top of page

Privacy Policy

​​

Introduction

Grass & Grill (‘we/our/us’) conduct all our business with honesty and are committed to acting professionally, ethically and with integrity in all our relationships. This Privacy Policy applies throughout our international network.

This Privacy Policy explains how we use your personal data when dealing with Grass & Grill. This Privacy Policy applies to the personal data of our website users, customers and other individuals we interact with.

As a Data Controller we comply with applicable data protection legislation across our international network, including but not limited to (i) EU General Data Protection Regulation ((EU) 2016/679) (‘EU GDPR’); (ii) UK General Data Protection Regulation (as defined in The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019)  (‘UK GDPR’); and (iii) UK Data Protection Act 2018, and any subsequent legislation when handling your personal data (the ‘UK Data Protection Law’).

We reserve the right, at our discretion, to change, modify, add, or remove portions of this Privacy Policy at any time. Please regularly check the Privacy Policy for any changes, this would be signified by the last updated date. Please take time to read this Privacy Policy carefully and get in touch with us if you have any questions or concerns.

 

Key summary

This website only collects data that you enter into the website, for example, to submit an enquiry. If you subscribe to any of our mailing lists, we will use your information to send you the information you have requested.

We use cookies which collect information about the usage and performance of our website. The information that the cookies collect is anonymous. We use this information to analyse usage of our website by visitors to improve its performance and to inform decisions about content, layout and operation of the website and our services or products.

 

Contact Us

If you have any questions, comments, or concerns about our Privacy Policy, you may email us at data.controller@hiltonfoodgroup.com. Additionally feel free to send correspondence to the following address:

For the attention of The Data Controller,

c/o The Company Secretary,

2-8 The Interchange, Latham Road,

Huntingdon,

Cambridgeshire,

PE29 6YE.

 

What personal data do we collect?

We may collect and process the following types of personal data:

  • Personal Identification Information: Name, age range, email address, phone number, postal address.

  • Business Information: Company name, job title, and business contact details.

We do not collect any sensitive personal data about you.

 

How do we collect and use your personal data?

​

For all Website Users: Please refer to ‘Website Users’ section here.

​

For Customers:

  1. The personal data that we receive from you directly

  2. Where you contact us proactively, usually by contact form on the website, phone or email; and/or where we contact you either by phone or email, or through our business development activities. The personal data that we receive from other sources. We may seek more information about you from other sources by way of market intelligence.

  3. The personal data that we collect automatically

To the extent that you access our website or read or click on an email from us, we may also collect your data automatically or through you providing it to us.

​

The main reason for using information about customers is to ensure that the contractual arrangements between us can be properly implemented so that the relationship can run smoothly.

We have listed below the several ways in which we use your data in order to facilitate this.

  • Maintaining and updating your contact details;

  • Keeping records of communications to tailor our services ;

  • Undertaking customer satisfaction surveys;

  • Performing credit checks through Credit Reference Agencies (CRAs) to verify your identity, assess suitability, manage your account, recover debts, and prevent criminal activity.

 

How do we safeguard your personal data?

We are committed to taking all reasonable and appropriate steps to protect the personal data that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures for example data protection policies and IT security procedures.

If you suspect any misuse or loss of or unauthorised access to your personal data, please let us know immediately. Details of how to contact us is here.

 

How long do we keep your personal data for?

We retain your personal data for as long as necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

We will not hold your personal data for longer than is necessary. The length of the retention period will be in accordance with the local data retention policy, which will be dependent on the following circumstances: 

  • The end of the relationship

  • The completion of the purpose for which the personal data was given

  • Our legal obligations in relation to that personal data 

  • The type of data

 

What are my rights regarding my personal data?

You retain specific rights over your personal data, even after sharing it with us. These rights are designed to protect your privacy and give you control over your information.

  • Right to be informed: You have the right to know why personal data is collected and what will be done with it. By this Privacy Policy we are informing individuals what data we are collecting and for what purpose.

  • Right of access: You can request what information we hold about you, as well as why we have that information, who has access to the information and where we got the information.

  • Right to correct and update: If the data we hold about you is out of date, incomplete or incorrect, you can inform us, and we will ensure that it is updated.

  • Right of erasure: If you feel that we should no longer be using your data, or that we are illegally using your data, you can request that we erase the data we hold. We will confirm whether the data has been deleted or tell you the reason it cannot be deleted.

  • Right to restriction: You have the right to require us to restrict processing of your personal data under certain circumstances.

  • Right to data portability: You have the right to transfer your data from one data controller to another. We must either give you a copy of your data or transmit it directly to the new data controller.

  • Right to object or withdraw consent: You have the right to request that we stop processing your data. We will confirm if we are able to comply with your request or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your data to comply with your other rights.

 

How to Exercise Your Rights

You can read more about these rights here. For any requests or questions about your rights, please contact us here. We may need proof of identity to confirm the request. Note that we may keep a record of communications to help address any issues. Rest assured, we will respond promptly within one month and explain if there are any reasons we cannot comply with your request.

 

The lawful basis of processing your personal data

We process your personal data based on the following legal grounds:

  • Consent: We process your data with your explicit consent, provided after giving you all relevant information. While most of your data protection rights apply, including the right to withdraw consent at any time, please note that the right to object does not apply in this context.

  • Contractual Necessity: Processing is required to fulfil a contract we have with you, or to take steps at your request before entering a contract.

  • Legal Obligation: We process your data when necessary to comply with legal obligations.

  • Legitimate Business Interests: We may process your data for our legitimate business purposes, provided your rights do not override these interests. This includes:

    • Communicating service updates or resolving issues.

    • Maintaining website security and usability.

    • Improving our services and developing new ones.

    • Investigating or responding to complaints or ethical concerns.

  • Vital interests: Collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk.

​​

Sharing and Transferring your Personal Data

We may share your personal data with trusted  individuals and organisations for specific purposes, including:

  1. Group Companies: The brand Grass & Grill is operated by Hilton Foods UK, a subsidiary of Hilton Food Group Plc.

  2. Authorities and Regulators: Tax, audit, or other authorities when required by law or regulation (e.g., requests from tax authorities or in anticipation of legal proceedings).

  3. Third-Party Service Providers: External consultants, professional advisers (including lawyers, auditors, accountants), as well as technical support teams and IT consultants for system testing and development.

  4. Business Transfers: In the event of a merger or acquisition, or meaningful discussions regarding such actions, your data may be shared with the prospective owners of the business.

 

International Data Transfers

Your personal data may be transferred across our global network including outside the European Economic Area (EEA). When this occurs, we ensure your data is protected through appropriate safeguards, such as:

  1. Internal Data Protection Framework: We have rules which include all general data protection principles and enforceable rights to ensure appropriate safeguards.

  2. Adequacy Decisions: We will only transfer your personal data to countries where privacy laws ensure an appropriate level of protection as signified by the adequacy decisions.

  3. Data Transfer Agreements: Hilton Foods will have data transfer agreements when entering contracts with third parties so that your personal data is protected to the same standards as stipulated by GDPR.

  4. Contractual Necessity: In cases where data transfer is required to fulfil or perform a contract in your interest, such as if you are a client and the transfer is necessary to meet contractual obligations.

  5. Your Consent: If you have explicitly consented to the transfer of your data outside the EEA.

If you would like more details or a copy of the specific safeguards applied to any transfer, please contact us using the details provided here.

​

Website Users

When you visit our website there is certain information that we may automatically collect, whether you decide to use our services. This includes your IP address, the date, times, and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via the website, for example when downloading or requesting a report.

​

Use of Third-Party Services

The website host and administrator, ‘Wix,’ functions as a processor of personal data to manage contact forms and other information. The website host is contractually bound by Grass & Grill as a processor. Please visit the Wix Privacy Policy here for more information.

When someone visits Grass & Grill we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor activity patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone.

We use a third-party service to help maintain the security and performance of our website. To deliver this service it processes the IP addresses of visitors to the Grass & Grill website but does so passively by not recording any personal data.

Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either Grass & Grill or any third party. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will let you know about this. We will make it clear when we collect personal data and will explain what we intend to do with it.

​

Use of Cookies

A "cookie" is a bite-sized piece of data that is stored on your computer's hard drive. They are used by all websites and do not harm your system. We use them to track your activity to help ensure you get the smoothest possible experience when visiting our website. We can use the information from cookies to ensure we present you with options tailored to your preferences on your next visit. We can also use cookies to analyse traffic and for advertising purposes.

You can read more about how we use cookies on our cookies page. You also have the option to set your own cookies settings from the menu at the bottom of our website.

​

Links to other websites

This privacy policy does not cover the links within this site linking to other websites. We encourage you to read the privacy policy on the other websites you visit.

We may also use third parties to provide apps, tools, widgets, and plug-ins for our online services, which may collect information about how you use these features. These organisations have their own privacy policies, and we would again encourage you to visit their websites and view the privacy policies.

 

Complaints or queries

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy policy. The Data Controller is obliged to record and to respond to your complaint.

If you remain unhappy with how we have used your data after raising a complaint with us, you can also complain to the ICO or relevant local authority.

The ICO’s address:          

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

bottom of page