Privacy Policy

Privacy Notice - Overview

GRYT takes your privacy very seriously. This privacy notice describes how and why we, as data controller, obtain, store and process personal data. Personal data is information relating to you that enables us to identify you, for example, your name, email address, payment details and information about your access to this website.

We will process your personal data fairly, lawfully and transparently. This privacy notice describes the personal data we are collecting about you and how it is used. We will only collect and use your personal data for the following purposes, to:

  • fulfill your order(s)
  • give you a better shopping experience
  • keep you up to date with the latest offers and educational material
  • improve our services
  • make our marketing more relevant to you and your interests
  • meet our legal responsibilities

We may update this notice from time to time and we will notify you of any changes.

Please do not hesitate to contact us if you have questions in addition to the information provided in this notice – hello@gotgryt.com

Your Rights & Our Commitment to You

You have several rights under the data privacy legislation and GRYT is committed to you being able to freely exercise your Rights. This includes, under certain circumstances, the right to:

Be informed: you have the right to be informed if and how your personal data is being processed.

Access, rectification or erasure: you have the right of access to personal data we hold about you in our records. You are also entitled to have your personal data corrected if it is inaccurate, or to have it erased if we do not have a legitimate reason for retaining your data.

To request data portability: for personal data which you have provided to a controller, where processing was based on your consent, or where processing is done by automated means, you have the right to obtain a digital copy of your personal data, request the transfer of your personal data to another company or request to move your data from one IT system to another in a safe and secure way.

To request restriction of processing: you have the right to restrict the processing of your personal data where you are contesting the accuracy of that information, you have objected to processing (as described below), or where the processing is unlawful. Where processing is restricted, we are may need to retain sufficient information about you to ensure that the restriction is respected in future.

To object to automated decision-making including profiling: you have the right not to be the subject of any automated decision-making or profiling by us.

To withdraw consent: in cases where we are relying on your consent for the processing of your personal data, you have the right to withdraw your consent at any time. In respect of the e-marketing we conduct, an unsubscribe (withdraw consent) option is included with every e-marketing communication we send.

To object to processing: where your personal data is being processed based on the legitimate interests of a data controller or third party, you have the right to object to that processing.

To complain to the relevant supervisory authority: should you have any concerns or complaints regarding the way in which we process your data, please email us directly at hello@gotgryt.com. You also have the right to make a complaint to the Mayor’s Office of Information Privacy (MOIP) in New York. We would, however, appreciate the chance to deal with your concerns before you approach the MOIP, so please do contact us in the first instance.

Where possible, we have incorporated automated tools on our website that enable you to facilitate your Rights in real-time. Use the Data Access Gateway tool above to access and manage the personal data we hold on you.

The Personal Data We Collect

Personal data means any information about an individual from which that person can be identified. It does not include anonymised data, where the identity and identifying information has been removed.

While our website is designed for a general audience, we will not knowingly collect any data from children under the age of 16 or sell products to children. If you are under the age of 16, you are not permitted to use or submit your data to the website.

Depending on the type and level of engagement you have with us, we may collect the following categories of personal data:

  • Name and surname
  • Date of birth
  • Personal description and gender
  • Email address, user ID and GRYT account password
  • Social media ID
  • Telephone number
  • User ID
  • Billing information such as credit card and bank account details
  • Billing address
  • Delivery address
  • Your shopping preferences and basket
  • Order history
  • Saved items
  • Contact history – queries or complaints you have made to us
  • IP address and device details
  • Marketing and communications preferences – this includes information such as: your preferences in receiving marketing from us and our third parties and your communication preferences
  • Website usage data – when you browse our website, we collect details of your visits to our website and information gathered by the use of cookies in your web browser in order to prompt and display the most relevant content to you on our website. We do this on the basis of your consent for our website to place cookies or similar technology on your device. For more details on how we use cookies please see our Cookies Policy in the Privacy Centre.

How We Collect Your Data

We may collect your personal data in one of the following ways:

  • When you visit our website
  • When you create an account
  • When you purchase products on our website (whether as an account holder or as a guest)
  • When you log in to our website via social media.
  • When you sign up to our newsletter
  • When you participate in a competition or create wish lists
  • When you complete a survey
  • When you sign up at an event
  • When you engage with us on social media
  • When you contact us with queries, for example, about a purchase or shipping activities
  • When you review our products or services
  • When you apply for an employment vacancy
  • When you visit any of our premises, which usually have CCTV systems in operation (for security) and these systems may record your image

Data from Third parties

We may also receive personal data about you from various third parties, including:

  • Technical Data from third parties, including analytics providers such as Google. Please see further information in the section entitled ‘Marketing preferences, adverts and cookies’ below
  • Technical Data from affiliate networks through whom you have accessed our website
  • Identity and Contact Data from social media platforms when you log in to our website using such social media platforms
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services

How We Use Your Personal Data

We will only collect and process your personal data where we have a legal basis to do so. As a data controller, the legal basis for our collection and use of your personal data varies depending on the manner and purpose for which we collected it. We will only collect personal data from you when:

  • we have your consent to do so, or
  • we need your personal data to perform a contract with you. For example, to process a payment from you, fulfill your order or provide customer support connected with an order, or
  • Pursuing our legitimate interests in a way that you might reasonably expect to be a part of running our business and that does not significantly impact your interests, rights and freedoms, for example, showing GRYT advertisements to you as you browse the internet.
  • we have a legal obligation to collect or disclose personal data from you (e.g. in suspected instances of fraud where we need to give personal data to the police or a government body).

This is why we process your personal data:

  • To personalize and assist your use of our website and to generally improve it.
  • To offer you special offers, early access to sales and e-marketing information.
  • To offer you promotions, products and services that are most likely to interest you.
  • To fulfill your order and process purchases that you make by using our website, including retaining your details to allow us to fulfill any contractual obligations, such as contacting you to arrange deliveries, or to facilitate refunds or returns.
  • To respond to your queries or complaints on the basis of our contract with you, our legal obligations and our legitimate interests in providing you with the best products, service and experience.
  • To protect our business and your account from fraud and other illegal activities and to comply with our contractual or legal obligations to share data with the police or government body.
  • With your consent, we will use your personal data to keep you informed by email, web, text, telephone and through our contact centers about products and services including special offers, e-marketing, discounts, vouchers, promotions, events and competitions
  • To send you information required by law, like a product recall notice or information relating to your orders.
  • To communicate changes to the services we provide you, for example, updates to this privacy notice.
  • To administer competitions which you enter at our events, on our website, via social media or otherwise, based on your consent given at the time of entering.
  • To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.
  • To send you review requests (sometimes via our trusted third parties) to help us improve our products, services and website.
  • To build a picture of who you are and what you like, we’ll combine data captured by us and third parties, on the basis of our legitimate business interests to help us personalize your experience and decide what to share with you.
  • We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

How we Share Your Data

We sometimes share your personal data with our trusted categories of third parties we use to conduct our business, for example, to enable delivery of your purchases; to handle feedback and complaints; and to help us understand your behavior in order to customize and maximize our products, services, advertising, marketing, competitions and offers to you. To view a full list of the data sub-processors who have access to our data please see the policy List of Sub-Processors in the Privacy Center.

Our trusted categories of third parties include delivery companies and independent contractors, marketing agencies, e-mail marketing service providers who assist our marketing team to run targeted email campaigns, customer survey service providers, advertising partners and agencies, website hosts, cloud service providers, data privacy providers, social media providers, professional services providers, and consumer review providers.

You may be able to access third-party social media before, during or after accessing our website. We use social media buttons and/or plugins on this website, to allow you to connect with your social network in various ways. When you are using your third-party social media account, any personal data we obtain or share with social media service providers is done so in accordance with the practices explained in the third-party social media provider’s terms and privacy notice. Please consult their relevant terms and privacy notices for further information.

As part of our e-marketing methods and on the basis of our legitimate business interests, we use some Google services and some Facebook products in accordance with the practices explained in the Google and Facebook terms and privacy notices. In order to protect your personal data by pseudonymising it, Google and Facebook ensure that a hashing algorithm is applied automatically at the point of sharing personal data with Google and Facebook. Please consult their relevant terms and privacy notices for further information and your options. If we can help you in any way please do not hesitate to contact our data protection officer at hello@gotgryt.com.

As part of our fraud monitoring, detection and prevention methods and on the basis of our legitimate business interests, we use a third-party fraud monitoring, detection and prevention service provider for all website/online sales. As part of this service, we may share personal data that is required to make identity checks and personal data that we obtain from making identity checks (including data relating to your age, name and location), together with account information, with third party organizations (including law enforcement agencies), involved in fraud prevention and detection and credit risk reduction. Please note that these third parties may retain a record of the information that we provide to them for this purpose.

We may share your personal data with government bodies and law enforcement.

We may also share your personal data with our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

Marketing preferences, adverts and cookies

Marketing - your preferences

We may send you marketing communications and promotional offers:

  • if you have created an account with us or purchased goods from us, or registered for a promotion or event, and you have not opted out of receiving marketing (in accordance with your preferences, as explained below);
  • by email if you have signed up for email newsletters;

We may use your personal data (as outlined in the ‘Personal Data We Collect’ section) to form a view on what we think you may like, or what may be of interest to you, and to send you details of products and offers which may be relevant for you.

We will ask you for your preferences in relation to receiving marketing communications by email, post, SMS and other communication channels.

You will always have full control of your marketing preferences. If you do not wish to continue receiving marketing information from us (or any third party, if applicable) at any time:

  • you can unsubscribe or ‘opt-out’ by using the unsubscribe button and following the link included in the footer of any marketing email; or
  • account holders may withdraw their consent by simply logging in to the Data Access Gateway Tool and editing their contact preferences our Emarsys application directly.

We will process all opt-out requests as soon as possible, but please note that due to the nature of our IT systems and servers it may take a few days for any opt-out request to be implemented.

Cookies

Our website uses cookies to distinguish you from other users of our website and to keep track of your visits. They help us to provide you with the very best experience when you browse our website and to make improvements to our website. They also help us and our advertising networks to make advertising relevant to you and your interests.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

For detailed information on the cookies which we and our third-party providers use and the reasons why we use them, please refer to our Cookie Policy.

Online ads

We use online advertising to keep you aware of what we’re up to and to help you find our products. Like many companies, we may use targeted GRYT banners and ads to you when you use other websites and apps. We do this using a variety of digital marketing networks and ad exchanges, and a range of advertising technologies such as web beacons, pixels, ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience Service.

Our use of analytics and targeted advertising tools

We use a range of analytics and targeted advertising tools to display relevant website content on our website and online advertisements on other websites and apps to you. We use these tools to deliver relevant content to you in marketing communications (where applicable), and to measure the effectiveness of the advertising provided. For example, we use tools such as Google Analytics to target and improve our marketing campaigns, marketing strategies and website content. Additionally, we use tools such as TikTok for advertising purposes to reach audiences and promote our products. We also use tools provided by other third parties, such as Criteo and Disco Growth Network to perform similar tasks. If you would like any further information about the data collected by these third parties or the way in which the data is used, please contact us on hello@gotgryt.com.

In order to opt out of targeted advertising you need to disable your ‘cookies’ using our website cookie tool (see Cookie Policy for details) or opt-out of the relevant third-party Ad Settings.

Links to other websites and third parties

Our website may include links to and from the websites of our partner networks, advertisers and affiliates, or to social media platforms. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to their websites.

Transferring Your Data Outside the EEA

The personal data we collect from you may be transferred to, and stored at, destinations outside the European Economic Area ("EEA") using legally-provided mechanisms to lawfully transfer data across borders. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfillment of your order, the processing of your payment details and the provision of support services. We will take all steps necessary to ensure that your data is treated securely and in accordance with this privacy notice.

If we share your personal data outside of the European Economic Area, we ensure that there is an appropriate transfer mechanism in place to protect your personal data and comply with our data protection obligations.

Please contact us if you want further information on the countries to which we may transfer personal data and the specific mechanism used by us when transferring your personal data outside the EEA – hello@gotgryt.com.

Storing and Securing your Data

Storing your data

We need to retain your personal data to satisfy our legal obligations, to deal with complaints and queries, in order to resolve, litigate or defend a dispute and to prevent fraud and abuse.

Having obtained your consent (or other legal basis) to contact you, we will retain your personal data for marketing and analysis purposes until you withdraw your consent. If you choose to withdraw your consent to marketing, we will delete your personal data from our systems, unless we have another legal basis to retain it, which may include performance of our contract with you.

We will not keep your personal data for longer than is necessary and when we no longer need to keep it, we will securely destroy, delete or anonymise it.

Securing your data

The communication between your browser and our website uses a secure encrypted connection wherever your personal data is involved.

We have put in place physical, electronic and managerial security procedures in the storage and disclosure of your personal data to protect it against accidental loss, destruction or damage. Nevertheless, any data transmission over the internet or by any other means can never be fully secure, such is the character of the internet, and provision of personal data by you to us is at your own risk. We take all reasonable measures to protect your personal data by putting appropriate technical and operational security measures in place.

When we disclose your personal data to trusted third parties (for the purposes set out in this notice), we require all third parties to have appropriate technical and operational security measures in place to protect your personal data, and we work with them to ensure that your data protection and privacy rights are respected. Where your personal data is shared with a third party, it must only be used for the purposes for which it was supplied.

In the unfortunate event of a personal data breach, we will notify you and any applicable regulator when we are legally required to do so.

The California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. You have the right to request that businesses subject to the CCPA (which may include our Merchants with whom you have a relationship) disclose certain information to you about their collection and use of your Personal Information over the past 12 months. In addition, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of that sale. Finally, a business cannot discriminate against you for exercising a CCPA right.

When offering services to its Merchants, GRYT acts as a “service provider” under the CCPA and our receipt and collection of any consumer Personal Information is completed on behalf of our Merchants in order for us to provide the Service. Please direct any requests for access or deletion of your Personal Information under the CCPA to the Member with whom you have a direct relationship.

Consistent with California law, if you choose to exercise your applicable CCPA rights, we won’t charge you different prices or provide you a different quality of services. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your Personal Information, we will not do so unless the benefits to you are reasonably related to the value of the Personal Information that you provide to us.

Changes to this privacy notice

From time to time we may change this privacy notice. If there are any significant changes we will post updates on our website, applications or let you know by email.

How to contact us

We welcome feedback and are happy to answer any questions you may have about your data.

You can contact us at:

Email: hello@gotgryt.com

This notice was most recently updated: May 5, 2023