Noory Privacy Statement
This privacy statement was last updated on
1 May, 2023
This privacy statement explains how we collect, use and store personal data that you provide to us. "Personal Data" is defined in Data Protection Regulation 2016/679 ("General Data Protection Regulation" or "GDPR") as data concerning an identified or identifiable natural person. An identifiable person is someone who can be identified, directly or indirectly, by reference to an identifier such as a name, position data or specific health data. This statement also provides information about our security procedures, your privacy rights (including how to access your personal data) and what protection the law provides you. This statement shall be updated from time to time. We will let you know if this is the case and mention the changes applied. We also recommend that you read and understand any other notice you receive from us when we collect or process your data. We must rely on the accuracy of the personal data we collect about you so that we can comply with the conditions set out in this privacy statement. We therefore kindly ask you to inform us of changes in your personal data during our contractual relationship.
Who are we?
What data do we collect about you?
For what purposes will your personal data be used and on what basis?
Your legal rights
Your legal rights – additional information
Data retention & security
Third parties receiving personal data
1. Who are we?
'We' are Verdi Food B.V., active under our trade name 'Verdify'. We are located at Villafloraweg 1, 5928SZ, Venlo, the Netherlands and we are registered in the trade register under number 70122296. Our websites are https://www.verdify.co.uk; https://www.mynoory.com and https://www.swapmeals.com
Verdify wants to offer customers meal inspiration that is tailored to the personal health status or health goals. For this, we offer a service that compiles personalized meal recipes according to your nutritional needs based on your Noory profile. To provide this service, we collect and use your personal data that you provide during your visit to our website(s) or mobile App.
Your privacy rights, as set out in this privacy statement, apply to all personal data we collect, based on your expressed consent or because this is necessary for the performance of the contract we have concluded with you. We may collect your personal data if you communicate with Verdify, for example if you use Verdify's services and if you contact customer support. We have appointed a Data Protection Officer (DPO) who is responsible for monitoring questions related to this privacy statement and your privacy rights. For questions about this privacy statement and your privacy rights, please contact our DPO using the contact details below. We stress that the DPO has a duty of confidentiality with regard to questions and/or issues that you submit to the DPO. Contact details DPO: email@example.com
2. What data do we collect about you?
We collect your personal data and in particular the following:
Identity data: we collect your name.
Account details: we collect your email address and password.
Technical data: through cookies or similar techniques, we collect your IP address, cookie ID, web browser, time zone and location, the web pages you have visited on our website and the promotions you have viewed or clicked through, the operating system and platform and other technology on the equipment.
Health data: we collect your diet data and other health data. If you create a nutrition profile, we will collect information about your dietary preferences and dietary restrictions, ingredients you wish to avoid, food allergies, diets, your preferences regarding recipes and dietary advice for the family ("dietary data"). In addition, we collect the following information about you in the context of your health or condition: birth date, gender, body dimensions (height, weight, and BMI), activity level and, if applicable, a possible pregnancy and whether you are lactating ('other health data').
Data for product availability: we collect information about your country of residence.
3. For what purposes will your personal data be used and on what basis?
We process your identity and account data to implement a contract with you (Article 6(1)(b) GDPR). We process your other personal data as indicated above for the following purposes, provided that you have given your consent (Article 6(1)(a) GDPR):
Creating and offering a personalized, online nutrition profile for the presentation of a selection of recipes based on your nutritional profile;
Showing ingredients available in the supermarket in your area and with which Verdify cooperates;
Sending messages for marketing purposes of Verdify, including Verdify newsletters;
Contact with us for non-marketing purposes, such as regarding questions or issues related to our service.
We only process your health data on the basis of your explicit consent so that we can offer you appropriate, personalized ingredients and recipes (Article 9(2)(a) GDPR).
4. Your legal rights
Request for access
You can request access to your personal data that we have collected about you. You can receive a copy of the personal data we hold about you and check that we process it lawfully.
Request for rectification
You can request the rectification of the personal data we have collected about you. You may have incomplete or incorrect data we hold about you corrected, although we do need to verify the accuracy of the new data you provide to us.
Request for deletion ("Right to be forgotten")
This right allows you to ask us to delete or erase personal data when processing it is based on your consent and you withdraw this consent, so that there is no longer any other legal basis for processing. You also have the right to ask us to delete or delete your personal data if there is no good reason to process it further and if we have processed your information unlawfully. However, please note that for specific legal reasons, we cannot always comply with your request for removal. If this is the case and applies, you will be informed at the time of your request.
The right to limited processing
You have the right to request limited processing of your personal data if (i) you believe that the personal data you provide are no longer correct and you want to give us a certain period of time to check the inaccuracy of the personal data, or (ii) if processing is unlawful and you request the limited use of personal data instead of deletion of personal data, or (iii) we no longer need the personal data for the purposes of processing but you need this data for the determination, exercise or defence of legal claims. The personal data that need to be processed based on (one of) these conditions will only be processed based on explicit consent given by yourself.
The right to data portability
You have the right to obtain the personal data we have collected about you in a structured, commonly used and machine-readable form. You also have the right to request the transfer of the personal data to a third party.
5. Your rights – additional information
Right to withdraw consent
If the processing of your personal data is based on your prior, explicit consent, you will have the right to withdraw your explicit consent. Withdrawal of your expressed consent will not affect the lawfulness of the processing based on your explicit consent before the withdrawal. Withdrawing consent is as easy as giving consent. If you have indicated that you want to receive our marketing messages, you will, for example, be given an opt-out option. If you no longer wish to give us permission to process certain personal data in your nutrition profile, you can delete it yourself in your nutrition profile.
In principle, this is free of charge
You do not have to pay a fee to access your personal data (or to exercise other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or exaggerated. We may also refuse to comply with your request in this case.
Verification of your identity
We may need to ask you for specific information that will allow us to confirm your identity and ensure your right to access your personal data or exercise your other rights. This is a security measure to ensure that personal data is not disclosed to a person who does not have the right to receive this data. We may also contact you for further information regarding your request to speed up our response.
6. Data retention & security
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected this data, in particular to comply with legal, accounting or reporting requirements. In order to determine the correct retention period for personal data, we take into account the quantity, nature and sensitivity of the personal data, the potential risk of damage due to unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can fulfil those purposes by using means other than the retention of your personal data. Our websites are secure, up-to-date and comply with the latest security guidelines. Your personal data will be stored securely on Servers of Google Cloud Platform (by Google Ireland Limited) based in the European Union. These security measures prevent your personal data from being accidentally lost, used or opened, altered, disclosed or destroyed in an unauthorized manner. We use security procedures and business systems to limit the use of your personal data to the DPO, authorized employees, agents, contractors and other third parties who need to know this information for business reasons. The personal data to which they have access shall be kept to a minimum in relation to the business purpose for which they are intended. These parties are all bound by a duty of confidentiality.
7. Third parties receiving personal data
We share your personal data with third parties with whom we work to provide our products and services – only and to the extent necessary for the proper functioning of Verdify, with regard to the aforementioned purposes. Your personal data will not be shared with third parties for advertising or promotional purposes. In order to comply with our contractual obligations, we work specifically with:
Genzai B.V. for building our website and its functionalities.
Google Ireland Limited for the secure storage of your personal data.
Omnigen B.V. for installing the website and its functionalities on Google Cloud Platform. Omnigen is an official partner of Google and acts as a knowledge and implementation partner.
Auth0 Inc. for access and user management, authentication, and data security with data storage in the EU region.
SendInBlue, France, for sending emails to our users.
Zendesk Inc. for answering questions of users.
Pinterest Europe Limited and Meta Platforms Ireland Limited for tracking and optimising conversions and campaign performance.
We have imposed the same data protection and confidentiality obligations set out in this privacy statement on the third parties we work with. If and when we attract other third parties to provide our services, we will inform you about this, insofar as it concerns the sharing of your personal data. We will only enter into cooperation with a third party if this party can demonstrate that appropriate security measures have been taken and confidentiality can be guaranteed.
As mentioned above, you can contact the DPO for questions about this privacy statement and/or your privacy rights. We also note that if we need to collect personal data about you in the context of a contract we have concluded with you and you do not wish to provide (part of) this personal data, we may not be able to perform the contract we have with you or try to conclude with you. In that case, we may be forced to cancel the parts of the contract that we cannot perform. We will inform you about this if this is the case.