Last updated: December 16, 2020
We know that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly. This privacy notice describes how we collect and process your personal information through www.wholefoodsmarket.co.uk and other Whole Foods websites and services that reference this Privacy Notice (together "Whole Foods Services").
Controller of Personal Information
Fresh & Wild Limited, The Barkers Building, 63-97 Kensington High Street, London W8 5SE, United Kingdom ("Fresh & Wild," "Whole Foods", "we", or "us") is data controller of personal information collected and processed through the Whole Foods Services. Further details (including our contact details) can be found here.
EU-US Privacy Shield
Whole Foods Market Services, Inc. and certain of its subsidiaries and affiliated companies in the United States participate in the EU-US Privacy Shield framework. Click here to learn more.
What Personal Information About Customers Does Whole Foods Collect?
We collect your personal information in order to provide and continually improve our products and services.
Here are the types of information we gather:
Information You Give Us: we receive and store any information you provide in relation to Whole Foods Services. Click here to see examples of what we collect. You can choose not to provide certain information but then you might not be able to take advantage of many of our Whole Foods Services.
For What Purposes does Whole Foods Process Your Personal Information?
We process your personal information to operate, provide, and improve the Whole Foods Services that we offer to our customers. These purposes include:
Provide, troubleshoot, and improve Whole Foods Services. We use your personal information to provide functionality, analyse performance, fix errors, and improve usability and effectiveness of the Whole Foods Services.
Comply with legal obligations. In certain cases, we have a legal obligation to collect and process your personal information. For instance, we collect from suppliers information regarding place of establishment and bank account information for identity verification and other purposes.
Communicate with you. We use your personal information to communicate with you in relation to Whole Foods Services via different channels (e.g., by phone, email).
Fraud Prevention. We process personal information to prevent and detect fraud and abuse in order to protect the security of our customers, Whole Foods, and others.
Purposes for which we seek your consent. We may also ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose.
What About Cookies?
Does Whole Foods Share Your Personal Information?
Information about our customers is an important part of our business and we are not in the business of selling our customers' personal information to others. Whole Foods shares customers' personal information only as described below and with Amazon.com, Inc. and the subsidiaries that Amazon.com, Inc. controls, that are either subject to this Privacy Notice or follow practices at least as protective as those described in this Privacy Notice. Additional categories of recipients include:
Third Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include applying for a job via Workday or applying to become a UK supplier. These third-party service providers have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information in accordance with this Privacy Notice and as permitted by applicable data protection laws.
Business Transfers: As we continue to develop our business, we might sell or buy other businesses or services. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the customer consents otherwise). Also, in the unlikely event that Whole Foods or substantially all of its assets are sold, customer information will of course be one of the transferred assets.
Protection of Whole Foods and Others: We release personal information when we believe release is appropriate to comply with the law; enforce or apply our Service Terms and other agreements; or protect the rights, property, or safety of Whole Foods, our users, or others. This includes exchanging information with other companies and organisations for fraud protection.
Other than as set out above, you will receive notice when personal information about you might be shared with third parties and you will have an opportunity to choose not to share the information.
Transfers out of the United Kingdom. Whenever we transfer personal information to countries outside of the United Kingdom (UK), we will ensure that the information is transferred in accordance with this Privacy Notice and as permitted by the applicable laws on data protection.
How Secure is Information About Me?
We design our systems with your security and privacy in mind.
We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
It is important for you to protect against unauthorised access to your password and to your computers, devices, and applications. Be sure to sign off when you finish using a shared computer.
What Choices Do I Have?
If you have any question or objection as to how we collect and process your personal information, please contact our Customer Service.
If you don't want to receive e-mail marketing communications from us, you may use the unsubscribe mechanism in the e-mail marketing communication or adjust your Email Subscription Preferences.
If you want to browse our websites anonymously, you may do so by disabling Cookies on your browser.
When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop any further processing of your data for that purpose.
In addition, subject to applicable law, you have the right to request access to, correct, and delete your personal information, and to ask for data portability. You may also object to our processing of your personal information or ask that we restrict the processing of your personal information in certain instances.
If you wish to do any of these things, please contact us using the details available here or contact Whole Foods Customer Service.
Are Children Allowed to Use Whole Foods Services?
Whole Foods doesn't sell products for purchase by children. We sell children's products for purchase by adults. If you're under 18, you may use Whole Foods Services only with the involvement of a parent or guardian.
How Long Do We Keep Your Personal Information?
We keep your personal information to enable your continued use of Whole Foods Services, for as long as it is required in order to fulfil the relevant purposes described in this Privacy Notice, as may be required by law such as for tax and accounting purposes, or as otherwise communicated to you.
Contacts, Notices & Revisions
If you have any concern about privacy at Whole Foods or want to contact our data controller, please contact us with a thorough description and we will try to resolve the issue for you. The data protection officer for Fresh & Wild Limited can be contacted at GDPR@wholefoods.com. You can file a complaint with our supervisory authority, the United Kingdom Information Commissioner's Office, or with a local authority.
Our business changes constantly and our Privacy Notice will change also. You should check our website frequently to see recent changes. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of customer information collected in the past without the consent of affected customers.
Related Practices & Information
Examples of Information Collected
Information You Give Us When You Use Whole Foods Services
You provide information to us when you:
search for products or services;
configure your settings on, provide data access permissions for, or interact with your device with the Whole Foods Service;
communicate with us by phone, e-mail, or otherwise;
apply for a job with us.
As a result of those actions, you might supply us with such information as: your name; address and phone number; payment information; your location information; content of e-mails to us; and device log files and configurations, including Wi-Fi credentials, if you choose to automatically synchronise them with our Whole Foods Services.
Examples of the information we collect and analyse include:
the Internet protocol (IP) address used to connect your computer or other device to the Internet;
computer, device, and connection information such as device application or browser type and version, browser plug-in types and versions, operating system, or time zone setting;
the location of your device or computer, including MAC address, device or session ID and connection type;
Whole Foods Service metrics (e.g., the occurrences of technical errors, your interactions with service features and content, your settings preferences and backup information, location of your device running an application, information about uploaded images and files (e.g., file name, dates, times and location of your images) error related data status, capability, confirmation, functionality, performance data);
content use history, which we sometimes aggregate with similar information from other customers;
the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); cookie number; products and/or content you viewed or searched for, page response times, download errors, page interaction information (such as scrolling, clicks, and mouse-overs);
phone numbers used to call our customer service number.
We may also use device identifiers, Cookies, and other technologies on devices, applications, and our web pages to collect browsing, usage or other technical information for fraud prevention purposes.
EU-US Privacy Shield
Whole Foods Market Services, Inc. and certain of its subsidiaries and affiliated companies in the United States (together, the "Whole Foods US Companies" or, for purposes of this “EU-US Privacy Shield” section, “we” or “our”, see below) participate in the EU-US Privacy Shield Framework regarding the collection, use, and retention of personal information from the UK. We have certified with the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield Principles, see here.
If you have any inquiries or complaints about our handling of your personal information under Privacy Shield, or about our privacy practices generally, please contact us at: GDPR@wholefoods.com We will respond to your inquiry promptly. If we are unable to satisfactorily resolve any complaint relating to the Privacy Shield, or if we fail to acknowledge your complaint in a timely fashion, you can submit your complaint to the panel of European data protection authorities (DPAs), which serve as an independent dispute resolution body to resolve Privacy Shield complaints at no cost to you. We have committed to cooperate and comply with the panel of European DPAs in the resolution of any Privacy Shield complaints. The European DPAs’ contact details can be found here. If neither we nor the European DPAs resolve your complaint, you may pursue binding arbitration through the Privacy Shield Panel. To learn more about the Privacy Shield’s binding arbitration scheme, please see here.
We will only process personal information in ways that are compatible with the purpose we collected it for, or for the purposes you later authorise. Before we use your personal information for a purpose that is materially different than the purpose we collected it for or that you later authorised, we will provide you with the opportunity to opt-out.
We sometimes provide personal information to third parties to perform services on our behalf. If we transfer personal information received under the Privacy Shield to such a third party, the third party's access, use, and disclosure of the personal information must also be in compliance with our Privacy Shield obligations, and we will remain liable under the Privacy Shield for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.
You can review our Privacy Shield registration here. The Whole Foods US Companies are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose personal information that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Whole Foods US Companies
As of December 7, 2018 the following entities are included in Whole Foods Market Services, Inc.'s Privacy Shield Certification:
Whole Foods Market Services, Inc.
Allegro Coffee Company
Clinical Wellness Group of Texas
Mrs. Gooch's Natural Food Markets, Inc., a California corporation
WFM Northern Nevada, Inc.
WFM Private Label, L.P.
WFM Southern Nevada, Inc.
Whole Food Company, Inc.
Whole Foods Market California, Inc., a California corporation
Whole Foods Market Group, Inc., a Delaware corporation
Whole Foods Market Pacific Northwest, Inc., a Delaware corporation
Whole Foods Market Rocky Mountain/Southwest, L.P., a Texas limited partnership