Identity and contact details

Please click here to find out more about yesto. Our office address is Carrick House, Lypiatt Road, Cheltenham, Gloucestershire, GL50 2QJ. You can contact us by email using dataprivacy@www.yesto.co.uk. We are registered at Companies House as Yes To Carrots UK Limited (registration number is 08518091).

Our designated supervisory authority under the General Data Protection Regulation (GDPR) is the Information Commissioner’s Office (ICO). We are based in the United Kingdom.

What data we collect

We process data on data subjects who have approached us with feedback (including any complaints about our products). We use ‘Consent’ as the lawful reason for processing data on these data subjects and process their data only so that we can investigate and respond to their feedback. We can capture special category information on these data subjects if they provide that information to us or on social media when they submit their feedback. We use the following conditions, depending on how the data subject has provided the special category data:

  • “the data subject has given explicit consent to the processing of those personal data for one or more specified purposes” where the data is provided directly to us, or
  • “relates to personal data which are manifestly made public by the data subject”, where the special category information has been published by the data subject on social media and Yes To are following up with them on their feedback.

We collect, store and access information on potential influencers so that we can approach them to see if they will promote our products, or influencers so that we can engage with them in promoting our products. We use ‘Consent’ to process this data. We do not capture special category information on this data.

We process information on contractors and suppliers so that we can review and use their services and products. We use ‘Legitimate Interest’ to process this data. We have completed the specification, gate analysis and balancing tests specified under GDPR for this data. We do not capture special category information on this data.

We collect and process information on potential customers so that we can engage with them so that they can sell our products. We use ‘Legitimate Interest’ to process this data. We have completed the specification, gate analysis and balancing tests specified under GDPR for this data. We do not capture special category information on this data.

We collect, store and access information on customers so that we can support them in supplying them and helping them to promote our products. We use ‘Contract’ to process this data. We do not capture special category information on this data.

We process information on Yes To staff (including contractors) and data subjects who apply to Yes To for employment, so that we can setup and manage their employment. We use ‘Contract’ to process this data. We can capture special category information on this data and use category (b) of Article 9(2) of the GDPR (“necessary for the purposes of carrying out the obligations … in the field of employment…”) as the condition for processing this data.

Other information on what we do with data

We store and process data for which we act as Data Controller in the United Kingdom.

We carry out restricted transfers of some employee data to our parent company in the United States of America. We can make this transfer because we have (or are in the process of) signing standard model clauses between Yes To and our parent company, Yes To Inc.

We delete data relating to financial payments after 6 years, as we are required to retain information for HMRC.

Records relating to suppliers, contractors, consumers of our products, prospective customers, customers and ex-customers will be removed from our systems 2 years after there has been no engagement with a contact.

We will remove data relating to employees and other staff one year after the end of their contract unless we are required to retain the information for employment law or other legal needs.

All records are disposed of securely when deleted.

How we look after data

We take reasonable technical and procedural precautions to prevent the loss, misuse or unauthorised alteration of personal data.

We store the personal data that we collect securely.

We do not publish the details of the safeguards we use to protect the personal data that we control as this could reduce the effectiveness of those safeguards.

Cookies

Cookies are text files placed on your computer to collect information about which pages you visit, and how long for. This information is used to track use of the website and to compile statistical reports on website activity.

When you visit our website you will be presented with a choice which will allow you to decide whether cookies are used or not. In a few cases some of our website features may not function if you choose not to allow cookies on our website.

Other websites

Our website contains links to other websites. This privacy policy only applies to this website, so when you link to other websites you should read their own privacy policies.

Your rights

Yes To recognises the rights of data subjects as defined in the General Data Protection Regulation (GDPR).

We will always seek to uphold those rights and the links provided will enable you to communicate with us to exercise those rights, where relevant.

  • Your right to be informed (this page and further information in communications we might send to you)

Click on the following links to send us an email so that you can exercise your rights.

Yes To recognises your right to lodge a complaint with a supervisory authority. You can access the ICO’s website.