PRIVACY

Privacy Policy

Effective as of July 1, 2023

Our commitment to transparency applies not only to the food we source, but also to the data we collect about you, how it is used and with whom it is shared. This Privacy Policy describes how Grocery Delivery E-Services USA, Inc. d/b/a HelloFresh (“HelloFresh”, “we”, “us” or “our”, or “company”) collect, use and share your personal information in connection with your use of our websites (collectively, the “Site”), mobile applications (collectively, the “App”), and social media pages that link to this Privacy Policy (together with the “Site” and “App”, the “Service”); and in the context of certain offline activities described in this notice.

This Privacy Policy and notice covers engagements and interactions with both customers and prospective customers, including for example, visits to our website, interactions with our advertisements, engagements with our social media, participation in consumer research, and promotions.

California Notice at Collection/State Law Privacy Rights: See the State law privacy rights section below for important information about your rights under the California Consumer Privacy Act of 2018, as amended ("CCPA"), and other applicable U.S. state privacy laws.

You can download a printable copy of this Privacy Policy here.

Table of Contents

  • Personal information we collect
  • How we use your personal information
  • How we share your personal information
  • Your choices
  • Other sites and services
  • Security practices
  • International data transfers
  • Children
  • Changes to this Privacy Policy
  • How to contact us
  • State law privacy rights

Information you provide to us.

Personal information you may provide to us through the Service or otherwise includes:

  • Contact data, such as your first and last name, email address, and mailing and billing addresses, postal code, and phone number.
  • Profile data, such as your username and password that you set to establish an online account with us, and other information you include in your account profile.
  • Communications data that we exchange when you communicate with us, such as chat transcripts when you request support, contact us with questions or feedback or complete our surveys.
  • Content data, such comments, text, images, audio, video or other content you post to or provide through the Service.
  • Payment and transactional data, such as the information needed to complete your orders on or through the Service (including name, credit card information, billing and shipping information), information about your payment transactions, and your order history.
  • Marketing data, such as your preferences for receiving communications about our products, activities, events, and publications; details about how you engage with our communications; and information you provide when you participate in an event, contest or promotion.
  • Other data that we may collect which is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Other sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

  • Data providers, such as information services and data licensors.
  • Public sources, such as public social media platforms.
  • Business partners, such as joint marketing partners and event co-sponsors.
  • Third-party services, such as social media services, that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

Automatic collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your activity over time on the Sites and other online services, including:

  • Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, the website you visited before browsing to our website, and general location information such as city, state or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
  • Precise geolocation data, such as when you authorize our mobile application to access your location.
  • Communication interaction data, such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.
  • Security data, such security camera footage recorded at our offices or facilities.

Cookies and similar technologies. Some of our automatic data collection on the Site is facilitated by:

  • Cookies, which are small text files that websites store a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of tracking user activity and patterns, helping you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place, and “third party” cookies that our third-party business partners and service providers place
  • Local storage technologies, like HTML5, which that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
  • Software development kits, or SDKs, which are used to incorporate third party computer code into our App that allows the third party service providers or advertising partners to collect data directly from it for a variety of purposes, including to provide us with analytics regarding the use of the App, to integrate with social media, add features or functionality to our app, or to facilitate online advertising.

Information about others. You may share personal information about others with us, such as when you send them a gift through the Service or refer friends or other contacts to us. When you share the personal information of others with us, you are responsible for ensuring you have their permission to do so.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery. We may use your personal information to:

  • provide, operate and improve the Service and our business;
  • facilitate your authentication to the Service by logging into a third party platform, such as Facebook or Google;
  • establish and maintain your user profile on the Service;
  • enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
  • facilitate your invitations to friends who you refer to the Service;
  • facilitate social features of the Service, such as by identifying and suggesting connections with other users of the Service and providing chat or messaging functionality;
  • communicate with you about the Service, including by sending you announcements, updates, security alerts, and support and administrative messages;
  • understand your needs and interests, and personalize your experience with the Service and our communications;
  • provide support and maintenance for the Service; and
  • respond to your requests, questions and feedback

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business and to develop new products and services. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or otherwise anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Marketing and advertising. We, our service providers, and our third party advertising partners may collect and use your personal information for marketing and advertising purposes:

  • Direct marketing. We may send you HelloFresh-related or other direct marketing communications as permitted by law, including text messages that you may opt to receive from us that may include information about promotional offers and more. These messages may use information automatically collected based on your actions while on our Site or App and may prompt messaging such as cart reminders. If you opt to have SMS notifications sent to your mobile phone, we receive and store the information you provide, including your telephone number or when you read a text message. You may opt-out of our marketing communications as described in the Opt-out of marketing section below. For more information about text messages, see our Terms and Conditions.
  • Interest-based advertising. We may contract with third-party advertising companies and social media companies to display ads on our Service and other sites. These companies may use cookies and similar technologies to try to tailor the ads you see online to your interests based on your activity over time across our Service and other sites, or your interaction with our emails. These ads are known as “interest-based advertisements.” You can learn more about your choices for limiting interest-based advertising, in the Advertising choices section below.

Events, promotions and contests. We may use your personal information to:

  • administer promotions and contests
  • communicate with you about promotions and contests in which you participate
  • contact or market to you after collecting your personal information at an event

Compliance and protection. We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations, or requests from government authorities.
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • enforce the terms and conditions that govern the Services; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

For other purposes. We may also use your personal information for other purposes described in this Privacy Policy or at the time we collect the information.

Cookies and similar technologies. In addition to the other uses included in this section, we may use the Cookies and similar technologies described above for the following purposes:

  • Technical operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
  • Functionality. To enhance the performance and functionality of our services.
  • Advertising. To help our third-party advertising partners collect information about how you use the Service and other online services over time, which they use to show you ads on other online services they believe will interest you and measure how the ads perform.
  • Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.

With your consent In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

Service improvement and analytics We may use your personal information to analyze your usage of the Service, improve the Service, improve the rest of our business, help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and to develop new products and services.

Retention We generally retain personal information to fulfill the purposes for which we collected it. The criteria we use to determine the retention period are whether those purposes are fulfilled and whether we need to retain it for purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in applicable notices, or at the time of collection:

Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers. Unrelated companies and individuals that provide services on our behalf or help us operate the Service or our business (such as customer support, hosting, payment processing, analytics, email delivery, marketing, and database management services). These third parties may use your personal information only as authorized under our contracts with them.

Partners. Third party partners who offer products and services that may be of interest to you. We may sometimes share your personal information with partners or enable partners to collect information directly via our Service, including when you have indicated your interest in certain products or services.

Advertising partners. Third party advertising companies that collect information about your activity on the Site and other online services to help us advertise our and other services, and/or use hashed customer lists that we share with them to deliver ads on their platforms to our customers and similar users (“Custom Audience Campaigns”).

Third party platforms. Social media platforms or other third party platforms that you connect to the Service and where you authorize us to share your information with them (such as when you use options to access the Service by logging into the third party platform).

Other users. Other users of the Service or the public when you choose to make your profile or other personal information available to them through the Service, such as when you provide comments, reviews, survey responses, or other content. We do not control how other users or third parties use any personal information that you make available to such users or the public. Please be aware that any information you post publicly can be cached, copied, screen captured or stored elsewhere by others (e.g., search engines) before you have a chance to edit or remove it.

Professional advisors. Professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, when we believe in good faith it is necessary or appropriate for the compliance and operations purposes described above

Business transferees. Relevant participants in business transactions (or potential transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, HelloFresh or our affiliates (including, in connection with a bankruptcy or similar proceedings).

For other purposes. We may also share your personal information for other purposes described in this Privacy Policy or with your consent.

Your Choices

In this section, we describe the rights and choices available to all users. Users who are located in California or Virginia can find information about their additional rights below.

Access or update your information. Updating Account Information. You may update or edit your account information by accessing your account page at www.hellofresh.com, accessing the account settings on your app, emailing privacy@hellofresh.com, or calling toll free 1-844-242-2169. You may also deactivate your account pursuant to the Terms and Conditions. We may retain relevant information related to your account when permitted by law or for legitimate business purposes.

Opt-out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at privacy@hellofresh.com. You may opt out of receiving text messages at any time by texting “STOP” to our text messages. You may continue to receive service-related and other non-marketing emails.

Disclosure of your information for third party marketing. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by sending us an email stating your request to privacy@hellofresh.com or calling toll free 1-844-242-2169.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.

Advertising choices. You may opt-out of receiving targeted online advertising on websites through members of the Network Advertising Initiative at http://www.networkadvertising.org/choices or the Digital Advertising Alliance at http://www.aboutads.info/choices. You may opt out of receiving targeted advertising in mobile apps through participating members of the Digital Advertising Alliance in the AppChoices mobile app, available at https://www.youradchoices.com/appchoices. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms linked above. In addition, your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for targeted online advertising purposes. If you choose to opt out of targeted online advertisements, you will still see advertisements online but they may be less relevant to you. Not all companies participate in these opt-out programs, so even after opting out through them, you may still receive some cookies and interest-based from other companies.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Choosing not to share your personal information. If you do not provide information that we need to provide the Service, we may not be able to provide you with the Service or certain features. We will tell you what information you must provide to receive the Service when we request it.

Third party platforms. If you choose to connect to the Service through your social media account or another third party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third party platform, that choice will not apply to information that we have already received from that third party.

Delete your content or close your account. You can choose to delete certain content through your account. If you wish to request to close your account, please contact us.

Other sites and services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or other online services that are not associated with us. We do not control websites, mobile applications, or other online services operated by third parties, and we are not responsible for their actions. Other websites and online services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications, and online services you use.

Security practices

We employ a number of technical, organizational, and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International data transfers

We are headquartered in the United States and may use service providers in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Children

Our sites and online services are not intended for use by children under 16 years of age. If we learn that we have collected personal information from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to this Privacy Policy

We may modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the effective date of this Privacy Policy and posting the modified Privacy Policy on the Service. We may also provide notification of changes via email or through the Service or in another manner that we believe is reasonably likely to reach you.

Any modifications to this Privacy Policy will be effective when posted (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

How to contact us

  • Email: privacy@hellofresh.com, or
  • Mail: 28 Liberty Street, Floor 10, New York, NY 10005, or
  • Phone: 1-844-242-2169

State Law Privacy Rights

Except as otherwise provided, this section applies to residents of California, Virginia, and other states to the extent they have privacy laws applicable to use that grant their residents the rights described below.

For purposes of this section, Personal Information has the meaning given to “personal data”, “personal information” or similar terms under the applicable privacy laws of the state in which you reside. Please note that not all rights listed below may be afforded to all users and that if you are not a resident of the relevant states, you may not be able to exercise these rights. In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it.

In some cases, we may provide a different privacy notice to certain categories of residents of these states, such as job applicants, in which case that notice will apply with respect to the activities it describes instead of this section.

Your privacy rights. You may have some or all of the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

  • Right to information/know. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
  • The categories of Personal Information that we have collected.
  • The categories of sources from which we collected Personal Information.
  • The business or commercial purpose for collecting and/or selling Personal Information.
  • The categories of third parties with whom we share Personal Information.
  • Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient.
  • Whether we have sold your Personal Information, and if so, the categories of Personal Information sold to each category of third- party recipient.

  • Access You can request a copy of the Personal Information that we have collected about you during the past 12 months.

  • Correction You can ask us to correct inaccurate Personal Information that we have collected about you.

  • Deletion You can ask us to delete the Personal Information that we have collected from you.

  • Opt-out:

  • Opt-out of the “sharing” of Personal Information (i.e., tracking for targeted advertising purposes). You can opt-out of certain tracking activities for targeted advertising (also known as interest-based advertising) purposes.
  • Opt-out of profiling. If we process your Personal Information for profiling purposes as defined by applicable privacy laws, you can opt-out processing.
  • Opt-out of the “sale” of Personal Information. You may ask us not to “sell” Personal Information we have collected about you to third parties now or in the future. The right to opt-out of “sales” is separate from opting-out of our direct communications with you for marketing purposes.
  • Opt-in If we know that you are 13-15 years of age, we will ask for your affirmative authorization to “sell” your Personal Information or “share” your Personal Information for targeted advertising purposes before we do so.
  • Sensitive Personal Information You have the right to limit the certain uses or disclosures of Sensitive Personal Information; however, we do not use or disclose Sensitive Personal Information for purposes that California residents have a right to limit under the CCPA.
  • Nondiscrimination You are entitled to exercise the rights described above free from discrimination in the form of refusal to provide the Services or legally prohibited changes to the price or quality of the Services.

How to exercise your rights You may exercise your privacy rights described above as follows:

  • Right to information, access and deletion. You can request to exercise your information, access and deletion rights by:
  • clicking here and submitting a request form
  • calling us toll free at 1-844-242-2169
  • emailing privacy@hellofresh.com

We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

If you are a resident of Virginia, you can ask to appeal any denial of your request in the same manner through which you may submit a request.

  • Right to opt-out of the “sale” or “sharing” of your Personal Information. While we do not sell Personal Information for money, like many companies, we use services that help deliver interest-based ads to you. Our use of some of these services may be classified under California law as a “sale” or “share” of your Personal Information to the companies that provide the services because they collect information from our users (e.g., device data and online activity data) to help them serve ads more likely to interest you. You can request to opt-out of this “sale” of your personal information here: Do Not Sell My Personal Information. Your request to opt-out will apply only to the browser and the device from which you submit the request. You can also broadcast the Global Privacy Control (GPC) to opt-out for each participating browser system that you use. Learn more at the Global Privacy Control website. We do not have actual knowledge that we have sold or shared the personal information of California residents who are under 16 years of age.

Verification of identity; Authorized Agents

We reserve the right to confirm your California residency to process your requests and will need to confirm your identity to process your requests to exercise your information, access or deletion rights. As a part of this process, government identification may be required.

Consistent with applicable law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

Retention

We will retain each category of Personal Information collected for as long as reasonably necessary to maintain the Service, to meet legal and accounting obligations, and for the other purposes described in this Privacy Policy, or as otherwise required or permitted by law, unless specifically authorized to be retained longer. We may anonymize and/or aggregate Personal Information and store it in order to analyze aggregate metrics and trends. For more information about our retention policy, including how we determine the appropriate retention period for Personal Information, please see the Retention section earlier in the Privacy Policy.

Deidentification

We do not attempt to re-identify de-identified information derived from Personal Information, except for the purpose of testing whether our deidentification processes comply with applicable law.

Personal information that we collect, use and disclose

The chart below summarizes the Personal Information we collect by reference to the categories of “personal information” specified in the CCPA (Cal. Civ. Code § 1798.140) and describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. The terms in the chart refers to the categories of information, statutory categories, and third parties described above in this Privacy Policy in more detail. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below. The categories of sources from which the personal information is or was collected and the business or commercial purposes for collecting such information are as described in the “Personal information we collect” and “How we use your personal information” sections above.

Additional information for Nevada residents Nevada residents have the right to opt-out of the sale of certain personal information for monetary consideration. While we do not currently engage in such sales, if you are a Nevada resident and would like to make a request to opt-out of any potential future sales, please email privacy@hellofresh.com.