us provide more relevant advertising or to feed back anonymised data on signup conversions to our affiliate marketing partners. These cookies are subject to the respective privacy policies for these external services, for example, Facebook Data Use Policy.
You can opt out of specific types of cookies (apart from necessary cookies), or you can review your current settings for these cookies by using our Cookie Settings.
Web browsers allow you to control cookies in their preferences but doing so may disrupt your visits to our websites. Some browsers offer “Do Not Track” (“DNT”) functionality however we do not currently employ technology that recognises DNT signals. To control cookie settings on popular web browsers please see:
Pixels or beacons
In addition to cookies, we may use small images known as 'pixels' (also known as web beacons or pixel tags). We use pixels in our various email communications to you, to help us to understand whether our emails have been viewed. We also use third party pixels (such as those from Google, Facebook, and other advertising networks) to help us provide advertising that is relevant to your interests. As a toucanBox user you can opt out of most of our emails by visiting your email settings page. Learn more about our advertising and marketing activities below.
Advertising and marketing tools
Automated decision-making and profiling
We use automated decision making and profiling on our website. We do not consider that this has any legal effect on you or similarly significantly affects you.
To determine your next box
We make automated decisions about what product to send you next based on information and feedback you have given us. This is a critical way that we customise our service for you and you cannot opt out other than by cancelling your subscriptions. We have a legitimate interest in processing your data this way in order to provide you the best service we can.
In marketing emails
We may use information that we know about you, either that you have provided to us or that may be included in your account history to determine the best marketing, transactional and product emails to send you. By targeting these emails and by analysing how our email recipients respond to our emails we are able to send more relevant emails to current and former customers and we are able to improve the content and effectiveness of these emails.
This means that your behaviour when you open our emails will be tracked using small gif files called pixels or beacons and will include open rates, bounce rates and click through rates. It is in our legitimate interests to use profiling and tracking in this way and you can opt out by unsubscribing from all our emails in our Account section.
How we share personal information
Third party vendors
toucanBox uses a variety of third-party vendors to carry out critical services like website hosting, online product purchases and shipping, credit card processing and email communications. We will only share your personal data when absolutely necessary. It is our legitimate interest to process your personal data for these purposes. We do not display the identities of our service providers for security and competitive reasons but if you have any questions please send an email to [email protected].
Sale or merger
We may share your personal information in the event of a merger, acquisition, or sale of all or a portion of our assets. Of course, we shall notify you via email and/or a prominent notice on our website and inform you of your rights.
When legally required, strictly necessary for the performance of the services or to protect our rights, or the rights of our affiliates or users, we disclose your personal information to law enforcement authorities, investigative organisations, our affiliates or in legal proceedings.
How long we retain your information
We will retain your personal information for as long as we deem it necessary to enable you to use the website, to provide your subscriptions to you, to comply with applicable laws (including those regarding document retention), resolve disputes with any parties and otherwise as necessary to allow us to conduct our business. All personal information we retain will be subject to this Privacy Statement and our internal retention guidelines. If you have a question about a specific retention period for certain types of personal information please send an email to [email protected].
How we secure your information
While we are committed to protecting against the prevent loss, theft or misuse of your personal information and though we take all reasonable precautions to secure the personal information we collect, no system should be considered completely safe from compromise.
We store the personal data you provide on computer systems that have limited access, that are in controlled facilities and which have suitable backup policies in place. We ensure that our third-party data centre vendors provide adequate security measures. Additionally, your data is protected with encryption, such as Transport Layer Security (TLS), during transmission over the Internet.
Your password is stored using a one-way hash, which means that it cannot be recovered (or disclosed) by anyone, including toucanBox, it can only be reset. To protect the confidentiality of your personal information, you must keep your password confidential and not disclose it to any other person. Please notify us immediately if you believe your password has been misused and note that we will never ask you to disclose your password in an unsolicited phone call or email.
If you send us any information by email you should be aware that email is not secure and as such could be read in transit within systems outside of our control. If you send us information in this manner you do so at your own risk. Though we cannot discuss the details of our security systems and policies if you have any questions please email [email protected] and we will try to answer them.
Transfers of your information outside the European Economic Area
Personal data collected by toucanBox may be stored and processed within or outside the EEA and is sometimes determined by where our service providers are located or store data. toucanBox has put in place adequate mechanisms to protect personal information whenever it is transferred internationally, for example by using the Model Contract Clauses as approved by the European Commission or, in the case of suppliers in the US, that they have certified under the EU-U.S. Privacy Shield program.
Your rights and choices
We want you to be in control of how your personal information is used by us. You have the following rights over your personal information that we hold:
- you can ask us for a copy of the personal information we hold about you
- you can inform us of any changes to your personal information, or if you want us to correct any of the personal information we hold about you - you can do this by logging in to your account or emailing our customer care team
- in some situations you can ask us to delete your personal information
- you can object to certain ways in which we are using your personal information and
- you can also request that we send your personal information to a third party of your choice
Where we are using your personal information on the basis of your consent, you are entitled to withdraw that consent at any time. Where we process your personal information based on legitimate interest or the public interest, you have the right to object at any time to that use of your personal information. If you are not satisfied with the way we have handled any enquiry relating to the way we process your personal information you have the right to complain to The Information Commissioner's Office
You can opt out of receiving various types of email communications from toucanBox by following the unsubscribe link in every email sent to you by us. You can also opt out by updating your Account email preferences however there are some emails that we will continue to send you: for example regarding meaningful changes to this policy, responding to routine customer care and transactional emails relating to your use of our service, including but not limited to welcome, forgotten password emails and payment failure emails.
You can adjust the amount of interest based advertising you may receive by changing your cookie settings and/or opting out of certain advertising networks. For more information see Cookies and similar technologies.
Sensitive personal information
‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.
We do not knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to us. If, however, you inadvertently or intentionally transmit sensitive personal information to us, we will only use and process your sensitive personal information for the purposes of deleting it.
We may modify or update this Statement when necessary, to reflect customer feedback and changes in our products and service. Please review it regularly. When we update this Statement, we will revise the 'Last Update' date at the top of the Statement. If there are material changes to the Statement or in how toucanbox uses your personal data, we will inform you either by posting a notice of such changes, prior to them taking place, or by directly sending you a notification. We encourage you to regularly review this Statement to learn more how toucanbox is using and protecting your information.