GOPREP
PRIVACY POLICY
Prior version: April 8th, 2019
Last Updated: June 26th, 2023
This privacy policy describes how and why My Quick Startup LLC doing business as (DBA) GoPrep (“we”, “us”, “our” or “GoPrep<span) collect, store, use and share your personal data when you use our software technology (including our online platform) and services (together, the “Services”). It also explains your rights in relation to your personal data and how to contact us or supervisory authorities should you have a complaint.
We collect, use and are responsible for certain personal data about you. GoPrep is a “controller” of your personal data. This is a legal term, and it means that we make decisions about how and why we use your personal data, and who has access to it. We are responsible for making sure your personal data is used in accordance with data protection laws.
Organisations that use, access, store, and transmit your personal data are defined as “processors”. We will therefore be a controller and a processor of your personal data. Anyone we share your personal data with have responsibilities under data protection laws as well as contractual obligations under terms that we will have put in place with them. We are responsible for the secure treatment of your personal data, and that at all times, anyone who accesses it does so in accordance with data protection laws.
When we collect your personal data, we will need to ensure that we comply with the data protection laws that apply in the country in which we provide you with our Services. Details about your rights and the laws that apply to our collection and processing of your personal data are set out in Schedule 1.
In summary…
- We collect and use your personal data strictly in adherence with data protection laws and only in order to provide you with our Services. This can include customer communications, complying with our legal obligations, and to improve and monitor the performance of our Services, as set out in Schedule 2.
- You have a number of rights in relation to your personal data as set out in Schedule 1 under ‘Your rights’.
- We comply with data protection laws that apply to the country in which you reside and where we provide our Services as set out in Schedule 1 under ‘Applicable data protection laws’
- We may disclose some of your personal data, to third parties in order to provide the Services to you.
- We do not collect any sensitive data, called ‘special category personal data’ from you.
- We have measures in place to safeguard your personal data when we transfer it to different parts of the world.
- We take steps to minimise the amount of personal data we hold about you and to keep it secure
- We do not intend to collect and process any personal data of any person who is considered a child, and in all circumstances, where a person is under the age of 13 years of age.
- We delete your personal data when we no longer need it, and we have policies in place to govern when that is.
- We collect cookie data and we have set out the cookies we use on our website as Schedule 4.
- Our collection of personal data from individuals in the US is subject to various state laws. If the California Consumer Privacy Act of 2018 (‘CCPA’) applies to you, we have set out our specific CCPA Privacy Notice at Schedule 3.
- We are happy to answer your questions about any of the above – please send them to [email protected]
Key terms
It would be helpful to start by explaining some key terms used in this policy:
| Term | Meaning |
|---|---|
| We, us, our | My Quick Startup LLC doing business as (DBA) GoPrep of 1622 Bay Ridge Ave, Brooklyn, NY 11204 (914) 200-4533 |
| Data subject | The individual who the personal data relates to |
| Personal data | Any information relating to an identified or identifiable individual |
What types of personal data do we collect and where do we get it from?
We have developed an online platform for businesses and consumers to find and order weekly meals from meal preparation companies. There may also be other Services we provide that are not listed here but where we do so, the provisions contained within this policy shall apply to our collection and use of your personal data.
We collect, use, store and transfer different kinds of personal data about you which is vital for us to provide you with our Services. For further information about the types of personal data we collect and where we obtain it from, please see Schedule 2.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we will not be able to provide our Services to you.
We will make it clear to you where disclosure of your personal data is optional. The provisions of this policy apply when we obtain your personal information from you, other people or organisations (such as from public sources, or third-party service providers).
If any of the personal information that you have provided to us changes, please inform us by contacting [email protected]
Children’s personal data
Our Services are not intended for children, and we do not knowingly collect personal information relating to children.
If you have provided us with information relating to children, please contact us so that we can review the circumstances of such collection (or processing, as applicable).
How we use your personal data
We will only use your personal data when the law allows us to. We have set out the different purposes for which we process your personal data in Schedule 2 under ‘Legal purpose for processing personal data’.
Where our processing is based on your consent, you can withdraw your consent at any time by contacting [email protected]. Please note that if you do this, it won’t affect any of the processing we have already done prior to the withdrawal of your consent.
We also process certain categories of personal data where we have a lawful legitimate interest for doing so. Legitimate interest processing occurs when we have a business or commercial reason to use your personal data, your interests and fundamental rights do not override those interests.
Special category personal data
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
What marketing activities do you carry out?
We may use your personal data to send you updates by email, text message, telephone, or post about our Services, including exclusive offers, promotions, or new Services.
We have a legitimate interest in using your personal data for marketing purposes. This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by:
- contacting us at [email protected], or
- using the ‘unsubscribe’ link in our emails if one is provided.
We may ask you to confirm or update your marketing preferences if you ask us to provide further Services in the future, or if there are changes in data protection laws or regulation within the country that you reside. We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
Who do we share your personal data with?
We only share personal data in accordance with data protection laws.
We share personal data with:
- Third parties such as Facebook Inc, and Google Inc, where you enrol to our Services via these third party organisations
- To our affiliates, where you have been referred to us in order to receive or use any of our Services
- Our professional advisors (such as lawyers or auditors) and in each case, only where such disclosure is subject to the highest level of security and confidentiality
- Third parties we use to help deliver our Services to you, such as meal preparation providers and related food industry providers that are relevant to the Services we provide to you to you
- Law enforcement agencies, courts, tribunals, and regulatory bodies where we are compelled to do so to comply with our legal and regulatory obligations
- Our bank, insurers, and brokers, but only where it is absolutely necessary and required in order for us to continue providing Services to you
We will not share your personal data with organisations unless we are satisfied they take appropriate measures to protect your personal data.
Where do we hold or store your personal data?
Your personal data is securely held at our dedicated data servers, which are located in the United States. If you would like more information regarding where your personal data is stored, please contact us.
How long will we keep your personal data?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Where in the world is your personal data transferred to?
We do not routinely transfer your personal data to anyone else once we have collected it unless it is necessary for us to provide our Services to you. In such circumstances, we transfer your personal data to recipients that are established in countries other than your own.
If you reside in the EU or the UK we will only share your personal data with organizations outside of the EU or the UK, we will not make the disclosure unless the following apply:
- The country to which the personal data is to be transferred ensures an adequate level of protection of your personal data; or
- We have put in place appropriate safeguards to protect your personal data, such as an appropriate contract with the recipient alongside any additional documents (such as standard contractual clauses, international data transfer agreement, or an addendum, as applicable); and
- The transfer is necessary for one of the reasons specified under data protection laws that apply, such as the performance of a contract between us and you
If you would like further information about data transferred outside of the country we provided our Services to you, please contact us at [email protected]
What are your rights and how can you exercise them?
We have set out your rights in Schedule 1 under ‘Your rights’. You have these rights, and they apply as soon as we collect any of your personal information. Should you wish to exercise any of your rights, please contact us at [email protected]
How do we keep your personal data secure?
We have appropriate security measures in place to prevent personal data from being used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it and apply encryption to any special category personal data. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures to deal with any suspected or actual data security breach. In certain circumstances, we will notify you and any applicable regulator of a suspected or actual data security breach where we are legally required to do so.
Cookies
A cookie is a small text file which is placed onto your device (e.g., computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us recognise you and your device and store some information about your preferences or past actions. We have outlined the cookies we use to collect personal data at Schedule 4.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
We use cookies for the following purposes:
- authentication – we use cookies to identify you when you visit our website and as you navigate our website.
- status – we use cookies to help us to determine if you are logged into our website.
- security – we use cookies as an element of the security measures to protect our website and services generally.
- advertising – we use cookies to help us to display advertisements that may be relevant to you.
- analysis – we use cookies to help us to analyze the use and performance of our website and services; and
- cookie consent – we use cookies to store your preferences in relation to the use of cookies more generally.
Cookies used by our service providers and/or affiliates.
Our service providers, affiliates and partners use cookies and those cookies may be stored on your computer when you visit our website.
We may use Google Analytics or similar tools to analyze the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/.
Managing cookies
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
- https://support.google.com/chrome/answer/95647?hl=en (Chrome);
- https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
- http://www.opera.com/help/tutorials/security/cookies/ (Opera);
- https://support.microsoft.com/en-gb/help/1744 (Internet Explorer);
- https://support.apple.com/kb/PH21411 (Safari); and
- https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
How to raise a complaint
Please contact us if you have any queries or concerns about our use of your personal data.
You have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data according to where you reside:
- United States: The relevant authority depends on the state in which you reside. Please contact us should you be unsure which data protection authority applies to you
- United Kingdom: The Information Commissioner’s Office (ICO)
- European Union: The relevant data protection authorities in each EU member state, with the lead authority being the one in the country where the main establishment of the data controller is located. The European Data Protection Board have oversight of each authority. Please contact us should you be unsure which data protection authority applies to you
- Rest of the world: The relevant authority depends on the country in which you reside. Please contact us should you be unsure which data protection authority applies to you
Updates to this privacy notice
We keep our privacy policy under regular review. This version was last updated on June 24th, 2023.
We may update this privacy policy from time to time to reflect changes to our processes, procedures, and categories of personal data. When we make changes, we will publish revised versions of this notice on our website https://www.GoPrep.com and you are encouraged to regularly check our website periodically. When there is a material change, we will email you outlining the material changes made.
Do you need extra help?
If you would like this notice in another format (for example audio, large print, braille) please contact us at [email protected]
SCHEDULE 1
Applicable data protection laws
The below table outlines the data protection laws that apply according to the country in which you reside, and includes any successor legislation, and all other legislation and regulatory requirements in force from time to time in your country.
| The country in which you reside | Applicable data protection laws |
|---|---|
| United States |
|
| European Union* |
|
| United Kingdom |
|
| Rest of the world |
|
*consisting of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxemburg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.
Your rights
If you would like to exercise any of the rights applicable to you as set out in the table below, please contract [email protected]. Please note that your rights may be subject to limitations and conditions, as set out in the data protection laws within your jurisdiction.
| The country in which you reside | Your rights |
|---|---|
| United States |
|
| European Union* |
|
| United Kingdom |
|
| Rest of the world | Your rights may differ depending on the country in which you reside, and we will abide by the rights afforded to you in your country under applicable data protection law. |
*consisting of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxemburg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.
SCHEDULE 2
Categories of personal data
The personal data we collect about you depends on the particular Services we provide to you, and who you are. We may collect some of the below information from you when we provide you with the Services. The table below sets out the categories of personal data we may collect and where we collect your personal data from.
| Types of personal data | Where/Who we collect it from |
|---|---|
Your contact details, including:
|
|
Personal information, including:
|
|
System and Platform usage and communication information, including:
|
|
Information collected during the administration activities of our business, including:
|
|
Marketing and communication data, including:
|
|
Legal purpose for processing personal data
The below table sets the lawful basis that allows us to process your personal data. Whilst a lawful basis for processing is not applicable in all of the countries in which we collect personal data, we apply the highest possible standards to protect you, so we will always ensure that where we process your personal data, we have a lawful basis for doing so.
| Purpose/Activity | Lawful basis | ||||
|---|---|---|---|---|---|
| Consent provided by you | Necessary to perform a contract between us | Necessary to comply with our legal obligations | Necessary to protect your vital interests | Necessary to comply with our legitimate interests or those of a third party | |
| Providing Services to you | ✔
(where your consent is required) |
✔ | ✔ | ||
| To share your personal data with third parties where the sharing is required in order to provide the Services to you | ✔
(where your consent is required) |
✔ | |||
| Conducting checks to identify you and verify your identity
Other activities necessary to comply with professional, legal and regulatory obligations that apply to our business |
✔ | ✔ | |||
| To enforce legal rights or defend or partake in legal proceedings, including to respond to a request from any government body or regulator | ✔ | ✔ | |||
| Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies and our professional advisers | ✔ | ||||
| Ensuring business policies are adhered to, e.g., policies covering security and internet use | ✔ | ||||
| Operational reasons, such as maintaining records, improving efficiency, training, quality control and managing our staff | ✔ | ||||
| Ensuring the confidentiality of sensitive information | ✔ | ✔ | ✔ | ||
| Marketing our Services to existing and former customers | ✔ | ||||
| Statistical analysis to help us manage our business, e.g., in relation to the provision of mediation Services to our clients | ✔ | ✔ | |||
| Preventing unauthorised access and modifications to systems | ✔ | ✔ | |||
| Protecting the security of systems and data used to provide the Services | ✔ | ✔ | |||
| Updating and enhancing our records | ✔ | ✔ | |||
| Statutory returns | ✔ | ||||
| Ensuring safe working practices, staff administration and assessments | ✔ | ||||
| Preventing and detecting fraud against you or us | ✔ | ✔ | |||
SCHEDULE 3
California Consumer Privacy Act of 2018 (‘CCPA’) Privacy Notice
The CCPA defines a “resident” as:
- every individual who is in the State of California for other than a temporary or transitory purpose, and
- every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.
All other individuals are defined as “non-residents.”
If this definition of “resident” applies to you, we will adhere to the rights and obligations that you are provided under the CCPA regarding your personal data.
Verification Process for Individual Rights Requests
We have reasonable methods in place for verifying rights requests for individuals who choose to exercise these rights, such as a request to know or delete their personal data.
The process described here applies to our role as a business, not as a service provider to our customers. We are unable to respond to requests in our role as a service provider to our customers. We encourage you to submit any such requests directly to the business with whom you interact or have a direct relationship with to use our Services.
For requests we receive as a business, we will match the identifying information provided by you to the personal information we already maintain to verify your identity. At minimum, we will ask for your name, email address, country, and state or province.
When verifying requests, our verification standards vary depending on the sensitivity of the request. If we cannot verify your identity, we may deny your request. In some cases, we may require additional information, in which case we will contact you.
If you are an authorized agent making a request to know or delete, we also require you to email [email protected] to:
- provide us with a copy of your written authorization to confirm your right to make the request and direct the requesting individual to verify their identity directly with us or, if applicable
- provide a copy of your power of attorney to exercise these rights on behalf of another.
SCHEDULE 4
We deploy the following cookies on our website:
- __cfruid
- __zlcid
- __zlcstore
- CONSENT
- CookieConsent
- PHPSESSID
- test_cookie
- ZD-suid
- __zlcstore
- ZD-store
- _ga
- _ga_#
- td
- ZD-buid
- __zlcmid
- _fbp
- _gcl_au
- LAST_RESULT_ENTRY_KEY
- LogsDatabaseV2:V#||LogsRequestsStore
- nextId
- remote_sid
- requests
- ServiceWorkerLogsDatabase#SWHealthLog
- TESTCOOKIESENABLED
- VISITOR_INFO1_LIVE
- YSC
- yt.innertube::nextId
- YtIdbMeta#databases
- yt-remote-cast-available
- yt-remote-cast-installed
- yt-remote-connected-devices
- yt-remote-device-id
- yt-remote-fast-check-period
- yt-remote-session-namezte#