Privacy Notice


 

1. Introduction

At MPM Products Limited we take your privacy very seriously. Please read this Privacy Notice and any other privacy notice or fair processing notice we may provide on specific occasions carefully, as it will help you understand what information we collect, why we collect it, and how in certain circumstances you can update, correct, and delete your information.

This Privacy Notice has been drafted in accordance with the relevant laws of the United Kingdom but may be applied to personal information processing activities globally. The processing activities may be more limited in some jurisdictions due to the restrictions of their laws. For example, the laws of a particular country or individual US state may limit the types of personal information we can collect or the way we process that personal information. In those instances, we may adjust our internal policies and/or practices to adapt to the requirements of local law.

The following document outlines how MPM Products Limited, along with our subsidiaries, collects, uses, and protects your personal data across all our websites [applaws.com, encorepetfood.com, revealpetfood.com, and mpmproducts.co.uk] and digital platforms (“Websites”) and when you contact us by phone, email, or social media.

2. Who we are

MPM Products Limited, (‘we,’ ‘our,’ or ‘us’). Company number 04610825 of Trident 3 Business Park, 2nd Floor, Styal Road, Manchester, England, M22 5XB.

3. Our contact details

Please contact us via the MPM Privacy Team.
By email: [email protected]
By mail: Trident 3 Business Park, 2nd Floor, Styal Road, Manchester, England, M22 5XB

4. Key Terms

It may help you if we explain some key terms used in this policy:

We, us, our MPM Products Limited and our subsidiaries [including revealpetfood.com]
Data Protection Lead [email protected]

Personal data (also called personal information) is information that identifies you as an individual.

Some examples are outlined below:

Personal data is anything that may identify you, for example your name, address, bank account details, Internet Protocol (IP) address, username, or another identifier.

Some personal data is unique to you and therefore requires greater protection. This data is referred to as sensitive or special category data, which includes but is not limited to information regarding your health, religious or philosophical beliefs, race, or ethnicity. Where the definition of personal or sensitive data differs under either national or, within the US, state law and this impacts on your rights, we will take this fully into consideration at the time of processing.

5. How we get the information about you

For us to operate effectively, we may request and collect information about you.
We collect personal data from you in two ways:

  • Directly, when you enter or send us information, such as when you register with us, contact us (including via email or customer contact forms), subscribe to our newsletters or other communications, apply for a vacancy, or send us feedback.
  • Indirectly, such as your browsing activity while on our Website. For specific details, please refer to our Cookie Policy.

6. The data we collect about you

While you are using our Website(s), we may ask you for some personal data, such as your name, email address, address and phone number, demographic information such as your age, gender, location, product preferences, and interests in relation to customer surveys.

We will also collect payment information, including transaction and payment card information, credit profile, transaction history, and bank details, when you purchase goods or services from us.

We may also collect details of the pages you visited on our Website(s), your IP address, devices you use, and website address you used to access our Website(s) or applications to serve your location and tailor our Websites to you. We may also collect information about how you use our Website(s), mobile applications, IT, communication, and other systems.

The definition of a child for the purposes of data protection differs across different jurisdictions. To ensure that we comply with these definitions, we do not knowingly collect personal data of those under the age of 16 unless with the implicit consent of their parent or guardian.

7. Sensitive or Special Category Data

The GDPR defines special category data (sensitive data) as: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. In the normal course of the provision of our services, we do not intentionally collect this type of personal data. This definition may differ in some US states, and where applicable this has been considered in our processing activities.

Where you choose to provide us with this information in your communication with us or in your CV, we will only process that sensitive personal information in accordance with our lawful basis.

8. How we process and use your information

We need your personal information to conduct our business and provide you with our Website(s) and services. Most commonly, we will use your personal information in the following circumstances:

  • Operate and improve our business, services, and Website
  • Provide you with services, products, content, customer service, and functionality
  • Honor our terms of use and contracts
  • Manage our relationship with you
  • Process and complete payments, orders, returns, and other transactions
  • Improve our products and services and develop new products and services
  • Maintain our databases and backups, including records of our communications with you
  • Ensure the privacy and security of the Website and our services
  • Detect fraud and prevent loss
  • Improve our customer service
  • Communicate with you and respond to your feedback, requests, questions, or inquiries
  • Promote our products and services to you
  • Contact you about other products and services
  • Improve our marketing efforts, including by providing more tailored advertising
  • Administer a contest, promotion, or survey
  • Assess the success of our marketing and advertising campaigns
  • Support and improve the Website, including evaluations of functionality and features
  • Analyse use of the Website and our services and prepare aggregate traffic information
  • Recognize your device and remember your preferences and interactions
  • Provide you with a more personal and interactive experience on the Website
  • Determine and track user interests, trends, needs, and preferences
  • Facilitate corporate mergers, acquisitions, reorganizations, dissolutions, or other transfers
  • Obtain and maintain insurance coverage, manage risks, and obtain professional advice
  • Accomplish any other purpose related to and/or ancillary to any of the purposes and described in this Privacy Notice for which your information was provided to us

We will only collect, process, and/or use the personal information where we are satisfied that we have an appropriate legal basis to do so.

10. Safeguarding your personal information

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We will review, monitor, and update these security measures to meet our business needs, changes in technology, and regulatory requirements. In addition, we limit access to your personal information to those employees, agents, contractors, and other third parties that have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information.

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally or morally required to do so.

11. Keeping your personal information

We will keep your personal information in line with our retention policy and applicable law and for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

12. Information Sharing

Insofar as is reasonably necessary for us in delivering our products and services and for the purposes set out in this Privacy Notice, we may share your personal information with the third parties below that help us manage our business and deliver our products.

We only allow those organizations to handle your personal information if we are satisfied they take appropriate measures to protect your information. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.
We or the third parties mentioned below occasionally also share personal data with the following:

  • Our and their external auditors, e.g. in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations.
  • Our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations.
  • Law enforcement agencies, courts, tribunals, and regulatory bodies to comply with our legal and regulatory obligations.
  • Other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering, or in the event of our insolvency – usually, information will be anonymized, but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.
  • The nature of our business means that in accordance with our legitimate interest assessment (Article 6(1)(f) of the GDPR), we may share personal data with our clients.

The specific kind of information we share will depend on your activities with us and in accordance with Articles 13 and 14 of the GDPR and only to the extent as required or permitted by law.

Please note, however, that this Privacy Notice does not apply to sharing of personal information by third-party providers that may collect personal information from you and may share it with us. In these situations, we strongly advise reviewing the applicable third-party provider’s privacy notice before submitting your personal information.

13. Marketing

If you provide us with your contact details (e.g. email address), we may contact you to let you know about the products, services, promotions, and events offered that we think you may be interested in.
You can unsubscribe from our marketing and promotional communications by clicking the unsubscribe link in the emails or by contacting us at [email protected]
You will then be removed from the marketing list; however, we may still communicate with you, for example to send you service-related messages that are necessary to respond to your requests or for other non-marketing-related purposes.

Where there are differences in legislation within different jurisdictions, including relevant US states, we will respond to marketing requests accordingly once we have established your state of residency.

14. Transferring your outside the UK

The EEA, UK, and other countries outside the EEA and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.

It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases, we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.

Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:

  • In the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR. A list of countries the UK currently has adequacy regulations in relation to is available here.
  • In the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR. A list of countries the European Commission has currently made adequacy decisions in relation to is available here.
  • There are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you.
  • A specific exception applies under relevant data protection law.

Where we transfer your personal data outside the UK, we do so on the basis of an adequacy regulation or (where this is not available) legally approved standard data protection clauses recognized or issued further to Article 46(2) of the UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy.

15. Third-party services, websites and plugins

You should be aware that information about your use of our Website (including your IP address) may be retained by your Internet Service Provider (ISP), the hosting provider, and any third party that has access to your Internet traffic.

Our Website contains links to third-party websites and plugins, for instance a social media login plugin. If you choose to use these websites, plugins, or services, you may disclose your information to those third parties.

We are not responsible for the content or practices of those websites, plugins, or services. The collection, use, and disclosure of your personal information will be subject to the privacy notices of these third parties and not this Privacy Notice. We urge you to read the privacy and cookie notices of the relevant third parties.

16. What happens if you don’t provide your information?

You may always choose what personal information (if any) you wish to provide to us. Please note, however, that some of our products and services to you may be affected if you choose not to provide certain details, for example we cannot reply to you without a name or contact details.
We also need your personal information to be able to assess your application for our vacant job roles.

17. What are your rights?

As a data subject, you have the following rights under UK and EU data protection laws:

  • The right to be informed about the way we collect and use your personal data.
  • The right of access to the personal data we hold about you.
  • The right to rectification if any personal data we hold about you is inaccurate or incomplete.
  • The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (we only hold your personal data for a limited time, as explained in this Privacy Notice, but if you would like us to delete it sooner, please contact us).
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to data portability (obtaining a copy of your personal data to reuse with another service or organization).
  • The right to object to us using your personal data for particular purposes.
  • Rights with respect to automated decision making and profiling (please note that we do not ordinarily use automated decision making, including profiling, in the normal course of our activities).

We may require you to confirm your identity by providing further identification to assist us with your request to access your personal data (or to exercise any of your other rights).

In most circumstances, you will not have to pay a fee to exercise any of your rights. However, if your request is unfounded or excessive, we may decide to charge an administrative fee or in some cases refuse to comply with it. We will provide you with a reason your request was refused.

We will consider and act upon any requests in accordance with applicable data protection laws. A breakdown of your rights if you are resident within relevant US states is provided in section 23 of this Privacy Notice.

18. Specific Rights relating to California residents

  • Right to access
    You have the right to request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, and sell.
  • Right to delete
    You have the right to request that we delete personal information that we collect from you, subject to applicable legal exceptions.
  • Right to opt out of sale of personal information
    You have the right to “opt out” of the “sale” of your “personal information” to “third parties” (as those terms are defined in the CCPA).
  • Process to make a CCPA request

Making access and deletion requests

To make an access or deletion request, please email [email protected]. Before completing your request, we may need to verify your identity. We will send you a link to verify your email address and may request additional documentation or information solely for the purpose of verifying your identity.
Making requests to “opt out” of the “sale” of “personal information”
To submit a request to opt out of the sale of your personal information, please contact us at [email protected].
You have the right not to receive discriminatory treatment for the exercise of your privacy rights conferred by the CCPA.

Shine the Light Act

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by us to third parties for the third parties’ direct marketing purposes. Pursuant to California Civil Code Section 1798.83(c)(2), we do not share your personal information.

19. Lawful Basis for processing your personal data

We will use your personal data only when legally permitted. We may use your data in a variety of ways that enables us to provide legal services, including to provide legal advice and to conduct legal proceedings on behalf of our clients and/or to assist in the prevention of fraud, or where it is necessary for our legitimate interests (or those of our clients or a third party) and your interests and fundamental rights do not override those interests, or where we need to comply with a legal or regulatory obligation.

Under the UK/EU GDPR, the lawful bases we may rely on for processing your personal data are:

Consent – you have given clear consent for us to process your personal data for a specific purpose. Please note – for any processing we undertake that relies on your consent, you can remove your consent at any time by contacting our Data Protection Officer at [email protected].

Contract – the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

Legal obligation – the processing is necessary for us to comply with the law.

Vital interest – the processing is necessary to protect your life.

Public task – the processing is necessary for us to perform a task in the public interest or our official functions, and the task or function has a clear basis in law.

Legitimate interest – the processing is necessary for our legitimate interests or the legitimate interests of a third party and ours or the third parties’ legitimate interests do not override your interests and fundamental rights. Before the use of legitimate interest as a basis for processing, we will undertake a legitimate interest assessment.

20. Complaints

We hope that we can resolve any query or concern you raise about our use of your information. Please contact us at [email protected] first and title your email “Complaint.” All complaints will be treated in a confidential manner, and we will try our best to deal with your concerns.

You have the right to lodge a complaint with a supervisory authority in the EEA member state where you work or normally live, or where any alleged infringement of data protection law occurred.

The details of European supervisory authorities can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

The supervisory authority in the UK is the ICO which may be contacted at https://ico.org.uk/concerns or by telephone on 0303 123 1113.

21. Questions or Concerns

If you have any questions, concerns, or complaints about this Privacy Notice, or our privacy practices in general, please email us at [email protected].

22. Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time. We may make changes as required to comply with changes in applicable laws or regulatory requirement, and we encourage you to review this Privacy Notice periodically to be informed of how we use your personal information.

23. Consumer Rights in Relevant US States

State Right to access Right to correct Right to delete Right to opt out of certain processing Right to portability Right to opt out of sales Right to opt in for sensitive data processing Right against automated decision making Private right of action
California YES YES YES No Sensitive data only Yes No Yes Limited to certain violations only
Colorado YES YES YES right to opt-out of processing for profiling/targeted advertising purposes YES YES YES Right to opt out of certain automated decision-making No
Connecticut YES YES YES right to opt-out of processing for profiling/targeted advertising purposes YES YES YES Right to opt out of certain automated decision-making NO
Delaware YES YES YES right to opt-out of processing for profiling/targeted advertising purposes YES YES YES YES NO
Indiana YES YES YES right to opt-out of processing for profiling/targeted advertising purposes YES YES YES Right to opt out of certain automated decision-making NO
Iowa YES NO YES NO YES YES NO NO NO
Montana YES YES YES right to opt-out of processing for profiling/targeted advertising purposes YES YES YES Right to opt out of certain automated decision-making NO
New Jersey YES YES YES right to opt-out of processing for profiling/targeted advertising purposes YES YES YES Right to opt out of certain automated decision-making NO
Oregon YES YES YES right to opt-out of processing for profiling/targeted advertising purposes YES YES YES Right to opt out of certain automated decision-making NO
Tennessee YES YES YES right to opt-out of processing for profiling/targeted advertising purposes YES YES YES Right to opt out of certain automated decision-making NO
Texas YES YES YES right to opt-out of processing for profiling/targeted advertising purposes YES YES YES Right to opt out of certain automated decision-making NO
Utah YES NO YES right to opt-out of processing for profiling/targeted advertising purposes YES YES NO NO NO
Virginia YES YES YES right to opt-out of processing for profiling/targeted advertising purposes YES YES YES Right to opt out of certain automated decision-making NO
Colour Code
Green, Law enacted.
Amber, Law enacted within next 12 months.
Red, Law enacted beyond 12 months.

 
Last Updated: Thursday, June 20, 2024