Privacy Notice

COOK Privacy Notice

COOK is committed to protecting your privacy. In order to provide our services to the customer and to provide a more personalised shopping experience, we need to collect certain information from you. This Privacy Notice explains when and why we collect personal information about you as well as the types of personal data we may collect when you interact with us in-store, online or over the phone. It also explains how we’ll look after your data and keep it safe. There's a lot to digest but we want you to be fully informed about your rights, and how COOK uses your data.

We hope what's below covers everything, but if you have any questions at all, do please drop us a line at It’s likely that we’ll need to update this Privacy Notice every now and again to make sure it's accurate. We’ll let you know of any major changes, but the most up-to-date version will always be here for you to check.


COOK is used throughout this document to refer to all businesses trading under the 'COOK' brand. COOK Trading Ltd is the parent company. A number of separate companies trade under the 'COOK' brand under a franchise agreement. For simplicity throughout this notice, ‘we’ and ‘us’ means COOK and its franchisees. When you are using the COOK website or shopping in COOK shops, COOK Trading Ltd is the data controller.

Contents of Privacy Notice:

1. Explaining the legal bases we rely on

2. How we collect your personal data

3. The type of personal data we collect

4. How and why we use your personal data

5. Protection of your personal data

6. Length of time we keep your personal data

7. Who we need to share your personal data with and why

8. Where your personal data may be processed

9. Your rights over your personal data

10. Contacting the Regulator

12. Questions?

1. Explaining the legal bases we rely on

The GDPR law on data protection sets out a number of different reasons a company may collect and process your personal data, including:


In specific situations, we can collect and process your data with your consent - e.g. when you apply for a job with COOK. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service and have given details on this below.

Contractual obligations

In some instances, we need your personal data to comply with our contractual obligations. For example, when we are processing your job application.

Legal compliance

We may be legally bound to collect and process your data. For example, if someone is involved in any criminal activity or fraud affecting COOK, we need to pass details to law enforcement.

Legitimate interest

We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your search history to offer more personalised job opportunities.

2. How we collect your personal data

There are a number of ways in which we may collect information about you:

When you visit our website, create an account with us and use your account to apply for a job.

When you search for vacancies.

When you have given a third party permission to share information they hold about you with us, such us a referring jobsite.

3. The type of personal data we collect

The personal data we may collect includes your name, address, email address, telephone number, notes from conversations we have with you, your IP address, which websites you came from when visiting ours, which of our web pages you visit, any search terms you entered on our website, information gathered by cookies in your web browser, any comments or product reviews, any information that you may have told us that suggests your preferences (e.g. you may have told us that you are looking for an office role) and your social media username if you communicate with us. As some COOK shops and offices have CCTV installed, your image may be captured if you are invited to interview. Please note that when you set up an account with us, your password to log in is encrypted.

4. How and why we use your personal data

When you engage with us, we want to give you the best possible experience. By collecting data about you, it allows us to offer a tailored service.

We use your data to process your job application. The data privacy law allows this as part of our contractual obligations and legitimate business interest in understanding our candidates and providing the highest levels of service. We will hold your data in our systems for as long as is necessary for each relevant activity or as long as is set out in any contract we have with you.

If you ever wish to change how we use your data, you can do so. Please refer to the 'Your rights over your personal data' section that is below.

If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.

Here are some ways that we'll use your personal data and why:

To process any applications for jobs you make on our website. If we don't collect your personal data we won't be able to process your application. e.g. your details are reviewed and may be passed to a hiring manager in order to short list for the recruitment process.

Our recruitment team need to be able to reach you throughout the process to progress your application. We will keep a record of your information including notes on how we communicated with you and what was discussed. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with remarkable candidate experience

We keep your personal data to maintain, update and safeguard your account and to protect our business and your account from fraud or other illegal activities. We'll also monitor your browsing activity in order to identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.

For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent log-ins from unexpected locations.

With your consent, we will use your personal data, preferences and details of your transactions to keep you informed about relevant vacancies by email. As ever, you can always opt out of hearing from us through these channels at any time.

To comply with our legal obligations, we will send you communications required by law or which are legally necessary e.g. significant updates to this Privacy Notice. These messages are to inform you about changes to the service we provide you and will not include any promotional content and so do not require prior consent when sent by email or phone.

5. Protection of your personal data

The security of your personal data is very important to us and we take a lot of care to handle and store it as best we can and in line with new legislation as we know it is important to you as well as us.

Here are some ways we secure your data:

We use encrypted https links between our web server and your browser which means that all data passed between you and us cannot be intercepted.

All personal data is stored and encrypted in Microsoft's Data Centres in the United Kingdom.

We monitor and check our data security systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

6. Length of time we keep your personal data

We only keep your data for as long as is necessary for the purpose it was collected. After that period, your data is deleted or anonymised and for example aggregated with other data to be used for business planning and analysis.

For instance, if you have applied for a role with us we will keep your data for the time it takes us to process the application up to 6 months. After which it is anonymised.

7. Who we need to share your personal data with and why

At times we need to share your personal data with hiring managers . We only provide what they need and they cannot use your data for anything other than the purposes that they have your data for.

Web and Customer Analytics - for monitoring the volume, details and actions of visitors to our website, emails and social media interactions where opted in

Cloud Hosting Providers - we use cloud-based systems to host our website, customer and order database

Website monitoring company for improving our customer experience

Please note that from time to time, we need to change the specific company we use to provide a particular service. We will commit to you that if we add a new type of third party we will let you know, but if a specific supplier of a list service changes (e.g. the courier company) then we will update this list of suppliers but we will not inform you of that change where it is a like-for-like service.

Sharing your data with third parties for their own purposes:

We will never sell or trade your contact details with any third parties. There are some instances where we may have to share your information based on our legal obligations, for instance:

• Fraudulent activity in our shops or online systems

• If the police/government ask us to disclose information we may be required to share your personal data with them, however we would assess this sort of request very carefully

• For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies

For further information please email

8. Where your personal data may be processed

Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as Australia or the USA.

Protecting your data outside the EEA

The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA.

We will only send data to third-party data processors outside of the EEA or who also use sub-processors outside of the EEA if there is sufficient contractual provisions and protective measures in place. (Note: this replaces the previous statement about being compliant with the EU-US Privacy Shield specification until such time that a replacement international agreement is in place).

Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

9. Your rights over your personal data

You have a choice as to whether or not you receive vacancy information from us and you can withdraw your consent from specific communication channels at any time.

 How can you stop the use of your personal data for direct marketing?

There are several ways you can stop direct marketing communications from us:

    • Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails

    • If you have an account, log in into your account on our website at, visit the ‘My Account’ area and change your preferences

    • Contact our Customer Care team at

Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated. We estimate no longer than 2 weeks for email and 8 weeks for postal communications.

 Requesting access and making changes to your personal data

You also have the right to access and rectify mistakes in the data we hold about you at any time.

These requests will be handled on a case by case basis and we estimate will be processed in no longer than 1 month depending on our legitimate business interests, legal and contractual obligations. If we refuse your request we will explain to you the reason for our refusal.

You can also make any changes to your personal information by updating your online account at, or by contacting our Customer Care team on

In order to keep your information confidential, we will ask you to verify your identity before proceeding with any requests. If there is a third party acting on your behalf, we will check that they have your permission to act.

Legitimate Business Interests

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

10. Contacting the Regulator

If you are at all unhappy about the handling of your data, you can send a complaint to the Information Commissioner’s Office by calling 0303 123 1113 or go online to

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

11. Questions?

We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.

If you have any questions that haven’t been covered, email us at, or write to us at Care Team, The COOK Kitchen, Eurolink Way, Sittingbourne, Kent ME10 3HH.