Privacy & Terms
The term 'Groobox Ltd.’ or ‘us’ or ‘we’ refers to the owner of the website whose registered office is Groobarbs Wild Farm, Mag Lane, High Legh, Cheshire WA16 0AA. The term ‘you’ refers to the user or viewer of our website.
- The content of the pages of this website is for your general information and use only. It is subject to change without notice.
- Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timelines, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
- Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements.
- This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
- All trademarks reproduced in this website, which are not the property of, or licensed to the operator, are acknowledged on the website.
- Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence.
- From time to time, this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s).
- Your use of this website and any dispute arising out of such use of the website is subject to the laws of England, Northern Ireland, Scotland and Wales.
Policy key definitions:
- "I", "our", "us", or "we" refer to the business, Groobox Ltd.
- "you", "the user" refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner's Office.
- Cookies mean small files stored on a users computer or device.
Key principles of GDPR:
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
- We are exempt from registration in the ICO Data Protection Register because we are only processing personal data for the core business purposes.
- Lawful basis: Consent
- Where our purpose for processing is: for payment and delivery of your veg box.
- Which is necessary because we can not deliver or process payments without.
- Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
- Sharing your information: We do share your personal information with third parties and they include: Club Studio Ltd from Altrincham. We allow them access to our websites as they are our website engineers and improve our website from time to time.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in detail here;
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Some cookies are required to enjoy and use the full functionality of this website.
Cookies that we use are;
- Craft Session ID: We use this as this is the company that our website is hosted by. We have copied from their website the information on what this cookie is used for here: When you log into the Control Panel, you will get an authentication cookie used to maintain your authenticated state. The cookie name is prefixed with a long, randomly generated string, followed by
_identity. The cookie only stores information necessary to maintain a secure, authenticated session and will only exist for as long as the user is authenticated in Craft.
- Craft CSR Token: Again we use this company to host our website. We have copied from their website the information on what this cookie is used for here: For GDPR purposes, please note that Craft’s default cookies do not collect any personal or sensitive information. Craft's default cookies do not collect IP addresses. The information they store is not sent to Pixel & Tonic or any 3rd parties. Craft’s default cookies are only used to communicate with your Craft installation for the purposes of user authentication, form validation/security, and basic web application operations. If theenableCsrfProtection and enableCsrfCookie config settings are enabled, then a cookie named
CRAFT_CSRF_TOKENwill be created to facilitate CSRF protection. It can be changed via the csrfTokenName config setting and will expire as soon as the PHP session expires. For GDPR purposes, please note that Craft’s default cookies do not collect any personal or sensitive information. Craft's default cookies do not collect IP addresses. The information they store is not sent to Pixel & Tonic or any 3rd parties. Craft’s default cookies are only used to communicate with your Craft installation for the purposes of user authentication, form validation/security, and basic web application operations.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Our current storage of our customer relationship manager data is with Linode. You can link to their information here: https://www.linode.com/docs/?g... backups of data storage is on Amazon Web Services.
Fair & Transparent Privacy Explained
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
Sponsored links, affiliate tracking & commissions
If you have any concerns about this we suggest you do not click on any adverts, sponsored or affiliate links found throughout the website.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the "Processing of your personal data" above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all MailChimp lists, by following this link.
Our EMS provider is MailChimp. We hold the following information about you within our EMS system;
- Email address
- I.P address
- Subscription time & date