Purpose of the Privacy Policy
- The purpose of this Privacy Policy is to describe the processes and mechanisms that A Little Bit Yummy Limited (A Little Bit Yummy) has put in place concerning the personal data it collects and processes. This Privacy Policy applies to all the websites, web applications, and services that A Little Bit Yummy owns and manages.
- This Privacy Policy covers the following aspects with regards to the personal data that A Little Bit Yummy collects and processes:
2.1. A description of the data that is collected and processed, and the purposes for which said personal private information is collected and processed.
2.2. A description of all parties, other than A Little Bit Yummy, which have access to the data that is collected and processed, and the reason and purpose for which A Little Bit Yummy is granting said access.
2.3. The rights of the owners of that personal data.
2.4. A description of the role of Data Controller at A Little Bit Yummy.
2.5. A description of the data security policies and processes that are related to the personal data collected and processed, including the role of the Data Protection Officer.
3. This Privacy Policy will be updated regularly in order to reflect changes in privacy regulations, in information security regulations, or in the technological context in which A Little Bit Yummy operates.
4. Definitions used in this Privacy Policy
4.1. Data subject: means an identified natural person who is the owner of any personal data that has been collected or processed by A Little Bit Yummy.
4.2. Personal data: is personal private information that belongs to a natural person.
4.3. Data concerning health: means any information which relates to the physical or mental health of an individual, or to the provision of health services to the individual.
4.4. Collection of data: is the act, the processes, and mechanisms by which a data subject provides A Little Bit Yummy with personal data, voluntarily.
4.5. Processing of data: means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
4.6. Processor: means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of A Little Bit Yummy.
4.7. Recipient: means a natural or legal person, public authority, agency or any other body to which the personal data are disclosed.
4.8. Personal data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
4.9. Competent authorities: means any public authority competent for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties.
Information Collected and Processed
- A Little Bit Yummy collects personal data for the following purposes:
1.1. In order to deliver content to those people who subscribe to its information services.
1.2. In order to fulfill its obligations to its service subscribers or associates.
2. A Little Bit Yummy does not, under any circumstance commercialise any personal data. Such practice is a direct violation of this Privacy Policy.
3. The personal data that is collected to fulfill the aforementioned purposes is:
Personal data |
Information services (Subscribers) |
Service Membership Subscribers & DHB Clients |
Associates |
Email address |
x |
x |
x |
First Name |
x |
x |
x |
Surname |
x |
x |
x |
Country and state of residence |
x |
x |
|
Meal & recipe preferences: food intolerances, food allergies, household info (optional, if meal planning tools or dietary filters are used) |
x |
x |
|
Low FODMAP information: course completion, dietitian-led class attendance |
x |
x |
|
Symptom data (optional, if symptom tracking tools used or via Google Form) |
x |
x |
|
Professional title |
x |
||
Residential or business address (optional) |
x |
||
Payment information (not collected for DHB clients) |
x |
x |
Third Party Processors that are granted Access to a part or all of the Personal Data collected
- In order for A Little Bit Yummy to fulfill its obligations to its service subscribers, associates, and information subscribers, it has to rely on third party organisations who provide some of the functionality required. In order for said third parties to be able to provide the aforementioned functionality, they have to be made a part of the collection of data, the processing of data, or both.
- These are the third party organisations that provide functionality to A Little Bit Yummy:
Organisation |
Functionality |
Privacy policy |
Terms of service |
Usage |
Stripe |
Payment services |
https://stripe.com/nz/privacy |
Unavoidable for subscribers of paid service |
|
Typeform |
Online Forms |
https://admin.typeform.com/to/dwk6gt/ |
Optional for the subscribers of any paid service or DHB clients |
|
Mailchimp |
Marketing automation, customer support, customer feedback |
Unavoidable for members who opt into free newsletters or paid subscription services |
||
Hosting provider |
Hosting of the web servers, the database servers, the log servers, and other such operational infrastructure |
Unavoidable for all clients and all subscribers to information services |
||
Email server provider |
Email servers |
Unavoidable for all clients and all subscribers to information services |
||
Hotjar |
Analysis and feedback tool that that helps us enhance user experience. Data is anonymised and individual users are not identifiable. |
https://www.hotjar.com/privacy | https://www.hotjar.com/terms |
Unavoidable for all clients and all subscribers using the websites. |
Disqus |
Integrated commenting system |
https://help.disqus.com/customer/portal/articles/466259-privacy-policy |
https://help.disqus.com/customer/portal/articles/466260-terms-of-service/ |
Unavoidable for anyone who wishes to leave a comment on recipes or blog posts |
Intercom |
Messaging and email system being used across A Little Bit Yummy platforms |
Unavoidable for all clients and all membership subscribers using the website. |
||
Google Analytics |
Analysis and feedback tool that that helps us enhance user experience. Data is anonymised and individual users are not identifiable. |
https://support.google.com/analytics/answer/7124332?hl=en-uk |
Unavoidable for all clients and all subscribers using the website. |
|
Google Forms |
Online form that that helps us collect information on user experience and symptom improvement. Consent to collect data is collected within the form. |
Optional for paid clients and DHB clients using online membership area. |
Rights of the Data Subjects
- The provision of all personal data is voluntary and under no circumstance can be coerced or forced from the data subject against her/his will.
- All of A Little Bit Yummy’s data subjects are entitled to the following rights:
2.1. To know the identity and the contact details of the Data Controller and the Data Protection Officer.
2.2. To know the purpose of the processing for which the personal data are intended.
2.3. To know the period for which the personal data will be stored. After 7 years of being unsubscribed, the subject’s account will be deactivated and removed from the system. This is to ensure the protection of the subject’s personal data in the unlikely event of a data leak. Metadata from the subject’s account may still be retained, however, it will not contain any personal data.
2.4. The right to request from the Data Controller access to and rectification, erasure, or restriction of processing of the personal data concerning the data subject:
– The right to request personal data be completely removed from the system, free of charge.
– The right to request that personal data be electronically sent to them in a portable format
2.4.1. To exercise these rights, please send a request to the Data Controller by means of using the contact information listed below.
2.4.2. Be advised that a request of restriction of processing may have a material impact on A Little Bit Yummy’s ability to provide content or fulfill its obligations.
2.5. The right to lodge a complaint to a privacy supervisory authority.
2.6. To know the recipients and categories of recipients of the personal data, including in countries that are not that of the data subject, governments, or international organisations.
3. The provision of personal data by the data subject is necessary for the purposes described in sections ‘Information Collected and Processed’ and ‘Third Parties Granted Access to a part or all of the personal data collected’ of this Privacy Policy. Without the personal data, A Little Bit Yummy is not materially able to fulfill the obligations stated in section B5. Therefore, whilst the provision of all personal data has to be voluntary, the processing of said personal date must also occur under the following conditions – especially in the case of health related personal data:
3.1. Consent has to be given explicitly by the data subject.
3.2. The personal data must be necessary for the purposes of carrying out A Little Bit Yummy’s obligations.
3.3. The processing of the data must be carried out in the course of legitimate activities and with appropriate guarantees. The personal data must never be disclosed to third parties without the consent of the data subject.
4. The information pertaining to the aforementioned rights is to be provided at the time when the personal data are obtained from the data subject.
User Data Deletion
The user has the right to request that their personal data be deleted from the platform.
To do this the user must contact the Data Controller via [email protected] and request that their data be deleted.
Once the request is made the data will be deleted from the platform within 48 working hours after the request is received.
Facebook Data Deletion Instructions
According to the Facebook Platform rules, we have to provide User Data Deletion Instructions.
If you signed up for your alittlebityummy.com membership via Facebook and want to delete your login credentials for alittlebityummy.com please follow these steps:
- Go to your Facebook Account’s Setting & Privacy. Click “Settings”
- Look for “Apps and Websites” and you will see all of the apps and websites you linked with your Facebook.
- Search and Click “A Little Bit Yummy” in the search bar.
- Scroll and click “Remove”.
- Congratulations, you have successfully removed your app activities.
Please contact [email protected] if you would like all personal account information relating to alittlebityummy.com deleted.
The Data Controller
- The Data Controller is a member of the staff of A Little Bit Yummy who has the mandate and responsibility to adapt policies (including the modification of this and other corporate policies) and implement appropriate measures to ensure that the collection and processing of personal data is performed in compliance with this Privacy Policy.
- The obligations of the Data Controller are:
2.1. To implement technical and organisational measures and procedures in such a way that the collection and processing of personal data is done according to what is stated by this Privacy Policy thus ensuring that the rights of the data subjects remain unviolated.
2.2. The Data Controller is to safeguard that only personal data which are necessary for the purposes of processing are processed.
2.3. The Data Controller is to choose the Processors that best meet the requirement of providing sufficient guarantees to implement technical and organisational measures and procedures to meet the requirements of this Privacy Policy. The relationship between A Little Bit Yummy and the Processors is to be governed by legal binding instruments and stipulate in particular that the Processor shall act only on instructions from the Data Controller.
2.4. The Data Controller shall maintain that the following information is updated at all times:
2.4.1. The name and contact details of all Processors.
2.4.2. The purposes of the processing.
2.4.3. The recipients or categories of recipients of personal data.
2.4.4. A record of the international transfer of personal data or transfer of personal data to a government or international organisation.
3. Contact information
3.1. Name and title: Ms. Alana Scott, Data Controller
3.2. Email address: [email protected]
3.3. Telephone: +64 27 814 0670
3.4. Postal address: 3 Tui Street, Matamata, 3400, New Zealand
4. The Data Controller is the single point of contact for all matters related to personal data. The Data Controller is the first point of contact for matters related to the information security of the personal data. As soon as the Data Controller has taken notice of such a requirement, she/he will escalate the requirement to the Data Protection Officer.
Data Security
- A Little Bit Yummy has strived to design and build a secure infrastructure with the aim, among others, of protecting the personal data of the data subjects. Nevertheless, being that there is no such thing as perfect security the role of Data Protection Officer has been created.
- The Data Protection Officer is a member of the staff of A Little Bit Yummy who has the mandate and responsibility over the information security of the personal data.
- The Data Protection Officer manages the following areas of responsibility:
3.1. To inform and advise the Data Controller and the Processors of their obligations with regards to the information security of the personal data, to document these activities and enforce the implementation of advice.
3.2. To monitor the implementation and application of the policies in relation with the protection of personal data.
3.3. To monitor the documentation, notification, and communication of personal data breaches.
4. Notification of personal data breaches to the privacy supervisory authority:
4.1. The Data Protection Officer is responsible – after co-ordination with the Data Controller – of notifying, without undue delay and, where feasible, no later than 72 hours after having become aware of it, the personal data breach to the pertinent privacy supervisory authority.
4.2. A Processor shall alert and inform the Data Protection Officer and the Data Controller immediately after having become aware of a personal data breach.
4.3. The notification shall at least:
4.3.1. Describe the nature of the personal data breach including the categories and number of data subjects concerned and the categories and number of data records concerned.
4.3.2. Communicate the identity and contact details of the Data Protection Officer.
4.3.3. Recommend measures to mitigate the possible adverse effects of the personal data breach.
4.3.4. Describe the possible consequences of the personal data breach.
4.3.5. Describe the measures proposed or taken by the Data Protection Officer and/or the Data Controller to address the personal data breach.
5. Notification of personal data breaches to the data subject
5.1. After having notified a personal data breach to the privacy supervisory authority, A Little Bit Yummy will notify the data subject.
5.2. The communication to the data subject will contain the following:
5.2.1. Communicate the identity and contact details of the Data Protection Officer.
5.2.2. Recommend measures to mitigate the possible adverse effects of the personal data breach.
6. Contact information
6.1. Name and title: Mr Nick Humphries, Data Protection Officer
6.2. Email address: [email protected]
6.3. Telephone: +64 27 829 0131
6.4. Postal address: 3 Tui Street, Matamata, 3400, New Zealand
7. The Data Protection Officer is the single point of contact for all matters related to information security of the personal data.
Cookies and Analytics
- A cookie is a small snippet of text that a website asks your browser to store. All cookies have expiration dates in them that determine how long they stay in your browser. Cookies can be removed in two ways: automatically, when they expire, or when you manually delete them. We’ve included more details below to help you understand what kinds of cookies we use.
- A Little Bit Yummy uses cookies with the primary purpose of making our website work more effectively. We use two types of cookies: session cookies and persistent cookies
2.1. Session cookies – these are temporary cookies that expire (and are automatically erased) whenever you close your browser. An example of how we use session cookies is to grant access to content and enable commenting (things you have to log in to do).
2.2. Persistent cookies – these usually have an expiration date far into the future and stay in your browser until they expire, or until you manually delete them. An example of how we use persistent cookies is for functionalities like the “Stay logged in”.
We also use persistent cookies to better understand usage patterns so we can improve the site for our customers. This information is anonymised – when we look at the data, in other words, we look at patterns, but we do not see individuals’ personal data.
3. There are also limited third-party cookies on the site. These cookies could be session or persistent and are set by entities other than A Little Bit Yummy. To ensure compliance with our policies, we restrict the use of third-party cookies to trusted Processors. We currently allow:
3.1. Essential cookies – these cookies are all first party cookies that are essential for the operation of our website. For example, some cookies allow us to identify subscribers and ensure they can access the subscription pages.
3.2. Functional cookies – these cookies remember your log-in details if you have the “Stay logged in” box ticked which makes it possible for registered users to return to the site without having to log in. Functional cookies also make sure the website looks consistent as well as allowing us to analyse site usage so we can measure and improve performance. We use a functional cookie to remember your cookie preference from our ‘Cookie preference’ tool as well as to provide you with enhanced services like commenting.
3.3. In addition, we use functional cookies for audience measurement and validation. We use Google Analytics, Google Tag Manager, and Hotjar to understand how many people visit us and what is popular, which helps us improve the website.
4. You can opt out of these cookies at any time – to learn how to do this or if you would like to learn more about how advertisers use these types of cookies, please visit http://www.youronlinechoices.eu if you are based in the EU.
If you are based in the United States and would like to learn more, please visit http://www.aboutads.info/choices/ .
5. All the data contained in the cookies that we use is completely anonymous and doesn’t contain any personal data
6. If you want to delete or disable cookies, see: www.allaboutcookies.org/manage-cookies
7. To opt out of cookies from Google: www.google.com/privacy/ads
Links to Third Parties
This Privacy Policy applies to all the websites, web applications, and services that A Little Bit Yummy and LuminateOne (development firm) own and manage. It does not extend to the websites, web applications, or services of third parties, even if any of A Little Bit Yummy’s properties, services, or functionalities, link or lead to them. We encourage you to always read the privacy policies and terms of use of any website, web application, or service that you may visit or use.
Language of the Privacy Policy
This Privacy Policy has been written originally in English. As all of our services are provided in English we do not at this time offer versions of this Privacy Policy in any other languages.
Changes to this Privacy Policy
As mentioned previously, we expect that this Privacy Policy will be changed over time for many reasons.
In order to reduce the friction associated with keeping up to date with the changes in this Privacy Policy (and also our Terms of Use) we offer an email subscription service. If you choose to subscribe, you will be automatically notified by email whenever a change is made to either the Privacy Policy or our Terms of Use. Changes to these documents are infrequent so we do not expect to be sending you regular emails.
If you are a paying customer of A Little Bit Yummy please be advised that you will be required to subscribe to this service as part of our service standards.
Otherwise, if you choose not to take advantage of this subscription service, we advise that you come back every three months and review Section 13: Change log.
Contact Us
If you have any questions or concerns relating to this Privacy Policy, please contact us via [email protected]
Websites Owned or Managed by A Little Bit Yummy
Name |
URL |
A Little Bit Yummy corporate website |
A Little Bit Yummy subscription membership website |
ALBY Health website |
Change Log
Want to stay up-to-date with changes to our privacy policy? Sign up to our privacy policy and terms & conditions email newsletter to receive notifications.
Date: 23 November 2018 |
Information Collected and Processed |
Update: Information Collected and Processed Table has been updated to reflect the types of data being collected across A Little Bit Yummy platforms.
|
Date: 23 November 2018 |
Third Party Processors that are granted Access to a part or all of the Personal Data collected |
Update: Third Party Processors Table has been updated to reflect new third parties (Typeform) being used across A Little Bit Yummy platforms.
|
Date: 16 Jan 2018 |
Third Party Processors that are granted Access to a part or all of the Personal Data collected |
Update: Third Party Processors Table has been updated to reflect new third parties being used across A Little Bit Yummy platforms.
|
Date: 7 May 2018 |
Websites Owned or Managed by A Little Bit Yummy |
Update: New website has been added: app.alittebityummy.com |
Date: 7 May 2018 |
Data Security |
Update: Clause 4.1 has been updated from:
The Data Protection Officer is responsible – after co-ordination with the Data Controller – of notifying, without undue delay and, where feasible, no later than 24 hours after having become aware of it, the personal data breach to the pertinent privacy supervisory authority. To: The Data Protection Officer is responsible – after co-ordination with the Data Controller – of notifying, without undue delay and, where feasible, no later than 72 hours after having become aware of it, the personal data breach to the pertinent privacy supervisory authority. Update: Clause 6 Data Protection Officer has been updated to: 6.1. Name and title: Mr Nick Humphries, Data Protection Officer 6.2. Email address: [email protected] 6.3. Telephone: +64 27 829 0131 |
Date: 7 May 2018 |
Rights of Data Subjects |
Update: New clauses have been added:
2.3. To know the period for which the personal data will be stored. After 7 years of being unsubscribed, the subject’s account will be deactivated and removed from the system. This is to ensure the protection of the subject’s personal data in the unlikely event of a data leak. Metadata from the subject’s account may still be retained, however, it will not contain any personal data. 2.4. The right to request from the Data Controller access to and rectification, erasure, or restriction of processing of the personal data concerning the data subject: – The right to request personal data be completely removed from the system, free of charge. – The right to request that personal data be electronically sent to them in a portable format.
|